The security coprocessor was introduced alongside the iPhone 5s and Touch ID. It performs secure services for the rest of the SOC and prevents the main processor from getting direct access to sensitive data. It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications.
The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption
Today, xerub announced the decryption key 'is fully grown'. You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process.
Decryption of the SEP Firmware will make it easier for hackers and security researchers to comb through the SEP for vulnerabilities.
Source: iClarified
Also at ThreatPost which notes that this does not mean it is open season on SEP:
Yesterday’s news set off another flurry of angst as to the ongoing security of iOS and what would happen now that the firmware had been unlocked.
“I wouldn’t say there is any immediate threat to users at this point,” Azimuth Security’s Mandt said. “Although the key disclosure allows anyone to analyze the software that is running on the SEP processor, it still requires an attacker to find and exploit a vulnerability in order to compromise SEP.”
Related Stories
Apple argues stronger encryption will thwart criminals in letter to Australian government
Apple has long been a proponent for strong on-device encryption, most notably for its iPhones and the iOS operating system. This has often frustrated law enforcement agencies both in the US and overseas, many of which claim the company's encryption tools and policies are letting criminals avoid capture by masking communications and securing data from the hands of investigators.
Now, in a letter to the Australian government, Apple says it thinks encryption is in fact a benefit and public good that will only strength our protections against cyberattacks and terrorism. In Apple's eyes, encryption makes everyone's devices harder to hack and less vulnerable to take-overs, viruses, and other malicious attacks that could undermine personal and corporate security, as well as public infrastructure and services. Apple is specifically responding to the Australian Parliament's Assistance and Access Bill, which was introduced late last month and is designed to help the government more easily access the devices and data of criminals during active investigations.
Letter here (#53), or at Scribd and DocumentCloud.
Also at Ars Technica, Engadget, 9to5Mac, and AppleInsider.
Police told to avoid looking at recent iPhones to avoid lockouts
Police have yet to completely wrap their heads around modern iPhones like the X and XS, and that's clearer than ever thanks to a leak. Motherboard has obtained a presentation slide from forensics company Elcomsoft telling law enforcement to avoid looking at iPhones with Face ID. If they gaze at it too many times (five), the company said, they risk being locked out much like Apple's Craig Federighi was during the iPhone X launch event. They'd then have to enter a passcode that they likely can't obtain under the US Constitution's Fifth Amendment, which protects suspects from having to provide self-incriminating testimony.
Also at 9to5Mac.
Related:
California Lawmaker Tries Hand at Banning Encryption
New York Judge Sides with Apple Rather than FBI in Dispute over a Locked iPhone
FBI Chief Calls for National Talk Over Encryption vs. Safety
Hacker Decrypts Apple's Secure Enclave Processor (SEP) Firmware
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
Law Enforcement Agencies Increasingly Cracking iPhones Using "GrayKey"
Australian Government Pursues "Golden Key" for Encryption
When's A Backdoor Not A Backdoor? When The Oz Government Says It Isn't
Five Eyes Governments Get Even Tougher on Encryption
FBI Used Cooperative Suspect's Face to Unlock His iPhone
(Score: 1, Informative) by Anonymous Coward on Friday August 18 2017, @07:59PM
it still requires an attacker to find and exploit a vulnerability in order to compromise SEP
Yeah and no one uses ida pro.
(Score: 0) by Anonymous Coward on Friday August 18 2017, @08:04PM
Keys want to be Free !
Shove your fat worm in my juicy apple !
(Score: 0) by Anonymous Coward on Friday August 18 2017, @08:13PM (8 children)
So, what do any of the people who said I was crazy for suggesting this was possible, back when Apple vs. FBI was the big media distraction from Things That Actually Matter, have to say now?
I will repeat again! The device has to boot somehow!
(Score: 0) by Anonymous Coward on Friday August 18 2017, @08:30PM (7 children)
Those people are simply fools who believe whatever a whitepaper / corporation says. I had a friend who said similar things, and when I really really pushed it finally broke him down and he admitted what was really up.
