Apple's Secret Operating System and why you can't upgrade your SSD

Did you know your Mac runs multiple OSes at once?

sepOS is a stripped-down, lightweight operating system that provides a secure execution environment for sensitive operations such as generating and storing encryption keys, biometric data (such as Touch ID), and other sensitive data. The Secure enclave is isolated from the rest of the system, so it can only be accessed through a limited set of interfaces provided by Apple's APIs.

It's been around since the T2 Macs when Apple moved from removable storage to bolted down dumb NANDs with a integrated storage controller. I didn't want to bog down this video with T2 talk but most everything discussed applies to any Macs using the T2 chipset as it's Apple's SOC that was used to to handle additional functionality like the touchbar. The T2 was an SOC buried into Intel Macs as a way to extend functionality and appeared in the MacBook Pros. Since the transition to Apple Silicon, every Mac shipped has the secure enclave and we're over two years into the transition, I elected to mostly not muddy the video with the T2.

Written version:
http://blog.greggant.com/posts/2023/04/14/the-security-enclave-demystified.html

--------------------------------------------------------

Correction:
There's one isolated report that a Chinese Engineer was able upgrade the M1's storage, requiring computer surgery. There's zero confirmation that it's legit or repeatable. It doesn't outline the process either. I cannot find any follow ups if this has caused long term issues or is feasible on any other models. If anyone has better information than this, please let me know.

https://www.macworld.com/article/342646/its-possible-to-upgrade-your-m1-mac-but-you-probably-wont-want-to.html

https://www.tomsguide.com/news/m1-mac-upgrades-heres-how-you-can-add-more-ram-or-swap-out-an-ssd

https://www.macrumors.com/2021/04/06/m1-mac-ram-and-ssd-upgrades-possible/

--------------------------------------------------------
Video Sources:

Apple's Secure Enclave
https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web

Explaining the Mac Studio’s removable SSDs, and why you can’t simply swap them out
https://arstechnica.com/gadgets/2022/03/explaining-the-mac-studios-removable-ssds-and-why-you-cant-just-swap-them-out/

Mac Studio Teardown: No Upgradable Storage … Yet
https://www.ifixit.com/News/57898/mac-studio-teardown

More sources:
https://www.notebookcheck.net/Mac-Studio-SSD-does-not-work-on-NVMe-top-level-ARM64-SSD-controller-in-M1-Ultra-makes-it-nearly-impossible-to-swap-out-or-add-raw-storage-modules.609363.0.html

https://support.apple.com/en-us/HT208862

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/protecting_keys_with_the_secure_enclave

https://support.apple.com/guide/certifications/secure-enclave-processor-security-apc3a7433eb89/web

https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf