Difference between revisions of "Secure Enclave"

From The iPhone Wiki
Jump to: navigation, search
(SEP is used for more than just Touch ID)
(9 intermediate revisions by 5 users not shown)
Line 1: Line 1:
The '''Secure Enclave''' is part of the [[A7]] chip and a basic part of Apples [[Touch ID]] fingerprint technology. Within the Secure Enclave the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of A7 Chip and as well as the rest of iOS. The secure enclave itself is a flashable 4MB processor called the secure enclave processor (SEP) as documented in [http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838 Apple Patent Application 20130308838]. The technology used is basically [http://www.arm.com/products/processors/technologies/trustzone/index.php ARM's TrustZone/SecurCore].
+
The '''Secure Enclave''' is part of the [[A7]] and newer chips used for data protection, [[Touch ID]], and [[Face ID]]. The purpose of the Secure Enclave is to handle keys and other info such as biometrics that is sensitive enough to not be handled by the [[Application Processor|AP]]. It is isolated with a hardware filter so the AP cannot access it. It shares RAM with the AP, but it's portion of the RAM (known as TZ0) is encrypted. The secure enclave itself is a flashable 4MB AKF processor core called the secure enclave processor (SEP) as documented in [http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838 Apple Patent Application 20130308838]. The technology used is similar to [http://www.arm.com/products/processors/technologies/trustzone/index.php ARM's TrustZone/SecurCore] but contains proprietary code for Apple KF cores in general and SEP specifically. It is also responsible for generating the UID key on A9 or newer chips that protects user data at rest.
   
 
The SEP is located in the devicetree under IODeviceTree:/arm-io/sep and manged by the AppleSEPManager driver as seen [http://winocm.com/images/ioregdump.txt here]
 
The SEP is located in the devicetree under IODeviceTree:/arm-io/sep and manged by the AppleSEPManager driver as seen [http://winocm.com/images/ioregdump.txt here]
Line 6: Line 6:
   
 
The SEP has its own OS called SEP OS and there exists a tool called [[seputil]] which is used to communicate with it.
 
The SEP has its own OS called SEP OS and there exists a tool called [[seputil]] which is used to communicate with it.
 
==Examples==
 
<pre>
 
./seputil --pingflood
 
SEP ping #1000
 
SEP ping #2000
 
SEP ping #3000
 
SEP ping #4000
 
 
./seputil --load sep-firmware.img4
 
seputil: load fw returned 0xe00002d5
 
seputil: load failed
 
 
./seputil --new-nonce
 
Nonce (20 bytes): 0x67fc18385630dc6429726677d196c81466f47b5e
 
 
./seputil --art get
 
raw ART: 305e0201003037020218340414519c0248f04d316a3d71e03978b4126fbfb2b15c0400041467fc18385630dc6429726677d196c81466f47b5e3103c00100042027b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60
 
Successfully parsed ART:
 
counter: 6196
 
manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c
 
sleep hash is absent
 
restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e
 
 
./seputil --art set
 
Segmentation fault: 11
 
 
./seputil --log
 
Kernel message log has 128 entries
 
289344381444: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289344385176: 0x0000000000000000 TX interrupt
 
289344391044: 0x0000000000000000 TX interrupt
 
289344408988: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289344409016: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289344413132: 0x0000000000000000 RX interrupt
 
289344413304: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289344413904: 0x0000000000000000 RX interrupt
 
289344413944: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289344414176: 0x0018000000dd1007 TX message ept 7, tag 10, opcode dd, param 0, data 180000
 
289344443356: 0x0000000000000000 RX interrupt
 
289344443428: 0x0068000000dd9007 RX message ept 7, tag 90, opcode dd, param 0, data 680000
 
289346822748: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0
 
289346829480: 0x0000000000000000 RX interrupt
 
289346829560: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0
 
289346830136: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0
 
289406511168: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289406511204: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289406538900: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289406538936: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289406543628: 0x0000000000000000 TX interrupt
 
289406549916: 0x0000000000000000 TX interrupt
 
289406566580: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289406566612: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289406571220: 0x0000000000000000 RX interrupt
 
289406571476: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289406571908: 0x0000000000000000 RX interrupt
 
289406571952: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289406572320: 0x0018000000de1007 TX message ept 7, tag 10, opcode de, param 0, data 180000
 
289406605068: 0x0000000000000000 RX interrupt
 
289406605152: 0x0068000000de9007 RX message ept 7, tag 90, opcode de, param 0, data 680000
 
289407383260: 0x003c000000df0907 TX message ept 7, tag 9, opcode df, param 0, data 3c0000
 
289407396284: 0x0000000000000000 RX interrupt
 
289407396380: 0x002c000000df8907 RX message ept 7, tag 89, opcode df, param 0, data 2c0000
 
