> Apple should be lauded for trying to bring their laptop and desktop lines into the same defensive posture as their mobile offerings.
I think this can't be stated enough. The fact of the matter is that pre T2, evil maid attacks were ridiculously easy. Now they're at least as secure as iOS -- which also means that shared vulnerabilities can be patched and detected. By no means is it perfect security, but it's a heck of a lot better than "stick boot disk in and gain keys to the kingdom."
For so long we've gone by the mantra that physical access means you have root. Now we're a step ahead of that -- which is great for data privacy.
...and absolutely horrible for freedom. It used to be the case, and still widely accepted for a lot of other products, that physical ownership actually meant something beyond just being a consumer. Now companies are turning the security against users, lest they also be attackers. From the point of view of the DRM-advocating media corporations, the user is an attacker. Locking down the platform to allow only "trusted" (not by you, but by them!) code only benefits when their goals align with yours; you may agree with them on not wanting things like ransomware, but not on things like them not allowing you to share a file between two apps or even run code you wrote yourself.
It's scarier than any security attack to see what used to be an open and free platform turned into a walled garden of corporate control and obedience.
> I think this can't be stated enough. The fact of the matter is that pre T2, evil maid attacks were ridiculously easy.
Factually and objectively wrong.
This does nothing for end-user security which wasn’t already solved by UEFI Secure boot half a decade ago.
The only difference here is that Apple now insist on owning all the keys, taking away any aspect of end-user freedom which may have been present in the UEFI spec.
This is all bad, all regression for the PC-platform and Apple should definitely not be applauded.
> For so long we've gone by the mantra that physical access means you have root.
This hasn't been the case for a long time. Chromebooks shipped with "verified boot" since the first consumer hardware in 2011. Windows machines have been shipping with UEFI secure boot, which Apple uses the T2 chip to implement, for the past 6 years.
I'm also super excited that the entertainment industry has caught up as well. Before it was ridiculously easy to inject ads and objectionable content into my video streams but thanks to HDCP I never have to worry about that again. It's so much more secure!
> We believe the T2 platform is a leap forward in platform security in the Apple ecosystem, and it begins to bring exciting security properties like Secure Boot capabilities to the mass market.
So the vast PC-market with UEFI secure boot which predates this by 6 year was somehow not the “mass market”, but the relatively tiny MacBook market is?
With factual errors like this present already in the introduction, it’s hard to take anything which follows it seriously.
You are missing the bigger picture in your attempt to immediately discard the original articles premise because you feel like it comes off as fanboy-fluff.
No other device on the market currently provides a secondary processor that runs full validation of the UEFI firmware before allowing the processor to start booting.
It's not just secure boot, which has been around for a while, it's everything around it.
On almost all other devices you could write new data to a flash chip and that now becomes the UEFI boot loader that is used (and can bypass secure boot). There is no verification of the UEFI boatloader that is possible because it's sitting in NVRAM or Flash... and you can't trust it to self-verify because it may have been tampered with.
Serious question - how well does UEFI secure boot protect against an attacker with a high degree of physical access to the machine? Online docs focus mostly on the software/firmware security but less on the hardware side. Is hardware security specified, or left up to individual vendors?
The article reinforces my disappointment in Apple. First they use an Apple variant of Intel EFI 1.10 forever, even well passed the time UEFI incorporated Secure Boot. Instead of writing up a critique and proposal to fix any problems/limitations with UEFI Secure Boot, Apple has to go do a damned proprietary thing. Again.
Also, the latest Macs do not contain the Microsoft UEFI signing key, only the Microsoft Windows and Applel signing keys. So the only way to boot Linux is to disable Secure Boot, leaving people less secure.
> Does this have any bearing on running linux on macbooks
Unlike on PCs, on T2 Macs Linux will only be bootable with Secure boot disabled making the system much less secure.
To make matters worse, the T2 chip administers access to the built in SSD, so it will be completely inaccessible for Linux to use for anything.
When Apple stops supporting this machine, you won’t be able to keep it chugging by loading another OS.
