Blackhat talk on T2 chip security

[TechyBen]

1 hour ago, jagdtigger said:

Not necessarily, the T2 chip is a small computer in itself. It could monitor the PCI bus for unauthorized device ID's and render the machine inoperable while said device is present.

Yeah, that video mentions this stuff can be applied boot. The T2 chip is like below ring 0? It can function before the CPU comes into play. Some of what they were suggesting does this? I can't figure out if they are a third party security offering? "We apply this pre-UEFI" and mention their own lock down security code to prevent PCIe UEFI driver handshake if it tries to access restricted memory.

[lewdicrous]

Just now, VegetableStu said:

wonder what would it take to implement this outside Apple's stuff. like would it be done on the motherboard, or would intel and AMD provision some CPU area to hardware sandboxing? o_o

Maybe in prebuilt systems from OEMs, but I doubt that'll happen with systems hand built by consumers.

[AngryBeaver]

I mean don't get me wrong this is some needed protection to the PCI-E vulnerabilities, but again if someone is doing that they have physical control of your machine. If someone is able to gain physical access to it then you already have a much bigger problem. I mean you pull the drives and depending on what they are using pop the encryption. Lets look at something like bitlocker. They have FREDs (A forensic machine) made specifically for cracking bitlocker and it normally takes 3-6 months depending on luck. So yes that keeps them out of the data for awhile, but ultimately if they have it they can get it.

 

I guess this is more just the last line of defense to make it harder, but still it isn't going to stop it entirely.

[hishnash]

5 hours ago, AngryBeaver said:

I mean don't get me wrong this is some needed protection to the PCI-E vulnerabilities, but again if someone is doing that they have physical control of your machine. If someone is able to gain physical access to it then you already have a much bigger problem. I mean you pull the drives and depending on what they are using pop the encryption. Lets look at something like bitlocker. They have FREDs (A forensic machine) made specifically for cracking bitlocker and it normally takes 3-6 months depending on luck. So yes that keeps them out of the data for awhile, but ultimately if they have it they can get it.

 

I guess this is more just the last line of defense to make it harder, but still it isn't going to stop it entirely.

I suppose that is why the T2 chip has the drive encryption system that means you can pop the drives out and decrypt them in that way. The flip side of that is you cant pop the drives out and decrypt them in that way so if you need to get at the data you cant. You would need to embed that system within the users machine for 3-6 months to do this with the T2 (or rip out the entire system).

[hishnash]

 

5 hours ago, VegetableStu said:

wonder what would it take to implement this outside Apple's stuff. like would it be done on the motherboard, or would intel and AMD provision some CPU area to hardware sandboxing? o_o

All it needs is some other chip to start before the x86 chip start up so that it can provide the needed protection for the UEFI. in theory the motherboard chipset could do this, if the vendor wanted to.

[hishnash]

8 hours ago, jagdtigger said:

Not necessarily, the T2 chip is a small computer in itself. It could monitor the PCI bus for unauthorized device ID's and render the machine inoperable while said device is present.

It could but what would be the point, assuming the secure boot system is working the os kernel (or UEFI) can do this. Much simpler to implement, the secure boot system lets apple move these types of things up-stream.

if the secure boot is not working and someone finds a way to execute code on ring0 then they can also stop the PCIe messages from being passed onto the T2 chip (since they are first sent to the cpu). 

 

they could make a t3 chip that is much more expensive that routs all PCIe traffic through it *a bit like the IO die on the ZEN systems*. Adding this (for something like the macPro that has so many PCIe lanes) would increase PCIe latency and power draw. Simpler would be to put checks into the UEFI.

[aliasdred]

13 hours ago, hishnash said:

What do you mean everything is locked?

 

 

You unplug your monitor, you die....Ez 4 Apple

[jagdtigger]

46 minutes ago, hishnash said:

It could but what would be the point

They would say its there to protect the users, but in reality its just another money grabbing tactic so you have no choice but to buy their insanely priced junk.

[hishnash]

Just now, jagdtigger said:

They would say its there to protect the users, but in reality its just another money grabbing tactic so you have no choice but to buy their insanely priced junk.

But they can put those restrictions in place without the T2, as I explained you don't need to T2 chip to put those restrictions in place, if they are just interested in money they would do it in the kernel much cheaper to do it there than in the T2.

 

[Curious Pineapple]

22 minutes ago, hishnash said:

But they can put those restrictions in place without the T2, as I explained you don't need to T2 chip to put those restrictions in place, if they are just interested in money they would do it in the kernel much cheaper to do it there than in the T2.

 

Combine the 2 and you can't change the OS on the machine, nor can you run the OS on anything else.

[hishnash]

1 minute ago, Curious Pineapple said:

Combine the 2 and you can't change the OS on the machine, nor can you run the OS on anything else.

That is the same with secure boot on any windows machine (unless you are going to go any get yourself a compromised PCIe device that patches the windows/macos/linux kernel?)

 

Regular UEFI secure boot is hard enough to break that for (even advanced) consumers it is enough of a limiting factor to do what you suggest.

the extra levels of secure boot the T2 chip are not targeted at stopping regular consumers (normal UEFI protections are more than enough for that if you want) they are there to stop targeted expiranced attackers.


Stopping the OS from running on other systems (were you dont control the hardware and thus the Secure boot) is not possible, even with the T2 chip or some T3 .... TN chip.

 

In the end all you can do is put CPU instructions into the OS and you then get your CPU maker to add these to the chips firmware. But someone active enough can come along and swap them out in the binary. You will never (and apple know this) be able to write a bit of code that 100% cant run on someone else's hardware. 

 

You can try to do things like not share all the code, ship it in an encrypted form that requires the T2 chip to de-crypt (hint however it will be decrypted in ram, so that it can run at ok speeds, and someone will clone it from there). 

the T2 chip cant block hackintosh use it can make it harder, require the community to do more patching of the macOS kernel (they already do this of course, and given then have macOS running on AMD hardware they are clearly quite skilled at this). The loss in sales to apple from hackintosh users is insignificant in compared to the amount of work they would need to put in to make it harder, it is hard enough that normal users do not consider it, and companies do not do it for legal reasons alone (and never will).

[jagdtigger]

22 minutes ago, hishnash said:

That is the same with secure boot on any windows machine

Nope, on those you can disable it(except for a very few exception). And by adding a HW chip it makes circumvention borderline impossible where as a kernel measure could be easily modded out/circumvented.

[Hashiba]

In case someone is interested in the other talks here's the playlist, (the talks seem to be unlisted so they might not be that easy to find at least rn)

 

https://t.co/5MqRuPXOHF

 

 

[mr moose]

8 hours ago, TechyBen said:

In the past, repeatedly, you have berrated other forum users for suggesting Apple have, are, or will do anything about NVidia. Thus though that one post only mentioned Apple not being rational towards NVidia now, you have in the past lambasted others for similar claims. You blow hot and cold depending on the weather.

 

It probably looks that way to you because, as I said, I don't attack a company when it's not warranted,  I will lambast any company for shit practices like apple has with right to repair and repair practices.  But I will also give credit where credit is due and talk about apple being better with privacy than others if I see it.    This is not blowing hot and cold on anything, it is just being reasonable with whatever the core of the discussion is.

 

Contrary to what it looks like on these forums, you are allowed to support a company doing good things and fight for their rights even when they do other things that are not good and should be publicly denounced for.  As for the whole Nvidia thing, that is not just a machination of mine, it is something that apple has actually done in refusing to permit NVIDIA drivers into Mac OS.

 

 

[hishnash]

37 minutes ago, jagdtigger said:

Nope, on those you can disable it(except for a very few exception). And by adding a HW chip it makes circumvention borderline impossible where as a kernel measure could be easily modded out/circumvented.

You can disable the T2 secure boot a well (https://support.apple.com/en-us/HT208330). There is nothing about the windows systems that means they cant make it compulsory if they want to as well. Sure you could bypass it with one of of the attacks highlighted in the video but that is much more sophisticated and requires you to have a compromised PCIe device.

 

Bypassing kernel measusers requires compromising secure boot, (any change to the kernel would mean you cant boot otherwise).

the T2 chip here protects the UEFI from being modded out buy PCIe devices. I would not be surprised if AMD (maybe already have) do the same using the IO chip as part of Zen2. 

[hishnash]

31 minutes ago, mr moose said:

Nvidia thing, that is not just a machination of mine, it is something that apple has actually done in refusing to permit NVIDIA drivers into Mac OS.

 

 

Is that however relevant to this post on T2 chip secure boot? (unless you are suggesting nvidia are/should attempt to attack the UEFI fo course)

[jagdtigger]

14 minutes ago, hishnash said:

There is nothing about the windows systems that means they cant make it compulsory if they want to as well.

Only if they want to commit suicide, they would get a huge lawsuit from open source OS developers.

 

16 minutes ago, hishnash said:

You can disable the T2 secure boot a well

Not for long IMO. We seen how apple is willing to go to extreme lengths to ensure that ppl only buy their stuff and dont repair anything just buy a new one......

[spartaman64]

if t2 is so good why isnt there a t2 2?

[mr moose]

45 minutes ago, hishnash said:

Is that however relevant to this post on T2 chip secure boot? (unless you are suggesting nvidia are/should attempt to attack the UEFI fo course)

It is relevant to the context of the conversation.

 

Williamcll suggested they might make a T3 chip that locked down apple products even further.

You asked how,   I offered several possibilities supported with evidence of past behavior doing exactly that. You are now trying to sidestep the original comments and make it look like we are being irrelevant by turning the debate around into an action/accusation that no one mentioned (nvidia attacking the uefi) which also has nothing to do with the concerns that were raised. 

 

 

 

 

 

[hishnash]

1 hour ago, mr moose said:

It is relevant to the context of the conversation.

