An exclave isn’t hardware, it’s an isolated piece of software that deals with a certain sensitive operation that you don’t want the kernel to have access to. So if you exploit it, then yes you have access to something that the kernel doesn’t–but that’s the point, because the goal is if you exploit the kernel you shouldn’t get access to that.
If it’s all in software but the kernel has lower privileges, I’m curious how they’ll be able to update it? And if there is an API to update via the kernel, what’s stopping a push via a malicious source pretending to be Apple?
I don't think it is accurate to say that the kernel has lower privileges. It's just something the kernel isn't allowed to do, while the exclave has a list of things it isn't allowed to do. Also exclaves are shipped with normal software updates (verified by the boot chain, not the kernel).
Less than entirely confident stab (someone please correct if I get this wrong):
- Exclave exposes a small set of functions that kernel may call for sensitive operations
- One of those is “update exclave”. The input to this is a blob signed with Apple’s private key.
- Exclave verifies signature, so a compromised kernel and push a malicious update
How the exclave gets Apple’s public key is a little opaque to me. One way would be to have the exclave have its own (per device or per global version) private key, but client side private keys are very high risk.
Alternatively, perhaps some elaborate set of baked-in public keys for Apple and a way to validate a CRL?
I would think the Secure Enclave would handle such things.
That said I’m not sure what you or GP mean by “update exclave”. It’s just part of the kernel binary loaded up at system start. Wouldn’t it be updated the same way the rest of the kernel is, probably requiring a restart?
No, because that way a rogue kernel could overwrite the exclave itself and the next reboot would be insecure. You can’t trust a low-trust environment to update a high-trust environment.
I'm a little confused reading the article on how exclaves are related to the Mach kernel. Is there a second, parallel seL4 kernel running on the same chip? If so, how do two kernels execute at the same time?
> To allow for execution of exclave Services while isolated from XNU, Apple has introduced a new kernel called the Secure Kernel (SK).
Or do exclaves run on a separate chip, like Secure Enclaves-with-a-N do? (The article said not to confuse the two.)
