Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How do you know the root enclave key isn't retained somewhere before it is written? You're still trusting Apple.

Key extraction is difficult but not impossible.



According to Apple,

"A randomly generated UID is fused into the SoC at manufacturing time. Starting with A9 SoCs, the UID is generated by the Secure Enclave TRNG during manufacturing and written to the fuses using a software process that runs entirely in the Secure Enclave. This process protects the UID from being visible outside the device during manufacturing and therefore isn’t available for access or storage by Apple or any of its suppliers."[1]

But yes of course, you have to trust the manufacturer is not lying to you. PCC is about building on top of that fundamental trust to guard against a whole variety of other attacks.

[1] https://support.apple.com/guide/security/secure-enclave-sec5...


> Key extraction is difficult but not impossible.

Refer to the never-ending clown show that is Intels SGX enclave for examples of this.

https://en.wikipedia.org/wiki/Software_Guard_Extensions#List...


Can you clarify what you mean by retained and written?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: