The Secure Enclave on the T2 chip was used to store secrets that were supposed t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

akvadrako on Sept 30, 2020 | parent | context | favorite | on: Apple’s T2 security chip jailbreak

The Secure Enclave on the T2 chip was used to store secrets that were supposed to stay inaccessible, even to someone with physical access.

If you use a strong password to encrypt your drive you should still be safe, unless Apple did something really stupid. The password is used as a one-way hash to generate the key.

However if you can login with Touch ID and they find a way to use known SE exploits, it's compromised. Your fingerprint isn't a secret that gets hashed – instead it's verified by the SE which also holds the secret key for the drive.

jonny_eh on Sept 30, 2020 [–]

Isn't a password always required to decrypt on a cold boot?

RussianCow on Sept 30, 2020 | [–]

Yes, but that doesn't help you if someone steals your MacBook when it's asleep.

easton on Sept 30, 2020 | | [–]

Someone would have to DFU your laptop before hand and jailbreak the chip, since booting into DFU requires shutting the system down.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact