Blackhat talk on T2 chip security

[hishnash]

The Blackhat-conf (2019) has just started to drop videos publicly onto youtube from sessions this summer.

The talk from Apple on Secure boot and how T2 helps them protect against `evil` PCIe devices comprising UEFI secure boot is very interesting. 

 

Other related links to this are https://support.apple.com/en-nz/HT208862

 

 

—

there will no doubt be some talk about the disk encryption apple are using, i think that however is a separate topic to the boot protections the T2 chip provides, after all the T2 chips boot protections  apply regardless of if you boot from the SSD attached to the T2 chip or boot from other disk be that internal in the macPro or external, USB/Thunderbolt/Network the T2 supports all fo these boot options.


---
[EDIT adding summary]
TLDR:

Normal secure boot systems that use just the signature features of the UEFI are susceptible to attacked if a compromised PCIe device is attached to the system.

* This is mainly do to the fact the PCIe devices (such as raid boot drives) need to provide (small) drivers to the UEFI before one can boot from them, however these normally are loaded as Ring0 before the OS boots so they can easily bypass the UEFI protections.  

* Other PCIe devices are also initiated before the system boots (as part of the UEFI) so are able to replace the `validated` signed boot image with thier own.

both of the above things happen before system memory is instantiated by the UEFI so you cant make use of the protection systems provided by Intel (or AMD) that the Kernel would normally use (for example when connecting a Thunderbolt3 device) to ensure that they can not read/write to kernel memory.

The T2 chip however has a small memory buffer within it, and the T2 chip start up before the main x86 chip starts so this lets apple Sandbox the PCIe device startup process so that even if you do have a compromised PCIe device loading durring the UEFI startup it cant modify the UEFI or the OS Boot image.

[williamcll]

Now they are going to make the T3 which is going to be a bigger hassle where everything is locked.

[hishnash]

13 minutes ago, williamcll said:

Now they are going to make the T3 which is going to be a bigger hassle where everything is locked.

What do you mean everything is locked?

 

 

[Guest]

is there a summary idw to watch the video to find out im lazy

[mr moose]

5 minutes ago, hishnash said:

What do you mean everything is locked?

 

 

 

It would not be of surprise to anyone if they use the T2 to lock out nvidia all together, maybe lock out anything that isn't bought from the apple store.  Lock in apple only serving.  Use it to force buying a whole new mac instead of just replacing the part that's broken. 

 

Now before anyone quotes me and tries to tell me they don't do this,  I said specifically if they did it would be no surprise (because they have tried it before with iphone), not that they are.

[hishnash]

7 minutes ago, mr moose said:

 

It would not be of surprise to anyone if they use the T2 to lock out nvidia all together, maybe lock out anything that isn't bought from the apple store.  Lock in apple only serving.  Use it to force buying a whole new mac instead of just replacing the part that's broken. 

 

Now before anyone quotes me and tries to tell me they don't do this,  I said specifically if they did it would be no surprise (because they have tried it before with iphone), not that they are.

Apple do not need the T2 chip to do that, assuming Nvidia do not try to exploit the UEFI, apple just needs to set up a whitelist of PCIe devices the macOS kernel would accept. The T2 chip would never get involved in that. 

[mr moose]

1 minute ago, hishnash said:

Apple do not need the T2 chip to do that, assuming Nvidia do not try to exploit the UEFI, apple just needs to set up a whitelist of PCIe devices the macOS kernel would accept. The T2 chip would never get involved in that. 

That's not the point, the point is they could use it to do that and being the T2 chip as opposed to a software thing there would be no way to bypass it.

 

 

[hishnash]

1 hour ago, mr moose said:

That's not the point, the point is they could use it to do that and being the T2 chip as opposed to a software thing there would be no way to bypass it.

 

 

have you watch the video (only the first half is relevant to the T2)? worth a watch. It will make it clear that once the OS has booted the T2 is not longer int he loop (if it were it would massively slow down all your PCIe devices) so any protection put in place to block a given PCIe device (like you suggest) would be a kernel level protection and never be part of the T2 (or any future T3....). 

1) you can turn off secure boot on macOS so... aka Turning of the T2 security full stop and apple have been very clear they will continue to support this. You can also turn of system integrity protection as well (if you want to) and they have also been very clear that this will continue to work. (apple tend to deprecated apis 5 to 10 years before they stop working on macOS so that should give you a guid to the expected minimum lifetime of these features)

 

2) The only way you would bypass a kernel level whitelist (nothing to do with the T2 here) (even on a windows machine with secure boot, if MS wanted to put one in) would be a UEFI exploit. Yes the T2 chip protects against that, but Nivida will never try to actively exploit the UEFI and patch the signed macOS (or windows kernel). Simply put they would need to ship out new graphics cards every time that kernel was updated, (so that the patch they apply works). Also they would lose their PCIe license and be thrown out of every single standards body in the world. They would be sued to high heaven.

 

[hishnash]

2 hours ago, floofer said:

is there a summary idw to watch the video to find out im lazy

Sorry just added one, it's quite a simple version for the detailed technical version i suggest you watch the video only the first 1/2 is relevant to T2. 

[mr moose]

7 minutes ago, hishnash said:

have you watch the video (only the first half is relevant to the T2)? worth a watch. It will make it clear that once the OS has booted the T2 is not longer int he loop (if it were it would massively slow down all your PCIe devices) so any protection put in place to block a given PCIe device (like you suggest) would be a kernel level protection and never be part of the T2 (or any future T3....). 

1) you can turn off secure boot on macOS so... aka Turning of the T2 security full stop and apple have been very clear they will continue to support this. You can also turn of system integrity protection as well (if you want to) and they have also been very clear that this will continue to work. (apple tend to deprecated apis 5 to 10 years before they stop working on macOS so that should give you a guid to the expected minimum lifetime of these features)

 

2) The only way you would bypass a kernel level whitelist (nothing to do with the T2 here) (even on a windows machine with secure boot, if MS wanted to put one in) would be a UEFI exploit. Yes the T2 chip protects against that, but Nivida will never try to actively exploit the UEFI and patch the signed macOS (or windows kernel). Simply put they would need to ship out new graphics cards every time that kernel was updated, (so that the patch they apply works). Also they would lose their PCIe license and be thrown out of every single standards body in the world. They would be sued to high heaven.

 

Yes, I trust them emphatically to not use T2 or future T3 to lock all the other hardware.

 

https://www.extremetech.com/computing/280501-apple-confirms-t2-chip-can-brick-macs-after-third-party-repairs

 

 

[hishnash]

1 minute ago, mr moose said:

Yes, I trust them emphatically to not use T2 or future T3 to lock all the other hardware.

 

https://www.extremetech.com/computing/280501-apple-confirms-t2-chip-can-brick-macs-after-third-party-repairs

 

 

That article is fundamentally wrong, you can still boot from any other driver (including network).

 

[mr moose]

4 minutes ago, hishnash said:

That article is fundamentally wrong, you can still boot from any other driver (including network).

 

Ok then:

 

https://www.theverge.com/2018/11/12/18077166/apple-macbook-air-mac-mini-t2-chip-security-repair-replacement-tool

https://www.vice.com/en_us/article/yw9qk7/macbook-pro-software-locks-prevent-independent-repair

https://www.wired.com/story/apple-t2-security-chip-macbook-microphone/

https://www.ifixit.com/News/apples-activation-lock-will-make-it-very-difficult-to-refurbish-macs

 

The fact is the T2 chip can be used for exactly that purpose and already has by the look of it.

 

 

Quote

The T2 security chip, however, erases any hope and makes it impossible to do anything on a Mac without the proper Apple ID credentials.

 

[lewdicrous]

Wonder what Rossmann thinks about this, seeing as he offers data recovery.

[hishnash]

Just now, mr moose said:

Ok then:

 

 

https://www.theverge.com/2018/11/12/18077166/apple-macbook-air-mac-mini-t2-chip-security-repair-replacement-tool

https://www.vice.com/en_us/article/yw9qk7/macbook-pro-software-locks-prevent-independent-repair

https://www.wired.com/story/apple-t2-security-chip-macbook-microphone/

https://www.ifixit.com/News/apples-activation-lock-will-make-it-very-difficult-to-refurbish-macs

 

 

All of the above reference hardware that is routed through the T2 so yes it has cryptographic signatures in place for those but PCIe devices are not routed through the T2 so it cant block them. 

also a note for repair you don't need to wire those devices through the T2 chip, if you want and if you don't the T2 chip is not involved. 

macOS will boot from any SSD.

macOS will use any microphone input

macOS will use any webcam 

 

 

[hishnash]

Just now, lewdicrous said:

Wonder what Rossmann thinks about this, seeing as he offers data recovery.

Did you want the video, the talk is not at all about the disk encryption its about the secure boot, (the main use case of the T2 chip). 

[lewdicrous]

Just now, hishnash said:

Did you want the video, the talk is not at all about the disk encryption its about the secure boot, (the main use case of the T2 chip). 

Baby steps.

[Arika]

4 minutes ago, hishnash said:

All of the above reference hardware that is routed through the T2 so yes it has cryptographic signatures in place for those but PCIe devices are not routed through the T2 so it cant block them. 

until they decide it will

 

[suicidalfranco]

the more i ear, watch, read the less i want to go back using a mac 

[TechyBen]

4 hours ago, mr moose said:

 

It would not be of surprise to anyone if they use the T2 to lock out nvidia all together, maybe lock out anything that isn't bought from the apple store.  Lock in apple only serving.  Use it to force buying a whole new mac instead of just replacing the part that's broken. 

 

Now before anyone quotes me and tries to tell me they don't do this,  I said specifically if they did it would be no surprise (because they have tried it before with iphone), not that they are.

I'm confused... Really confused. Over your observations and opinions. You're like British weather. When ever you think you understand it, it goes and hails and snows in the middle of summer. XD

[TechyBen]

1 hour ago, hishnash said:

Did you want the video, the talk is not at all about the disk encryption its about the secure boot, (the main use case of the T2 chip). 

But very valid to Rossman, as the T2 chip also works things like screen/board chip lock ins via serial codes. So if he was replacing those parts, any help on T2 chip understanding would help (currently, if the screen chip etc is dead, they have a brick. If it's live, they can at least attempt a transplant to a new working screen, in the case of cracked panels).

[mr moose]

39 minutes ago, TechyBen said:

I'm confused... Really confused. Over your observations and opinions. You're like British weather. When ever you think you understand it, it goes and hails and snows in the middle of summer. XD

That's because I try not to let my love or hatred for products get in the way of being rational about their realities.  That means that I can defend apple and hate them at the same time.

 

 

[TechyBen]

3 minutes ago, mr moose said:

That's because I try not to let my love or hatred for products get in the way of being rational about their realities.  That means that I can defend apple and hate them at the same time.

 

 

Rational? Apple blocking NVidia as a rational response? You constantly say businesses don't do grudges, then suggest Apple will hold one against NVidia, instead of just letting it slide for the tiny but relevant sales (from those filling Apple Macs and iMacs with Titans and compute internal or external hookups).

 

If NVidia is blocked, it would be as a unintended, and partially not much of a loss, consequence from locking down the hardware.

 

Quote

It would not be of surprise to anyone if they use the T2 to lock out nvidia all together

You specifically say they will single out (possibly) NVidia, not "lock out GPUs manufactures", but name NVidia. And constantly batter people who mention brands as shorthand for "the industry".

 

Our weather is easier for me to track. XD

[mr moose]

3 minutes ago, TechyBen said:

Rational? Apple blocking NVidia as a rational response? You constantly say businesses don't do grudges, then suggest Apple will hold one against NVidia, instead of just letting it slide for the tiny but relevant sales (from those filling Apple Macs and iMacs with Titans and compute internal or external hookups).

I never said apple was rational, I said I didn't let my love or hatred for a product prevent me from being rational.  Also Apple are already doing intentionally preventing NVVIDIA being used in their macs, that is not a suggestion.

3 minutes ago, TechyBen said:

If NVidia is blocked, it would be as a unintended, and partially not much of a loss, consequence from locking down the hardware.

It's not unintended, but that is beside the point, I only said it wouldn't be unexpected if they did.

3 minutes ago, TechyBen said:

You specifically say they will single out (possibly) NVidia, not "lock out GPUs manufactures", but name NVidia. And constantly batter people who mention brands as shorthand for "the industry".

What on earth are you trying to say? You have literally missed the point of what I said, you also seem to have read what I said arse about.

 

Here's what I said:

5 hours ago, mr moose said:

 

It would not be of surprise to anyone if they use the T2 to lock out nvidia all together, maybe lock out anything that isn't bought from the apple store.  Lock in apple only serving.  Use it to force buying a whole new mac instead of just replacing the part that's broken. 

 

Now before anyone quotes me and tries to tell me they don't do this,  I said specifically if they did it would be no surprise (because they have tried it before with iphone), not that they are.

Look at that last sentence.

 

 

 

[jagdtigger]

4 hours ago, hishnash said:

o any protection put in place to block a given PCIe device (like you suggest) would be a kernel level protection

Not necessarily, the T2 chip is a small computer in itself. It could monitor the PCI bus for unauthorized device ID's and render the machine inoperable while said device is present.

[TechyBen]

1 hour ago, mr moose said:

I never said apple was rational, I said I didn't let my love or hatred for a product prevent me from being rational.  Also Apple are already doing intentionally preventing NVVIDIA being used in their macs, that is not a suggestion.

It's not unintended, but that is beside the point, I only said it wouldn't be unexpected if they did.

What on earth are you trying to say? You have literally missed the point of what I said, you also seem to have read what I said arse about.

 

Here's what I said:

Look at that last sentence.

 

 

 

In the past, repeatedly, you have berrated other forum users for suggesting Apple have, are, or will do anything about NVidia. Thus though that one post only mentioned Apple not being rational towards NVidia now, you have in the past lambasted others for similar claims. You blow hot and cold depending on the weather.