Apple's Secret Operating System and why you can't upgrade your SSD

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

It’s been cool to see this evolve over the past ten years from the early iPhones to Intel and Apple Silicon based Macs.

👍︎︎ 1 👤︎︎ u/mosaic_hops 📅︎︎ Apr 28 2023 🗫︎ replies

I bought my first Mac when the M1 came out. Im like the security l, but I also agree they could have had an option to turn it off for upgrade/ repair purposes

👍︎︎ 1 👤︎︎ u/whitephoenix117 📅︎︎ May 01 2023 🗫︎ replies
Captions
Did you know that Apple silicon Macs run two  (concurrent) operating systems in order to   function, and the second secretive OS is the  primary reason why you can't upgrade an SSD   in Apple Silicon Mac? ...and that's not even  the full story [Music] Apple silicon Macs and   T2 equipped Intel Macs, iPhones, iPads, and  even the Apple watch use a dedicated hardware   component known as the Secure Enclave,  and it's more than just marketing. The   Secure Enclave is a separate processor designed  specifically to handle the sensitive operations   related to security and privacy on your Mac  or another device. One of the main operations   for the Secure Enclave is to generate and store  encryption keys in biometric data like Touch ID,   and it needs to protect this from various attacks  like physical tampering and side Channel attacks. In order to do this, it needs its own memory  and storage, and it needs to be isolated from   the rest of the system. To do all of that it  needs its own stripped-down operating system   known as Secure Enclave OS or Secure Enclave  Processor OS hence sepOS. The Secure Enclave   can only be accessed by the rest of the hardware  through a few protected APIs. When a user sets   up a password on the Apple silicon Mac,  the password is passed through a one-way   hashing algorithm that produces a key that  is used to encrypt the Secure Enclave's key. To break this down, this means that even  if someone has a user's password they   cannot access the encryption keys stored  on the Secure Enclave. Without the Secure   Enclave's cooperation. This is pretty important.  This means that the encrypted data must pass   through the Secure Enclave. The operating  system and the user never get to see this   encryption key and can only interact  with the Secure Enclave through APIs.   The Secure Enclave also uses a unique identifier,  a root cryptographic key called the secure Enclave   ID which is used to identify the device.  This is fused to the Secure Enclave during   manufacturing and without Apple's ability to  access it. This ensures that the encryption   Keys stored in the secure Enclave can only be  used on the device that they are generated on. Yes, I know this is getting complicated  but say you stole the physical and memory   modules out of a MacBook Pro, and you even  had the encryption keys. This theoretical   attack wouldn't work because the hardware  encryption key doesn't match the hardware ID. The secure Enclave also helps thwart DMA attacks  where an attacker uses a device with direct   memory access, like a thunderbolt device. A  Thunderbolt device uses a PCIe interconnect,   and one of the main selling points  of PCIe is direct memory access. macOS encrypts this memory and uses an i/o  processor that manages communication between the   main processor and the secure Enclave. The memory  needs to be encrypted and decrypted, and any   device trying to attack the memory will just get  encrypted data. Apple refers to this as the memory   protection engine. I want to be clear that this  is not unique to macOS, as there are both Windows   and Linux analogs. Also, AMD and Intel have  introduced their own Hardware level protections.   Handling all of this is sepOS. sepOS is designed  to be resistant to attacks, including physical   tampering, and it has been certified under the  common criteria security standard. The OS is   based on The L4 micro kernel, which is popular  for secure embedded systems as it has a minimal   set of services and uses a highly privileged  mode that is isolated from the user-level code. I know this is starting to get pretty abstract,  but the point is there's a well-defined interface,   and the kernel is small and focused  thus, it is easy to analyze and verify   by security analysts and has a design that  allows for specialized isolated subsystems. Apple has taken this micro-operating  system and modified it for use in the   Secure Enclave. The Secure Enclave also provides  other services like true random number generation,   secure neural engine, and AES engine, Secure  Enclave boot ROM a secure Enclave boot Monitor,   and so on. If you would like to learn  more about this and the Secure Enclave,   I suggest reading the Apple document on  it, as it's what I used to make this video,   and of course, it's linked in the description.  