Jump to content

Blackhat talk on T2 chip security

hishnash
By hishnash
in Tech News
 Share
Posted
16 hours ago, hishnash said:

All of the above reference hardware that is routed through the T2 so yes it has cryptographic signatures in place for those but PCIe devices are not routed through the T2 so it cant block them. 

also a note for repair you don't need to wire those devices through the T2 chip, if you want and if you don't the T2 chip is not involved. 

macOS will boot from any SSD.

macOS will use any microphone input

macOS will use any webcam 

 


 

You are wasting your breath.

I have already tried to explain what the T2 is and isn't to this forum several times but they refuse to listen. They think the T2 is some kind of hardware DRM which only exists to make it harder to repair Apple computers. Notice how all the arguments revolve around "it makes it harder to repair" or "it might remove freedom from users" even though none of that is specifically tied to the T2? That's because they watched a Youtube video by Louis Rossmann who has a hard-on for hating Apple and they just mindlessly parrot what they heard in that video.

 

In general, this forum does not understand the first thing about security or cryptography, and people aren't interested in learning either.

 

 

 

1 hour ago, mr moose said:

I never said it "requires" the T2 chip, I just said they could use it to do that and that would mean no one bar apple could get around the lock.    

Please describe how they would use a theoretical T3 chip to lock Nvidia out of their systems. I want to hear the technical details of how you imagine it would work, and how it would be any different from all the other methods Apple could lock Nvidia out of their system without dedicated hardware.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Really fascinating 

Be sure to @Pickles von Brine if you want me to see your reply!

Stopping by to praise the all mighty jar Lord pickles... * drinks from a chalice of holy pickle juice and tossed dill over shoulder* ~ @WarDance
3600x | NH-D15 Chromax Black | 32GB 3200MHz | ASUS KO RTX 3070 UnderVolted and UnderClocked | Gigabyte Aorus Elite AX X570S | Seasonic X760w | Phanteks Evolv X | 500GB WD_Black SN750 x2 | Sandisk Skyhawk 3.84TB SSD 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
6 hours ago, hishnash said:

Assuming we are talking about an x86 system, with an intel or amd cpu.

As i have said there would be no point in using it for the following reasons:

 

Using the T2 (or T3) chip for this would imply you want it to still work if the secure boot is compromised (aka the macOS/windows/linux kernal running on the x86 machine is no longer in your controle) to do so you need to:

1) rout ALL PCIe traffic through the T2 chip before it hits the CPU

2) Intercept this trafic at init type and check some crypto signature (that cant be facked)

   3) embed a security chip on every single device you connect to the system that can be the other side of this secure handshake.

 

If you do not route all of the PCIe trafic through the Security Chip (lets call it T3) then by comprising the kernel you can stop the cpu from talking the the T3 chip and thus bypass any checks it puts in place. 

 

Building a chip that can route (without latency) all the PCIe traffic and intercept it (checking a signature on init) will require a LOT of power (take a look at ZEN2 io die does exactly this and how much power it draws).

 

Also in the scenario where the secure boot has been compromised there is nothing stopping a user tunneling a PCIe connection over a `non` PCIe band, thus hiding the init handshake from the T3 chip. In short the T3 chip would need to actively sniff/intercept all PCIe/USB/Network traffic in and out of the CPU. This would draw a LOT of power and introduce a LOT of latency.  

Since the only reason for doing this would be the actively block other vendors, and would not provide any security improvements to users. The gains of using the T2 (or some T3) chip for this compared to using regular Kernel level protections will never pass.

 

As long as the secure boot is not compromised you can do all of this in software in the kernel, very simply in the case of nvidia by not approving their drivers, you don't need to spend Millions and millions of $ fabricating a high bandwidth PCIe sniffing chip.

 

No One but apple can get around the secure boot (that is the point of secure boot)

Describing another way to do something doesn't change anything.

 

5 hours ago, LAwLz said:

 

Please describe how they would use a theoretical T3 chip to lock Nvidia out of their systems. I want to hear the technical details of how you imagine it would work, and how it would be any different from all the other methods Apple could lock Nvidia out of their system without dedicated hardware.

It's not that hard, just like they programed ios to brick when it detects changed screens, the T3 could simply prevent the computer from working in the event it detects non genuine hardware.  

 

If you are expecting me to layout a design brief for such a simple concept then I am afraid you are just going to have assume you know everything without it. 

 

EDIT:

And I know that it doesn't matter how many times I say it here someone else saying to also:

 

Quote

The System Management Controller in the T2 is able to identify when it's running on non-Apple hardware, and if Apple requires a T2 validation in macOS after it spreads across the entire line, it could release an OS that simply won't run without the technology.