I could say Apple is trying to terminate the only remaining computing platform which respects end-user freedom and ownership, but I’m not sure if it would be a joke or not...
The T2 does so much, essentially running an OS comparable to iOS. The author even suggests it might allow apps.
It doesn't seem like it's a gain in security. Instead of attacking the "main system", you can just attack the T2; it's similar in complexity, meaning it will have similar vulnerabilities.
Shank|7 years ago
I think this can't be stated enough. The fact of the matter is that pre T2, evil maid attacks were ridiculously easy. Now they're at least as secure as iOS -- which also means that shared vulnerabilities can be patched and detected. By no means is it perfect security, but it's a heck of a lot better than "stick boot disk in and gain keys to the kingdom."
For so long we've gone by the mantra that physical access means you have root. Now we're a step ahead of that -- which is great for data privacy.
userbinator|7 years ago
...and absolutely horrible for freedom. It used to be the case, and still widely accepted for a lot of other products, that physical ownership actually meant something beyond just being a consumer. Now companies are turning the security against users, lest they also be attackers. From the point of view of the DRM-advocating media corporations, the user is an attacker. Locking down the platform to allow only "trusted" (not by you, but by them!) code only benefits when their goals align with yours; you may agree with them on not wanting things like ransomware, but not on things like them not allowing you to share a file between two apps or even run code you wrote yourself.
It's scarier than any security attack to see what used to be an open and free platform turned into a walled garden of corporate control and obedience.
(Insert famous Benjamin Franklin quote.)
josteink|7 years ago
Factually and objectively wrong.
This does nothing for end-user security which wasn’t already solved by UEFI Secure boot half a decade ago.
The only difference here is that Apple now insist on owning all the keys, taking away any aspect of end-user freedom which may have been present in the UEFI spec.
This is all bad, all regression for the PC-platform and Apple should definitely not be applauded.
lern_too_spel|7 years ago
This hasn't been the case for a long time. Chromebooks shipped with "verified boot" since the first consumer hardware in 2011. Windows machines have been shipping with UEFI secure boot, which Apple uses the T2 chip to implement, for the past 6 years.
admax88q|7 years ago
vbezhenar|7 years ago
sys_64738|7 years ago
josteink|7 years ago
So the vast PC-market with UEFI secure boot which predates this by 6 year was somehow not the “mass market”, but the relatively tiny MacBook market is?
With factual errors like this present already in the introduction, it’s hard to take anything which follows it seriously.
This just comes off like fanboy-fluff.
X-Istence|7 years ago
No other device on the market currently provides a secondary processor that runs full validation of the UEFI firmware before allowing the processor to start booting.
It's not just secure boot, which has been around for a while, it's everything around it.
On almost all other devices you could write new data to a flash chip and that now becomes the UEFI boot loader that is used (and can bypass secure boot). There is no verification of the UEFI boatloader that is possible because it's sitting in NVRAM or Flash... and you can't trust it to self-verify because it may have been tampered with.
nneonneo|7 years ago
cmurf|7 years ago
Also, the latest Macs do not contain the Microsoft UEFI signing key, only the Microsoft Windows and Applel signing keys. So the only way to boot Linux is to disable Secure Boot, leaving people less secure.
sudo-i|7 years ago
josteink|7 years ago
Unlike on PCs, on T2 Macs Linux will only be bootable with Secure boot disabled making the system much less secure.
To make matters worse, the T2 chip administers access to the built in SSD, so it will be completely inaccessible for Linux to use for anything.
When Apple stops supporting this machine, you won’t be able to keep it chugging by loading another OS.
I could say Apple is trying to terminate the only remaining computing platform which respects end-user freedom and ownership, but I’m not sure if it would be a joke or not...
monocasa|7 years ago
So it doesn't stop you in a way a game console might, but you lose some features of the hardware by doing so.
akvadrako|7 years ago
It doesn't seem like it's a gain in security. Instead of attacking the "main system", you can just attack the T2; it's similar in complexity, meaning it will have similar vulnerabilities.
IMcD23|7 years ago