Did you know that Apple silicon Macs run two
(concurrent) operating systems in order to function, and the second secretive OS is the
primary reason why you can't upgrade an SSD in Apple Silicon Mac? ...and that's not even
the full story [Music] Apple silicon Macs and T2 equipped Intel Macs, iPhones, iPads, and
even the Apple watch use a dedicated hardware component known as the Secure Enclave,
and it's more than just marketing. The Secure Enclave is a separate processor designed
specifically to handle the sensitive operations related to security and privacy on your Mac
or another device. One of the main operations for the Secure Enclave is to generate and store
encryption keys in biometric data like Touch ID, and it needs to protect this from various attacks
like physical tampering and side Channel attacks. In order to do this, it needs its own memory
and storage, and it needs to be isolated from the rest of the system. To do all of that it
needs its own stripped-down operating system known as Secure Enclave OS or Secure Enclave
Processor OS hence sepOS. The Secure Enclave can only be accessed by the rest of the hardware
through a few protected APIs. When a user sets up a password on the Apple silicon Mac,
the password is passed through a one-way hashing algorithm that produces a key that
is used to encrypt the Secure Enclave's key. To break this down, this means that even
if someone has a user's password they cannot access the encryption keys stored
on the Secure Enclave. Without the Secure Enclave's cooperation. This is pretty important.
This means that the encrypted data must pass through the Secure Enclave. The operating
system and the user never get to see this encryption key and can only interact
with the Secure Enclave through APIs. The Secure Enclave also uses a unique identifier,
a root cryptographic key called the secure Enclave ID which is used to identify the device.
This is fused to the Secure Enclave during manufacturing and without Apple's ability to
access it. This ensures that the encryption Keys stored in the secure Enclave can only be
used on the device that they are generated on. Yes, I know this is getting complicated
but say you stole the physical and memory modules out of a MacBook Pro, and you even
had the encryption keys. This theoretical attack wouldn't work because the hardware
encryption key doesn't match the hardware ID. The secure Enclave also helps thwart DMA attacks
where an attacker uses a device with direct memory access, like a thunderbolt device. A
Thunderbolt device uses a PCIe interconnect, and one of the main selling points
of PCIe is direct memory access. macOS encrypts this memory and uses an i/o
processor that manages communication between the main processor and the secure Enclave. The memory
needs to be encrypted and decrypted, and any device trying to attack the memory will just get
encrypted data. Apple refers to this as the memory protection engine. I want to be clear that this
is not unique to macOS, as there are both Windows and Linux analogs. Also, AMD and Intel have
introduced their own Hardware level protections. Handling all of this is sepOS. sepOS is designed
to be resistant to attacks, including physical tampering, and it has been certified under the
common criteria security standard. The OS is based on The L4 micro kernel, which is popular
for secure embedded systems as it has a minimal set of services and uses a highly privileged
mode that is isolated from the user-level code. I know this is starting to get pretty abstract,
but the point is there's a well-defined interface, and the kernel is small and focused
thus, it is easy to analyze and verify by security analysts and has a design that
allows for specialized isolated subsystems. Apple has taken this micro-operating
system and modified it for use in the Secure Enclave. The Secure Enclave also provides
other services like true random number generation, secure neural engine, and AES engine, Secure
Enclave boot ROM a secure Enclave boot Monitor, and so on. If you would like to learn
more about this and the Secure Enclave, I suggest reading the Apple document on
it, as it's what I used to make this video, and of course, it's linked in the description.
Now if you remember back to the beginning of this video, I mentioned that the Secure Enclave
is the reason why you can't upgrade your SSD. SSDs generally consist of a controller NAND
memory module, DRAM cache, found on quality SSDs, and an interface like NVME. Apple's Secure
Enclave is tightly integrated with Apple hardware, and the SSD controller resides within the Apple
silicon chipset. As we previously discussed, the Secure Enclave generates a
hardware encryption key and is used to encrypt the contents of the
NAND memory modules (the storage). The key is stored in the Secure Enclave, and
the keys are derived from a combination of the Secure Enclave ID and the characteristics of
the NAND. Now I have to be clear. The next part is a bit of conjecture on my part because
in the Mac Studio you can swap the NANDs, but only with ones that are exactly the same size. This also requires a DFU restore, so let's get
back to it. If a set of new NAND modules were installed onto an Apple Silicon Mac it would
have to generate a new key. A hypothetical attacker might be able to determine the original
key by comparing the old key and the new key and identifying the differences between the two.
This potentially could reveal characteristics about the original key Apple allowing any NANDs
to be swapped could potentially be used as a way to compromise the system. While Apple uses PCIE
for its interface to its SSD, it does not use the NVMe protocol. Also, the SSD controller has
direct communication with the Secure Enclave. Now here's the kicker I'm absolutely confident
that Apple could arrive at a solution as Apple's secure Enclave has gone through many iterations,
16 in fact, as of recording this video. I am not a system security engineer, but I have
my suspicions Apple could arrive at a solution that allows users to swap SSDs by reducing
the security settings or perhaps an unlock that warns the user about the potential of an
encryption key exposure and there are unified memory systems that use NVMe and even hardware
encryption so this is not insurmountable. I consider myself an informed user, and I'd
gladly accept any risk for removable storage over being locked into zero upgrades
as NAND memory which makes up the SSD, has a finite shelf life as a memory cell . An SSD can only be written and overwritten so
many times before it fails Apple preventing anyone from swapping SSD, means that every
Apple Silicon Mac has a time bomb built into it, and there's nothing end users can do to fix it. Despite the greenwash marketing, Apple has
no qualms about E-Waste. Also to pour salt in the wound Apple shipping bottom-tier Macs
and RAM-starved configurations with laughably small SSDs means that the OS will have no choice
but to use the SSD for memory swap operations. When the ram is completely filled,
and the more frequently it does this, and with fewer bytes to rotate on a small SSD like
a 256 gigabyte will shorten the NAND shelf life. Apple chooses not to tackle this on any
front as it knows they'll generate money no matter how this plays out. A user has to pay
upfront Apple tax on overpriced upgrades and has to deal with planned obsolescence
baked into the hardware and software. Let's not forget Apple will stop supporting
its Macs at some point. Admittedly the security is amazing, but Apple should not be able to
hide behind security as a smoke screen Force anti-consumer Behavior. So when you see right to
repair legislation pop-up please support it. Apple makes wonderful products, but they're marred
by their disdain for the users that buy them. this video was tough to make because
there's not a lot of information about sepOS or the secure Enclave, so if you
have any corrections or better resources, hit me in the comments and check the description
for the sources I use. Thanks for watching
It’s been cool to see this evolve over the past ten years from the early iPhones to Intel and Apple Silicon based Macs.
I bought my first Mac when the M1 came out. Im like the security l, but I also agree they could have had an option to turn it off for upgrade/ repair purposes