 

It means they can block Mac OS from starting on specific hardware.  They don't need to pump the entire PCIe bus through the T2 chip to do that.

 

https://appleinsider.com/articles/18/08/08/everything-you-need-to-know-about-apples-t2-chip-in-the-2018-macbook-pro

 

And:

 

Quote

And as far as repair goes, there was a revelation that the T2 could prevent repair by third parties requiring a part registration similar to what's required when something involving Touch ID is replaced on an iPhone.

 

https://appleinsider.com/articles/19/07/29/what-apples-t2-chip-does-in-your-new-macbook-air-or-macbook-pro

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 hours ago, LAwLz said:

You are wasting your breath.

I have already tried to explain what the T2 is and isn't to this forum several times but they refuse to listen. They think the T2 is some kind of hardware DRM which only exists to make it harder to repair Apple computers. Notice how all the arguments revolve around "it makes it harder to repair" or "it might remove freedom from users" even though none of that is specifically tied to the T2? That's because they watched a Youtube video by Louis Rossmann who has a hard-on for hating Apple and they just mindlessly parrot what they heard in that video.

 

In general, this forum does not understand the first thing about security or cryptography, and people aren't interested in learning either.

If possible, can your provide a link where you explained it before?

19 minutes ago, mr moose said:

It's not that hard, just like they programed ios to brick when it detects changed screens, the T3 could simply prevent the computer from working in the event it detects non genuine hardware.  

When did iOS devices start to brick after a screen replacement? Stop making up bullshit to push your own narrative onto people who don't follow Apple or tech as much. They show a fucking warning. And given the rampant amount of fake screens on the market, that provides you significantly worse display quality, Apple is doing a favour for unassuming users that what they have is a fake screen. If the user does not care, he/she can ignore it and that would be the end of it. Same goes for the battery

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, RedRound2 said:

If possible, can your provide a link where you explained it before?

When did iOS devices start to brick after a screen replacement? Stop making up bullshit to push your own narrative onto people who don't follow Apple or tech as much.

Stop pretending these things didn't happen because it's inconvenient:

 

https://www.theguardian.com/technology/2018/apr/10/iphone-8-ios-113-breaks-smartphones-third-party-repaired-screens-apple

 

Quote

Users who have had a screen repair performed by a third party, rather than with Apple, on their iPhone 8 smartphones found that the iOS 11.3 update stopped the touchscreen from working,

 

You have the embarrassing habit of calling other peoples claims BS when you know full well they aren't.

 

 

2 minutes ago, RedRound2 said:

They show a fucking warning. And given the rampant amount of fake screens on the market, that provides you significantly worse display quality, Apple is doing a favour for unassuming users that what they have is a fake screen. If the user does not care, he/she can ignore it and that would be the end of it. Same goes for the battery

Yeah apple sure is doing all the favors. ?  If you want genuine screen go to apple for the repair, if you want a cheaper third party then that should be the consumers choice, NOT apples.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 hours ago, LAwLz said:

They think the T2 is some kind of hardware DRM

https://www.theverge.com/2018/11/12/18077166/apple-macbook-air-mac-mini-t2-chip-security-repair-replacement-tool

Quote

Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor,

Quote

the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run.

So in short, yes. It is a HW DRM, period.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, RedRound2 said:

When did iOS devices start to brick after a screen replacement? Stop making up bullshit to push your own narrative onto people who don't follow Apple or tech as much. They show a fucking warning. And given the rampant amount of fake screens on the market, that provides you significantly worse display quality, Apple is doing a favour for unassuming users that what they have is a fake screen. If the user does not care, he/she can ignore it and that would be the end of it. Same goes for the battery

Enjoy.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, mr moose said:

Stop pretending these things didn't happen because it's inconvenient:

https://www.theguardian.com/technology/2018/apr/10/iphone-8-ios-113-breaks-smartphones-third-party-repaired-screens-apple

You have the embarrassing habit of calling other peoples claims BS when you know full well they aren't.

So do you still live in some isolated case in 2018? What is the current status now? If you replace your screen or battery with a non genuine part, your phone will display a warning and that's it. As far as I looked up, this was only the case with iPhone 7 and 8. The iPhone X released at the same time of the 8 and I can't find articles on X being bricked after replacement. With the new 11s', Apple shows a warning, that's it. So your claim as some sort of evidence is BS afterall

 

You sure have a terrible condition where your blood boils the moment you see Apple anywhere. It's frankly pathetic.

1 hour ago, mr moose said:

Yeah apple sure is doing all the favors. ?  If you want genuine screen go to apple for the repair, if you want a cheaper third party then that should be the consumers choice, NOT apples.

IT IS the CONSUMER'S CHOICE. Tell me how in the world is Apple holding you hostage of your phone if you decided to get a third party screen repalcement. You need to understand that all people around who uses the same devices aren't as tech savvy as you and I who can spot the difference with LCD and OLED easily, or higher res and lower res screen. There are plenty of places that offer cheap screen repair for the fraction of the price, when they are indeed using objectively far more inferior screen (higher touch latency and whatnot). So it's frankly a no-brainer to add an alert like that for the user to know. if he doesn't care, ignoring is a option

6 minutes ago, lewdicrous said:

Enjoy.

Everyone knows about Rossmann. His hate for Apple and obviously his skewed opinion when he only interacts with few thousands of broken Apple devices among millions of users in his area doesn't make his opinions universal facts.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
8 minutes ago, RedRound2 said:

His hate for Apple and obviously his skewed opinion when he only interacts with few thousands of broken Apple devices among millions of users in his area doesn't make his opinions universal facts.

Ask other reapir shops, they are going to tell you the same things. Best example of Apple's (in)competence: backlight 10+V pin directly beside a pin coming from the CPU without any kind of protection on a crammed internal display connector..............

 

/EDIT

Oh, did i mention their genius solution for a chip that run so hot it broke the solder joints? They simply put a piece of rubber on top of the chip to keep it in place.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
13 minutes ago, RedRound2 said:

Everyone knows about Rossmann. His hate for Apple and obviously his skewed opinion when he only interacts with few thousands of broken Apple devices among millions of users in his area doesn't make his opinions universal facts.

Two options:

  1. Believe someone who works in a particular field that gives them insight on how something works and how a certain company is trying to stop them from performing cheap repairs.
  2. Someone with brand royalty and thinks that said company cares about them more than they care about their business.

I'll take the former, thank you.

 

You try to undermine his experience just cause he interacts with "few thousands of broken apple devices", but fail to realize that there are a lot of people in the same industry in many different countries who face the same problems he does, he's just one of the most vocal out them.

 

I wonder if you at least watched the video, or maybe you're just worried that someone will tell you you're wrong for 9+ minutes.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
13 minutes ago, RedRound2 said:

So do you still live in some isolated case in 2018? What is the current status now? If you replace your screen or battery with a non genuine part, your phone will display a warning and that's it. As far as I looked up, this was only the case with iPhone 7 and 8. The iPhone X released at the same time of the 8 and I can't find articles on X being bricked after replacement. With the new 11s', Apple shows a warning, that's it. So your claim as some sort of evidence is BS afterall

You really hate being wrong don't you?   I said it happened you said it didn't and that I was full of shit, I gave you evidence and now you try to sidestep the original discussion.  Well done.  Come back when you have something to add the to conversation rather than just make stuff up then backpedal as if the original issue was something completely different.

 

Quote

You sure have a terrible condition where your blood boils the moment you see Apple anywhere. It's frankly pathetic.

Pathertic?  calling someone a liar them finding out your were wrong is pathetic.  When I see shit I call it out, I see them doing something good I will promote it.  The issue here is you are so far up apples arse you don't even know when they do something bad.

Quote

IT IS the CONSUMER'S CHOICE. Tell me how in the world is Apple holding you hostage of your phone if you decided to get a third party screen repalcement. You need to understand that all people around who uses the same devices aren't as tech savvy as you and I who can spot the difference with LCD and OLED easily, or higher res and lower res screen. There are plenty of places that offer cheap screen repair for the fraction of the price, when they are indeed using objectively far more inferior screen (higher touch latency and whatnot). So it's frankly a no-brainer to add an alert like that for the user to know. if he doesn't care, ignoring is a option

Everyone knows about Rossmann. His hate for Apple and obviously his skewed opinion when he only interacts with few thousands of broken Apple devices among millions of users in his area doesn't make his opinions universal facts.

 

What the hell are you even talking about now?  The concern raised was that apple could use the T2 (or more accurately a future T3) chip to lock down their system even further.  What I posted is evidence they can and do lock stuff out/down,  it does not matter if it was intentional or not, whether they fixed it because of backlash or because it was a nothing burger, the point is they can do it and given their track record it is not unreasonable to be weary of that. 

 

I know you can't handle the concept of apple being anti consumer but their history is not on your side, and frankly unless you work out how to keep up with the conversation then comprehension is not on your side either.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
32 minutes ago, jagdtigger said:

https://www.theverge.com/2018/11/12/18077166/apple-macbook-air-mac-mini-t2-chip-security-repair-replacement-tool

So in short, yes. It is a HW DRM, period.

Interesting, T2 is definitely a HW DRM lock then, if it detects you got a screen or trackpad replacement at a shop besides the Apple store, if Apple wanted to they could lock down your whole laptop, the problem is T2 is on by default and most Apple users really don't need that level of security for a facebook machine.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 minutes ago, Blademaster91 said:

Interesting, T2 is definitely a HW DRM lock then, if it detects you got a screen or trackpad replacement at a shop besides the Apple store, if Apple wanted to they could lock down your whole laptop, the problem is T2 is on by default and most Apple users really don't need that level of security for a facebook machine.