 

Williamcll suggested they might make a T3 chip that locked down apple products even further.

You asked how,   I offered several possibilities supported with evidence of past behavior doing exactly that. You are now trying to sidestep the original comments and make it look like we are being irrelevant by turning the debate around into an action/accusation that no one mentioned (nvidia attacking the uefi) which also has nothing to do with the concerns that were raised. 

 

 

 

 

 

Unless Nvidia attack the UEFI apple can do any (and all) the blocking they would like using the regular OS kernel no need for dedicated hardware.

That is why the only reason the T2 (or T3) chip would need to be involved in such a process is to protect the secure boot process. And the use case of the T2 chip in that is a protection against UEFI so for the T2 (or T3) chip to be needed to block nvidia you nvidia would need to be actively exploiting the UEFI. Since any, and all, other methods of exploit can be blocked simply through the macOS kernel and do not in any way require the T2 chip.

 

[mr moose]

1 minute ago, hishnash said:

Unless Nvidia attack the UEFI apple can do any (and all) the blocking they would like using the regular OS kernel no need for dedicated hardware.

That is why the only reason the T2 (or T3) chip would need to be involved in such a process is to protect the secure boot process. And the use case of the T2 chip in that is a protection against UEFI so for the T2 (or T3) chip to be needed to block nvidia you nvidia would need to be actively exploiting the UEFI. Since any, and all, other methods of exploit can be blocked simply through the macOS kernel and do not in any way require the T2 chip.

 

 

I am sure I am not the only one who understand the issues that have been raised here.  Your insistence on trying to play down the concerns raised by ignoring the past or pretending the T2 chip isn't essential  does not change anything.

[hishnash]

1 hour ago, jagdtigger said:

Only if they want to commit suicide, they would get a huge lawsuit from open source OS developers.

 

Not for long IMO. We seen how apple is willing to go to extreme lengths to ensure that ppl only buy their stuff and dont repair anything just buy a new one......

so just the same as if apple did that, there is nothing about a PC that means it is more or less likely to be the starting point of a court case, in fact since apple have so much money to go after suing apple will happen long before suing Asus or Acer.

 

The lost sales from Hackintosh is absoluly tiny, the extra cost they would need to put in to attempt to fully lock that out would be massive. The economics do not make sense.

 

 

[hishnash]

1 minute ago, mr moose said:

 

I am sure I am not the only one who understand the issues that have been raised here.  Your insistence on trying to play down the concerns raised by ignoring the past or pretending the T2 chip isn't essential  does not change anything.

I completely understand that the locking down of hardware without reason is an issue what i do not understand is why you think this requires the T2 chip when ANY motherboard with UEFI secure boot could do this today and the only way to bypass it is very complex PCIe attacks. 
 

[mr moose]

Just now, hishnash said:

I completely understand that the locking down of hardware without reason is an issue what i do not understand is why you think this requires the T2 chip when ANY motherboard with UEFI secure boot could do this today and the only way to bypass it is very complex PCIe attacks. 
 

 

I never said it "requires" the T2 chip, I just said they could use it to do that and that would mean no one bar apple could get around the lock.    

[hishnash]

15 minutes ago, mr moose said:

 

I never said it "requires" the T2 chip, I just said they could use it to do that and that would mean no one bar apple could get around the lock.    

Assuming we are talking about an x86 system, with an intel or amd cpu.

As i have said there would be no point in using it for the following reasons:

 

Using the T2 (or T3) chip for this would imply you want it to still work if the secure boot is compromised (aka the macOS/windows/linux kernal running on the x86 machine is no longer in your controle) to do so you need to:

1) rout ALL PCIe traffic through the T2 chip before it hits the CPU

2) Intercept this trafic at init type and check some crypto signature (that cant be facked)

   3) embed a security chip on every single device you connect to the system that can be the other side of this secure handshake.

 

If you do not route all of the PCIe trafic through the Security Chip (lets call it T3) then by comprising the kernel you can stop the cpu from talking the the T3 chip and thus bypass any checks it puts in place. 

 

Building a chip that can route (without latency) all the PCIe traffic and intercept it (checking a signature on init) will require a LOT of power (take a look at ZEN2 io die does exactly this and how much power it draws).

 

Also in the scenario where the secure boot has been compromised there is nothing stopping a user tunneling a PCIe connection over a `non` PCIe band, thus hiding the init handshake from the T3 chip. In short the T3 chip would need to actively sniff/intercept all PCIe/USB/Network traffic in and out of the CPU. This would draw a LOT of power and introduce a LOT of latency.  

Since the only reason for doing this would be the actively block other vendors, and would not provide any security improvements to users. The gains of using the T2 (or some T3) chip for this compared to using regular Kernel level protections will never pass.

 

As long as the secure boot is not compromised you can do all of this in software in the kernel, very simply in the case of nvidia by not approving their drivers, you don't need to spend Millions and millions of $ fabricating a high bandwidth PCIe sniffing chip.

 

No One but apple can get around the secure boot (that is the point of secure boot)