Now if you remember back to the beginning of   this video, I mentioned that the Secure Enclave  is the reason why you can't upgrade your SSD. SSDs generally consist of a controller NAND  memory module, DRAM cache, found on quality   SSDs, and an interface like NVME. Apple's Secure  Enclave is tightly integrated with Apple hardware,   and the SSD controller resides within the Apple  silicon chipset. As we previously discussed,   the Secure Enclave generates a  hardware encryption key and is   used to encrypt the contents of the  NAND memory modules (the storage). The key is stored in the Secure Enclave, and  the keys are derived from a combination of   the Secure Enclave ID and the characteristics of  the NAND. Now I have to be clear. The next part   is a bit of conjecture on my part because  in the Mac Studio you can swap the NANDs,   but only with ones that are exactly the same size. This also requires a DFU restore, so let's get  back to it. If a set of new NAND modules were   installed onto an Apple Silicon Mac it would  have to generate a new key. A hypothetical   attacker might be able to determine the original  key by comparing the old key and the new key and   identifying the differences between the two.  This potentially could reveal characteristics   about the original key Apple allowing any NANDs  to be swapped could potentially be used as a way   to compromise the system. While Apple uses PCIE  for its interface to its SSD, it does not use   the NVMe protocol. Also, the SSD controller has  direct communication with the Secure Enclave. Now here's the kicker I'm absolutely confident  that Apple could arrive at a solution as Apple's   secure Enclave has gone through many iterations,  16 in fact, as of recording this video. I am not a system security engineer, but I have  my suspicions Apple could arrive at a solution   that allows users to swap SSDs by reducing  the security settings or perhaps an unlock   that warns the user about the potential of an  encryption key exposure and there are unified   memory systems that use NVMe and even hardware  encryption so this is not insurmountable. I consider myself an informed user, and I'd  gladly accept any risk for removable storage   over being locked into zero upgrades  as NAND memory which makes up the SSD,   has a finite shelf life as a memory cell . An SSD can only be written and overwritten so  many times before it fails Apple preventing   anyone from swapping SSD, means that every  Apple Silicon Mac has a time bomb built into it,   and there's nothing end users can do to fix it. Despite the greenwash marketing, Apple has  no qualms about E-Waste. Also to pour salt   in the wound Apple shipping bottom-tier Macs  and RAM-starved configurations with laughably   small SSDs means that the OS will have no choice  but to use the SSD for memory swap operations. When the ram is completely filled,  and the more frequently it does this,   and with fewer bytes to rotate on a small SSD like  a 256 gigabyte will shorten the NAND shelf life. Apple chooses not to tackle this on any  front as it knows they'll generate money   no matter how this plays out. A user has to pay  upfront Apple tax on overpriced upgrades and   has to deal with planned obsolescence  baked into the hardware and software. Let's not forget Apple will stop supporting  its Macs at some point. Admittedly the security   is amazing, but Apple should not be able to  hide behind security as a smoke screen Force   anti-consumer Behavior. So when you see right to  repair legislation pop-up please support it. Apple   makes wonderful products, but they're marred  by their disdain for the users that buy them. this video was tough to make because  there's not a lot of information about   sepOS or the secure Enclave, so if you  have any corrections or better resources,   hit me in the comments and check the description  for the sources I use. Thanks for watching
Info
Channel: Definitive Mac Upgrade Guide
Views: 261,301
Rating: undefined out of 5
Keywords: Apple, Mac, macOS, Apple silicon
Id: Sm7_0V9z-Y8
Channel Id: undefined
Length: 9min 1sec (541 seconds)
Published: Fri Apr 14 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.