 

And I can't work it out,  we have apple saying they can, examples of them actually doing it (regardless of whether they still do or not), a history of the company not wanting people to repair their own devices,  and on top of that blocking drivers for companies they don't want on their systems.  And yet people are still trying to argue they can't or won't.   

 

It's like debating with flat earther's, the evidence is right their in front of their face and they continue to argue as if you are only out to hurt people.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
45 minutes ago, mr moose said:

You really hate being wrong don't you?   I said it happened you said it didn't and that I was full of shit, I gave you evidence and now you try to sidestep the original discussion.  Well done.  Come back when you have something to add the to conversation rather than just make stuff up then backpedal as if the original issue was something completely different.

 

Pathertic?  calling someone a liar them finding out your were wrong is pathetic.  When I see shit I call it out, I see them doing something good I will promote it.  The issue here is you are so far up apples arse you don't even know when they do something bad.

 

What the hell are you even talking about now?  The concern raised was that apple could use the T2 (or more accurately a future T3) chip to lock down their system even further.  What I posted is evidence they can and do lock stuff out/down,  it does not matter if it was intentional or not, whether they fixed it because of backlash or because it was a nothing burger, the point is they can do it and given their track record it is not unreasonable to be weary of that. 

 

I know you can't handle the concept of apple being anti consumer but their history is not on your side, and frankly unless you work out how to keep up with the conversation then comprehension is not on your side either.

Dude, what is wrong with you? It was an isolated case. The same issue didn't seem to exist for the iPhone X or any other models other than the 7 and 8 for a brief period with iOS 11.3. Your evidence is worthless when it's no longer true. Sure at one point Hitler was good for Germany. You can't use that argument today when the fact is very well disputed at this point.

 

You promoting something good, somone does? Bullshit. All you do in this forum is go to the first article of Apple and spew some random nonsence. It's a particular behaviour that not only I have noticed. You'll probably say the same for me also, but I'm more of a passive user on the forum and I'll only engage when i see random bullshit like this around the forum.

 

T2 chip has been explained by the Blackhat presenter, the OP and somone above. Lawlz also claims he has before. And all your responses are pretty much, Apple device + T2 = Removing everything Apple doesn't agree with, when the working of the chip is completely different from what you seem to be able to even imagine

 

Yes, Apple the evil corporation who only loots consumers. Yes, Apple does not operate in a Capatalist market and the only reason they're a trillion dollar company is because every single human is forced to buy their products, or their life will be at risk. Grow up and wake up from your fantasy. It is really pathetic. You don't like Apple, you don't ever have to touch their products, but don't also complain and spread bullshit about it. Vast majority of consumers are happy with their choices of Apple products and that's the reason they've been sticking to it and that's the only reason their ecosystem is a success unlike Samsung or Huwawei's.

45 minutes ago, lewdicrous said:

Two options:

  1. Believe someone who works in a particular field that gives them insight on how something works and how a certain company is trying to stop them from performing cheap repairs.
  2. Someone with brand royalty and thinks that said company cares about them more than they care about their business.

I'll take the former, thank you.

 

You try to undermine his experience just cause he interacts with "few thousands of broken apple devices", but fail to realize that there are a lot of people in the same industry in many different countries who face the same problems he does, he's just one of the most vocal out them.

 

I wonder if you at least watched the video, or maybe you're just worried that someone will tell you you're wrong for 9+ minutes.

Caring more about users leads to imporving business. The fact that you think their both unrelated, is...honeslty can't think of an appropriate phrase for it. Rossmann has an establish reputation for hate of Apple products and no not all repirman thinks of Apple the same way. And Apple has usually has the largest segment in any given category. They have the most popular high end laptop of a single SKU, most popular high end phone, etc so making an Apple repairshop is a smart decision.

 

Also his opinions are skewed because he pretty much thinks only Apple devices and break while no other devices do. Because in my family, and so many others I know, Apple devices has usually been the most relaibale and long lasting devices (except of course for specific cases, that usually Apple covers free of charge). And it's a sentiment that extends across most consumers and that is why Apple devices are popular. Only an iPhone can usually last greater than 4 years with no issues and latest software.

50 minutes ago, jagdtigger said:

Ask other reapir shops, they are going to tell you the same things. Best example of Apple's (in)competence: backlight 10+V pin directly beside a pin coming from the CPU without any kind of protection on a crammed internal display connector..............

 

/EDIT

Oh, did i mention their genius solution for a chip that run so hot it broke the solder joints? They simply put a piece of rubber on top of the chip to keep it in place.

