[Sporktacular]

"ensuring that clients will refuse to talk to non-audited systems."

I'm trying to understand if this is really possible. I know they claim so but is there any info on how this would prevent Apple from executing different code to what is presented for audit?

[brookst]

The servers provide a hash of their environment to clients, who can compare it to the published list of audited environments.

So the question is: could the hash be falsified? That’s why they’re publishing the source code to firmware and bootloader, so researchers can audit the secure boot foundations.

I am sure there is some way that a completely malevolent Apple could design a weakness into this system so they could spend a fortune on the trappings while still being able to access user information they could never use without exposing the lie and being crushed under class actions and regulatory assault.

But I reject the idea that that remote possibility means the whole system offers no benefit users should consider in purchasing decisions.

[Sporktacular]

Sure I'm missing something, but isn't that just an untrusted server self-reporting its own hash? Apple publishes the bootloader source and we'd have to assume it's what's actually running and reporting honestly the hash of the OS it's hosting. So we need to go earlier in the chain. In the end, from afar, we don't know if we're communicating with an actual Secure Enclave/SGX whatever or something that just acts like one.

Matt Green's posts about it so am sure it's been thought out - but hard to understand how it doesn't just depend on employees doing the right thing, when if you could, you would need all the rigmarole.

[saagarjha]

You're not missing anything.

[Sporktacular]

* wouldn't need all the...

[p_l]

Unless they pass all keys authorized by the system to third parties that ensure appropriate auditing, none.

And at least after my experiences with T2 chip, I consider Apple devices to be always owned by Apple first...