"I just can't believe we are so fucked, if the major corps are putting in backdoors for the gov then we're so fucked" with a little bit of suicidal overtones, like if the world is really this fucked then they don't wanna live in it. I think this is a growing concern, many people in the US are finally being confronted with how fucked up our system is and it is SO MUCH WORSE than anyone thought. Queue massive depression and suicidal thoughts by a large segment of the population. I no longer push him to be more cynical, it will quickly drive him over the edge.
I recall a presentation from a major tech personality who shared a leaked photo about the NSA bragging about how easily they could compromise SSL with no one being the wiser. We are so fucked, the only way out of this mess is massive rebuilding of intelligence agency leadership with a focus on actual defense. Government transparency, dismantle domestic surveillance, etc. Decentralized technologies that disrupt these surveillance activities, keep power with the people instead of centralized servers that are easily compromised.
(Score: 2) by takyon on Friday August 18 2017, @08:46PM
Fat chance.
This is better. Don't count on someone to swoop in and magically roll back government surveillance. Instead, treat all communications as if they are sensitive, could land you in prison, and are constantly under attack by the government.
If anyone has a better resource than this [reddit.com] for decentralization stuff, I'd like to see it. But I get the impression that all efforts to decentralize on the hardware side are pretty small-scale.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Friday August 18 2017, @08:57PM
In 2003 I read of a classified chip that could perform thousands of decryptions simultaneously.
Now imagine a Beowulf cluster of them
(Score: 2) by Arik on Friday August 18 2017, @09:20PM (3 children)
That's what we should have been building back in the 80s but no one would listen to me. Now? I try not to be cynical but I think it may be too late. At this point, even if the software and the network were sane constructs, what hardware would we run them on? Cellphones? Any PC hardware still being made? All defective from the factory. You can't patch that.
Maybe if we all started insisting on sane hardware and refusing to buy anything else, manufacturers would chase our dollars and the prices would start to come down on things that are primitive enough to trust. But people are so eager to spend their money on distractions, this is what we have instead.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Friday August 18 2017, @09:47PM (2 children)
I guess the hardware could be a problem if they are built to insert subtle errors into general math processing, but I imagine that would lead to tons of errors. I think the hardware level stuff is for more targeted attacks and wouldn't be overly helpful against decentralized and encrypted communications. The only viable solution is to flood the net with encrypted data making surveillance much more difficult. They would only be able to store the data of targeted individuals instead of sifting through everything and storing the interesting bits. To get the interesting bits they would need to decrypt all traffic, and unless they have real-time decryption then the system would quickly collapse.
Law enforcement should target suspected individuals only, dragnets are wrong on just about every level.
(Score: 2) by Arik on Friday August 18 2017, @10:41PM
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Saturday August 19 2017, @09:25PM
you're nowhere near radical enough. please pull your head out of your state apologist ass. thank you, humanity.
(Score: 0) by Anonymous Coward on Saturday August 19 2017, @08:54PM
Well, yes, that's certainly true. This is why it's more important than ever to seek out libre technologies. We need more than merely libre software. We have to be able to trust the hardware that runs our code as well. If we don't own the hardware, it doesn't matter whether or not we own the code.
However, I still maintain that the device has to boot somehow, from purely a hacker's perspective.
(Score: 3, Interesting) by jmorris on Saturday August 19 2017, @04:03AM (2 children)
Assuming there are no explotable bugs in the wire protocol identified by examining the binaries this may or may not be a big problem. Good crypto can be fully open source and it isn't compromised, in fact the many eyes generally make it better long term. Of course since Apple developed it in secret in a typical corporate environment it is probably a roach motel.
The bigger question is whether this key was the only protection against flashing new firmware into the SEP? If so it is going to be game over.
(Score: 2) by kaszz on Saturday August 19 2017, @08:29AM (1 child)
Personally, I'm quite curious if the firmware contains any mandated backdoor. Or any such facility at all.
Oh and if the SEP can be reprogrammed with a key then iPhones can be installed with whatever OS anybody wants.. *thumbs up*
(Score: 0) by Anonymous Coward on Saturday August 19 2017, @01:18PM
*thumbs up*
Cue ennui related to the fact that there's nothing worth installing.