Can you coroborate on the 'ask other repairshop part'? And besides, I'd rather ask a repairshop that fixes devices from all manufacturers instead of only being exclusive to Apple. There might be a million reasons why Apple placed some connector in such a way. A long as it doesn't casue massive problems for consumers, it isn't relevant

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, RedRound2 said:

Caring more about users == imporving business. The fact that you think their both unrelated, is...honeslty can't think of an appropriate phrase for it.

If you really think that corporations care about their customers more than they want you to believe, then you're delusional.

4 minutes ago, RedRound2 said:

Rossmann has an establish reputation for hate of Apple products and no not all repirman thinks of Apple the same way. And Apple has usually has the largest segment in any given category. They have the most popular high end laptop of a single SKU, most popular high end phone, etc so making an Apple repairshop is a smart decision.

He runs a repair and data recovery store, he just so happens to repair apple products for less than what apple charges their customers, so he gets more business from people who own apple products.

He hates the way they restricts people from repairing the devices they bought, their right to repair.

6 minutes ago, RedRound2 said:

Also his opinions are skewed because he pretty much thinks only Apple devices and break while no other devices do.

We all know that every device you buy will break, we also know that you can buy authorized parts for a lot of devices, but you can't do that for apple devices cause apple doesn't sell parts to 3rd party repair stores.

Here are a few examples of authorized parts from samsung, dell and sony, if something happens to a device that I own and I want to repair it by myself then I can do that when it comes to those companies, but I can't do that with an apple device.

12 minutes ago, RedRound2 said:

Because in my family, and so many others I know, Apple devices has usually been the most relaibale and long lasting devices (except of course for specific cases, that usually Apple covers free of charge). And it's a sentiment that extends across most consumers and that is why Apple devices are popular.

I think you forgot you said this:

Quote

Everyone knows about Rossmann. His hate for Apple and obviously his skewed opinion when he only interacts with few thousands of broken Apple devices among millions of users in his area doesn't make his opinions universal facts. Only an iPhone can usually last greater than 4 years with no issues and latest software.

Your sample size is way smaller than that of Rossmann and yet you say his opinion is skewed and I'm guessing you think yours is solid. Are you fucking serious?

He has years of experience and thousands of devices backing his claims, what do you have?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, mr moose said:

It's not that hard, just like they programed ios to brick when it detects changed screens, the T3 could simply prevent the computer from working in the event it detects non genuine hardware.  

1) Why would they do that anyway? There are counterfeit iPhone screens on the market, but nobody is making counterfeit Intel CPUs, or AMD graphics cards.

2) Why would they need a T3 chip to do what you're describing? They can already do that in other ways such as SecureBoot or at the OS level. What you're describing is a very complex solution to a simple problem.

 

I think you're trying to spread FUD regarding the T2 chip, because you don't like encryption. You've already openly said that you want the government to be able to get access to encrypted information if they so desire, and the T2 prevents that. So I think you are trying to make people scared of the T2 so it might lead to encryption being weakened.

 

 

4 hours ago, mr moose said:

It means they can block Mac OS from starting on specific hardware.  They don't need to pump the entire PCIe bus through the T2 chip to do that.

Yes... and? Apple has a lot of different ways to do it. For example they could do it with SecureBoot too, or do a check in the bootloader for specific serial numbers.

 

 

4 hours ago, mr moose said:

https://appleinsider.com/articles/19/07/29/what-apples-t2-chip-does-in-your-new-macbook-air-or-macbook-pro

That's not a problem with the T2 chip. That's a problem with Apple not providing the Service Toolkit 2 to independant repair shops.

 

 

You want to throw the baby out with the bathwater.

 

 

 

 

3 hours ago, RedRound2 said:

If possible, can your provide a link where you explained it before?

I made a few posts about it in this thread:

 

 

1 hour ago, jagdtigger said:

https://www.theverge.com/2018/11/12/18077166/apple-macbook-air-mac-mini-t2-chip-security-repair-replacement-tool

So in short, yes. It is a HW DRM, period.

No it isn't.

Needing to use the diagnostics tool after replacing components is a byproduct of the cryptographic functions done by the T2.

By your logic, TPM is "hardware DRM" too, which it isn't.

 

 

 

1 hour ago, lewdicrous said:

Two options:

  1. Believe someone who works in a particular field that gives them insight on how something works and how a certain company is trying to stop them from performing cheap repairs.
  2. Someone with brand royalty and thinks that said company cares about them more than they care about their business.

I'll take the former, thank you.

 

You try to undermine his experience just cause he interacts with "few thousands of broken apple devices", but fail to realize that there are a lot of people in the same industry in many different countries who face the same problems he does, he's just one of the most vocal out them.

 

I wonder if you at least watched the video, or maybe you're just worried that someone will tell you you're wrong for 9+ minutes.

The problem is that while Louis Rossmann has years of experience with running an independent repair shop, he has no understanding of cryptography.

If Louis Rossmann got as he wanted, he would probably not even want MacOS to support passwords because "it prevents me as a repair man to login to the machine". he hasn't said that, but that's basically what he wants here. He has for example moaned about how when full disk encryption is enabled, he is unable to read files from the computer. No shit, that's what full disk encryption is for.

Remember, everything that Louis Rossmann can do on a computer, is something a thief could do as well. If Louis can retrieve files from a computer, then so can a thief.

 

Louis is in the computer repair business. He is not in the security business. Not only that, but he has very vested interest in this whole debate. He hates Apple with a passion and is incredibly biased against them. He also wants to make his job easier, and doesn't seem to care if that means removing security from his clients.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Blademaster91 said:

Interesting, T2 is definitely a HW DRM lock then, if it detects you got a screen or trackpad replacement at a shop besides the Apple store, if Apple wanted to they could lock down your whole laptop, the problem is T2 is on by default and most Apple users really don't need that level of security for a facebook machine.

It is VERY important that we do not generalize the T2.

The T2 is not Hardware DRM. At most you could argue that one of the functions of T2 is hardware DRM. The T2 does a lot of different operations, many of which are perfectly valid and very important.

I am getting pretty tired of people putting all the blame on the T2 because it's about as moronic as the people that used to shout that UEFI was the devil and terrible, and we should all stick with BIOS, all because of SecureBoot.

 

The T2 is a fantastic chip and I want all computers to have a similar piece of hardware in them.

 

 

1 hour ago, mr moose said:

It's like debating with flat earther's, the evidence is right their in front of their face and they continue to argue as if you are only out to hurt people.

Well in this case you are actually out to hurt people.

You want to reduce the security of a platform by spreading fear and doubt about a very important security component.

 

I am all for easy repairs too. The difference between you and me is that I put the blame on Apple and some specific practices they have, while you make blanket statements which in the long run are extremely harmful because you are advocating for removing security features which are unrelated to the blockades for independent repair shops. You want to throw the baby out with the bathwater so to speak.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
16 minutes ago, LAwLz said:

1) Why would they do that anyway? There are counterfeit iPhone screens on the market, but nobody is making counterfeit Intel CPUs, or AMD graphics cards.

Yes they are, Wish and ALiExpress are full of fake parts. Reflashed GPU's, re-lidded CPU's, totally fake CPU's, graphics cards that fry mainboards. There are countless fake SSD's and flash memory products out there. If there's money to be made, people will do it.

 

Enlighten me, why does my G5 Power Mac require a custom flashed graphics card? Does it give some magical performance over the reference software? Does it sprout unicorns? Does it use voodoo to double the AGP bandwidth? Or is it to sell an off the shelf card with a heavy markup and leave consumers no choice but to go back to Apple for a replacement or upgrade? Of course, when Apple deemed that machine EOL, they won't bother releasing any newer GPU's for the system even if your usage is GPU bound and the rest of the system is perfectly capable of coping. You need to buy a new machine as you've already invested into the Apple ecosystem. That's what pisses people off, not increased security or whole drive encryption. Let's not mention that the T2 is responsible for audio devices becoming unreliable :/

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, Curious Pineapple said:

Yes they are, Wish and ALiExpress are full of fake parts. Reflashed GPU's, re-lidded CPU's, totally fake CPU's, graphics cards that fry mainboards. There are countless fake SSD's and flash memory products out there. If there's money to be made, people will do it.

Doesn't that just justify Apple's behavior?

 

2 minutes ago, Curious Pineapple said:

Let's not mention that the T2 is responsible for audio devices becoming unreliable

Well you did mention it, and now I am curious. First time I've heard of the T2 making audio devices unreliable. Is it this you're referring to?

https://forums.macrumors.com/threads/do-you-have-any-issues-with-audio-on-the-mac-mini.2153841/

Seems like a bug rather than an intentional function of the T2. We should be mad that the issue hasn't been fixed, but we should not ask for the T2 to be removed. Again, don't throw the baby out with the bathwater.

 

 

12 minutes ago, Curious Pineapple said:

You need to buy a new machine as you've already invested into the Apple ecosystem. That's what pisses people off, not increased security or whole drive encryption.

Well the need to buy a whole new machine is not really related to the T2, is it? That's a design choice from Apple. Almost everything is soldered on so you can barely upgrade anything. The chassis are glued together, etc etc.

Apple has been making it near impossible to upgrade Macs just fine without resorting to using the T2 to lock things down, right?

 

And when it comes to mr moose I actually think he is pissed about increased security.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
11 hours ago, hishnash said:

-snip-

You don't need to build some chip that sits in-between PCIe devices and the CPU drawing tons of power, what would be called in-band. This is not necessary at all to achieve complete hardware and firmware authentication and lockout during or even before boot. Such a thing actually already exists, HPE iLO 5 Silicon Root of Trust. With this HPE has the ability to not only prove that the components in the server are official HPE parts but they are for your system and also do not have altered or compromised firmware. At any point you can with an HPE Gen 10 system with iLO lockout hardware before and during boot as the iLO is active when power is provided to the server and the server will not boot until iLO has initialized.

 

It may be complicated and expensive to do but it's not required to do how you describe and not in-band with a power hungry chip.

 

Quote

Silicon Root of Trust
With HPE Gen10 Servers, HPE offers the first industry-standard servers to include a silicon root of trust built into the hardware. The silicon root of trust provides a series of trusted handshakes from lowest level firmware to BIOS and software to ensure a known good state. 

 

Quote

Integrated Lights-Out
HPE Gen10 Servers are offered with HPE Integrated Lights-Out 5 (iLO5). The HPE iLO subsystem, a standard component of HPE ProLiant Servers, simplifies server setup, health monitoring, power and thermal optimization, and remote server administration. With an intelligent microprocessor, secure memory, and dedicated network interface, iLO offers varying degrees of encryption and security.
 

The iLO5 chipset provides an unprecedented level of hardware security with its silicon root of trust. The silicon root of trust:
- Is based in the silicon chip hardware itself
- Is virtually impossible to alter
- Enables firmware to be authenticated as far back as the supply chain
- Provides a secure startup process

https://community.hpe.com/t5/Alliances/Protect-from-attacks-with-HPE-Gen10-s-Silicon-Root-of-Trust/ba-p/6993347#.XgCuTUczbuo

 

More info: https://support.hpe.com/hpsc/doc/public/display?docId=a00018320en_us

 

Silicon Root of Trust was originally designed to address supply chain security issues as well as malicious devices put in to the servers, but that is still around supply chain, however the capabilities of the iLO 5 platform is quite advanced and would enable as wider options as you could think of for hardware validation as well as restriction and blocking. Basically the capability exists so it's more a question of if XYZ company would implement such a thing (not cheap) and what they would choose to do with those capabilities. 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, LAwLz said:

Doesn't that just justify Apple's behavior?

Not really, if you buy a 20 grand machine, you're probably not one to be buying too good to be true bargain components from China.

 

4 minutes ago, LAwLz said:

Well you did mention it, and now I am curious. First time I've heard of the T2 making audio devices unreliable. Is it this you're referring to?

https://forums.macrumors.com/threads/do-you-have-any-issues-with-audio-on-the-mac-mini.2153841/

Seems like a bug rather than an intentional function of the T2. We should be mad that the issue hasn't been fixed, but we should not ask for the T2 to be removed. Again, don't throw the baby out with the bathwater.

If you start running busses through another component it can introduce latency and timing issues, like it has with the USB audio devices. Not an issue for bulk transfer but where timing is critical, like audio or programming/flashing microcontrollers or flash chips, you can get corruption. For a microcontroller that just means a bad checksum and you try again, if you're repairing automotive control units for example, it may restart on upload and cause a failure.

 

6 minutes ago, LAwLz said:

Well the need to buy a whole new machine is not really related to the T2, is it? That's a design choice from Apple. Almost everything is soldered on so you can barely upgrade anything. The chassis are glued together, etc etc.

Apple has been making it near impossible to upgrade Macs just fine without resorting to using the T2 to lock things down, right?

Except it is possible to reflash GPU's with Apple's firmware. It is possible to replace BGA components, you can do it with reletively inexpensive equipment.

 

The concern is not what happens now, but how long is it before even removable parts are tied to the machine? Microsoft did it with the Xbox 360, the optical drives were tied to the board to prevent swapping out and playing copies of games. Not really an issue in a games console and a repair service was offered rather than just selling the customer a new machine.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
34 minutes ago, LAwLz said:

The problem is that while Louis Rossmann has years of experience with running an independent repair shop, he has no understanding of cryptography.

If Louis Rossmann got as he wanted, he would probably not even want MacOS to support passwords because "it prevents me as a repair man to login to the machine". he hasn't said that, but that's basically what he wants here. He has for example moaned about how when full disk encryption is enabled, he is unable to read files from the computer. No shit, that's what full disk encryption is for.

You cannot equate what apple puts in place to what apple customers put in place; Rossmann can easily call his customers if he ever needed a password that they didn't provide, he cannot, however, call apple to get something that they're not providing.

Also, my response was to RedRound's post (shown below), showing them that apple blocked certain repairs.

Quote

When did iOS devices start to brick after a screen replacement? Stop making up bullshit to push your own narrative onto people who don't follow Apple or tech as much. They show a fucking warning. And given the rampant amount of fake screens on the market, that provides you significantly worse display quality, Apple is doing a favour for unassuming users that what they have is a fake screen. If the user does not care, he/she can ignore it and that would be the end of it. Same goes for the battery

 

41 minutes ago, LAwLz said:

Louis is in the computer repair business. He is not in the security business. Not only that, but he has very vested interest in this whole debate. He hates Apple with a passion and is incredibly biased against them. He also wants to make his job easier, and doesn't seem to care if that means removing security from his clients.

Rossmann has a vested interest in the right to repair, not just apple, they just happen to make it more and more difficult for their customers to get their devices repaired in whatever store they want. If apple really wants people to get genuine parts for repair, then they will provide those parts to their customers instead of blocking 3rd part stores, like what Rossmann runs. As I've said in a previous post (below), other companies offer genuine parts for people to buy, if apple really cared about their customers, then they would do the same. Instead, they charge you a sizeable amount of money for a repair that you can get for way cheaper from people like Rossmann.

Quote

We all know that every device you buy will break, we also know that you can buy authorized parts for a lot of devices, but you can't do that for apple devices cause apple doesn't sell parts to 3rd party repair stores.

Here are a few examples of authorized parts from samsung, dell and sony, if something happens to a device that I own and I want to repair it by myself then I can do that when it comes to those companies, but I can't do that with an apple device.

If apple really cares about what their customers get, then they're gonna provide the tools necessary for someone to repair a device without the customers having to pay a lot of money or hiding the parts behind a lot of hurdles so it becomes difficult/impossible for 3rd party stores to get them, maybe then apple won't have to sue people for fixing iPhones using parts that apple won't even give them.

If apple provided a means for 3rd party repair stores to buy genuine parts then shit like this will not have happened.

Spoiler

https://tidbits.com/2019/06/10/apple-continues-to-harass-tiny-norwegian-repair-shop/

https://www.vice.com/en_us/article/a3yadk/apple-sued-an-independent-iphone-repair-shop-owner-and-lost

https://www.vice.com/en_us/article/9kxzpy/apple-is-still-trying-to-sue-the-owner-of-an-independent-iphone-repair-shop-louis-rossmann-henrik-huseby

https://www.vice.com/en_us/article/a3ppvj/dhs-seized-aftermarket-apple-laptop-batteries-from-independent-repair-expert-louis-rossman

https://appleinsider.com/articles/18/10/19/apple-repair-policy-critic-vows-to-fight-counterfeit-battery-seizure-by-us-customs

 

 

Unjustified hate towards a company is one thing, but hating a company cause they do everything they can to stop you from doing your job and stop their customers from choosing the stores that they want is another. The latter is pretty justified if you ask me.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
1 hour ago, LAwLz said:

It is VERY important that we do not generalize the T2.

The T2 is not Hardware DRM. At most you could argue that one of the functions of T2 is hardware DRM. The T2 does a lot of different operations, many of which are perfectly valid and very important.

I am getting pretty tired of people putting all the blame on the T2 because it's about as moronic as the people that used to shout that UEFI was the devil and terrible, and we should all stick with BIOS, all because of SecureBoot.

 

The T2 is a fantastic chip and I want all computers to have a similar piece of hardware in them.

If you cannot BGA solder in a new a SSD or RAM chip, then it is essentially hardware DRM preventing from any repair, and it is T2 and Apple to blame for it because Apple refuses to let reputable independent repair business with thousands of repairs such as Louis Rossmann be allowed to use the security software. Heck, Apple won't allow independent shops to buy battery charging controller chips which only leaves the user to pay more at an Apple store.

I want to be able to actually repair or get my computer repaired, a T2 chip would only make sense for an enterprise level environment where security is the highest priority and having to throw away a laptop if anything fails on it wouldn't matter.

Edit: Added video for reference, Rossman can't fix a Macbook that has has a broken charging chip, because Apple made a deal with the chip maker to refuse anyone but Apple access to buy the part, and Rossmann can't recover the data for the customer because the laptop has no recovery connector, and the T2 locks the SSD down the laptop.

 

Edited by Blademaster91
Link to comment
Share on other sites
Link to post
Share on other sites
Posted
16 hours ago, hishnash said:

But they can put those restrictions in place without the T2, as I explained you don't need to T2 chip to put those restrictions in place, if they are just interested in money they would do it in the kernel much cheaper to do it there than in the T2.

 

The T2 can have protected enclaves. I'm not sure standard bios chips have this.

Link to comment
Share on other sites
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing Tech News

×