Did you know your Mac runs multiple OSes at once?
sepOS is a stripped-down, lightweight operating system that provides a secure execution environment for sensitive operations such as generating and storing encryption keys, biometric data (such as Touch ID), and other sensitive data. The Secure enclave is isolated from the rest of the system, so it can only be accessed through a limited set of interfaces provided by Apple's APIs.
It's been around since the T2 Macs when Apple moved from removable storage to bolted down dumb NANDs with a integrated storage controller. I didn't want to bog down this video with T2 talk but most everything discussed applies to any Macs using the T2 chipset as it's Apple's SOC that was used to to handle additional functionality like the touchbar. The T2 was an SOC buried into Intel Macs as a way to extend functionality and appeared in the MacBook Pros. Since the transition to Apple Silicon, every Mac shipped has the secure enclave and we're over two years into the transition, I elected to mostly not muddy the video with the T2.
Written version:
http://blog.greggant.com/posts/2023/04/14/the-security-enclave-demystified.html
--------------------------------------------------------
Correction:
There's one isolated report that a Chinese Engineer was able upgrade the M1's storage, requiring computer surgery. There's zero confirmation that it's legit or repeatable. It doesn't outline the process either. I cannot find any follow ups if this has caused long term issues or is feasible on any other models. If anyone has better information than this, please let me know.
https://www.macworld.com/article/342646/its-possible-to-upgrade-your-m1-mac-but-you-probably-wont-want-to.html
https://www.tomsguide.com/news/m1-mac-upgrades-heres-how-you-can-add-more-ram-or-swap-out-an-ssd
https://www.macrumors.com/2021/04/06/m1-mac-ram-and-ssd-upgrades-possible/
--------------------------------------------------------
Video Sources:
Apple's Secure Enclave
https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web
Explaining the Mac Studio’s removable SSDs, and why you can’t simply swap them out
https://arstechnica.com/gadgets/2022/03/explaining-the-mac-studios-removable-ssds-and-why-you-cant-just-swap-them-out/
Mac Studio Teardown: No Upgradable Storage … Yet
https://www.ifixit.com/News/57898/mac-studio-teardown
More sources:
https://www.notebookcheck.net/Mac-Studio-SSD-does-not-work-on-NVMe-top-level-ARM64-SSD-controller-in-M1-Ultra-makes-it-nearly-impossible-to-swap-out-or-add-raw-storage-modules.609363.0.html
https://support.apple.com/en-us/HT208862
https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/protecting_keys_with_the_secure_enclave
https://support.apple.com/guide/certifications/secure-enclave-processor-security-apc3a7433eb89/web
https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf
sepOS is a stripped-down, lightweight operating system that provides a secure execution environment for sensitive operations such as generating and storing encryption keys, biometric data (such as Touch ID), and other sensitive data. The Secure enclave is isolated from the rest of the system, so it can only be accessed through a limited set of interfaces provided by Apple's APIs.
It's been around since the T2 Macs when Apple moved from removable storage to bolted down dumb NANDs with a integrated storage controller. I didn't want to bog down this video with T2 talk but most everything discussed applies to any Macs using the T2 chipset as it's Apple's SOC that was used to to handle additional functionality like the touchbar. The T2 was an SOC buried into Intel Macs as a way to extend functionality and appeared in the MacBook Pros. Since the transition to Apple Silicon, every Mac shipped has the secure enclave and we're over two years into the transition, I elected to mostly not muddy the video with the T2.
Written version:
http://blog.greggant.com/posts/2023/04/14/the-security-enclave-demystified.html
--------------------------------------------------------
Correction:
There's one isolated report that a Chinese Engineer was able upgrade the M1's storage, requiring computer surgery. There's zero confirmation that it's legit or repeatable. It doesn't outline the process either. I cannot find any follow ups if this has caused long term issues or is feasible on any other models. If anyone has better information than this, please let me know.
https://www.macworld.com/article/342646/its-possible-to-upgrade-your-m1-mac-but-you-probably-wont-want-to.html
https://www.tomsguide.com/news/m1-mac-upgrades-heres-how-you-can-add-more-ram-or-swap-out-an-ssd
https://www.macrumors.com/2021/04/06/m1-mac-ram-and-ssd-upgrades-possible/
--------------------------------------------------------
Video Sources:
Apple's Secure Enclave
https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web
Explaining the Mac Studio’s removable SSDs, and why you can’t simply swap them out
https://arstechnica.com/gadgets/2022/03/explaining-the-mac-studios-removable-ssds-and-why-you-cant-just-swap-them-out/
Mac Studio Teardown: No Upgradable Storage … Yet
https://www.ifixit.com/News/57898/mac-studio-teardown
More sources:
https://www.notebookcheck.net/Mac-Studio-SSD-does-not-work-on-NVMe-top-level-ARM64-SSD-controller-in-M1-Ultra-makes-it-nearly-impossible-to-swap-out-or-add-raw-storage-modules.609363.0.html
https://support.apple.com/en-us/HT208862
https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/protecting_keys_with_the_secure_enclave
https://support.apple.com/guide/certifications/secure-enclave-processor-security-apc3a7433eb89/web
https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf
- Категория
- iMac
Комментарии выключены