289407403656: 0x003c000000e00907 TX message ept 7, tag 9, opcode e0, param 0, data 3c0000
 
289407411688: 0x0000000000000000 RX interrupt
 
289407411736: 0x002c000000e08907 RX message ept 7, tag 89, opcode e0, param 0, data 2c0000
 
289407414732: 0x003c000000e10907 TX message ept 7, tag 9, opcode e1, param 0, data 3c0000
 
289407422472: 0x0000000000000000 RX interrupt
 
289407422524: 0x002c000000e18907 RX message ept 7, tag 89, opcode e1, param 0, data 2c0000
 
289408986276: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0
 
289408991756: 0x0000000000000000 RX interrupt
 
289408991824: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0
 
289408992472: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0
 
289459393276: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289459393348: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289459423004: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289459423048: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289459452628: 0x0000000000000000 TX interrupt
 
289459453612: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289459453664: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289459466460: 0x0000000000000000 TX interrupt
 
289459469548: 0x0000000000000000 RX interrupt
 
289459470000: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289459470632: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289459471304: 0x0018000000e21007 TX message ept 7, tag 10, opcode e2, param 0, data 180000
 
289459524572: 0x0000000000000000 RX interrupt
 
289459524728: 0x0068000000e29007 RX message ept 7, tag 90, opcode e2, param 0, data 680000
 
289459532644: 0x004c000000e30f07 TX message ept 7, tag f, opcode e3, param 0, data 4c0000
 
289459552888: 0x0000000000000000 RX interrupt
 
289459553044: 0x002c000000e38f07 RX message ept 7, tag 8f, opcode e3, param 0, data 2c0000
 
289459646732: 0x0018000000e41007 TX message ept 7, tag 10, opcode e4, param 0, data 180000
 
289459681116: 0x0000000000000000 RX interrupt
 
289459681272: 0x0068000000e49007 RX message ept 7, tag 90, opcode e4, param 0, data 680000
 
289461898836: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0
 
289461906796: 0x0000000000000000 RX interrupt
 
289461906968: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0
 
289461908400: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0
 
289526725980: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289526726016: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289526757512: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289526757552: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289526774468: 0x0000000000000000 TX interrupt
 
289526782688: 0x0000000000000000 TX interrupt
 
289526786468: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289526786540: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289526795320: 0x0000000000000000 RX interrupt
 
289526795828: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289526796304: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289526796984: 0x0018000000e51007 TX message ept 7, tag 10, opcode e5, param 0, data 180000
 
289526847216: 0x0000000000000000 RX interrupt
 
289526847348: 0x0068000000e59007 RX message ept 7, tag 90, opcode e5, param 0, data 680000
 
289529224460: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0
 
289529235316: 0x0000000000000000 RX interrupt
 
289529235488: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0
 
289529236920: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0
 
289584681764: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289584681836: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289584710576: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289584710608: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289584730996: 0x0000000000000000 TX interrupt
 
289584738992: 0x0000000000000000 TX interrupt
 
289584739572: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289584739612: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289584748648: 0x0000000000000000 RX interrupt
 
289584748984: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289584749300: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
289584749332: 0x0018000000e61007 TX message ept 7, tag 10, opcode e6, param 0, data 180000
 
289584790484: 0x0000000000000000 RX interrupt
 
289584790568: 0x0068000000e69007 RX message ept 7, tag 90, opcode e6, param 0, data 680000
 
289587176748: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0
 
289587185760: 0x0000000000000000 RX interrupt
 
289587185916: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0
 
289587186840: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0
 
288741485000: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
288741485084: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
288741514772: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
288741514812: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
288741533984: 0x0000000000000000 TX interrupt
 
288741541992: 0x0000000000000000 TX interrupt
 
288741543608: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
288741543680: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
288741552216: 0x0000000000000000 RX interrupt
 
288741552884: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
288741553388: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0
 
288741553672: 0x0018000000db1007 TX message ept 7, tag 10, opcode db, param 0, data 180000
 
288741591912: 0x0000000000000000 RX interrupt
 
288741592040: 0x0068000000db9007 RX message ept 7, tag 90, opcode db, param 0, data 680000
 
288741599128: 0x004c000000dc0f07 TX message ept 7, tag f, opcode dc, param 0, data 4c0000
 
288741620732: 0x0000000000000000 RX interrupt
 
288741620900: 0x002c000000dc8f07 RX message ept 7, tag 8f, opcode dc, param 0, data 2c0000
 
288742902624: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0
 
288742912320: 0x0000000000000000 RX interrupt
 
288742912496: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0
 
288742913700: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0
 
289344354176: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289344354216: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
289344381416: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0
 
 
./seputil --boot-check sep-firmware.img4
 
preflight: manifest hash matches sepi
 
bootCheck: SEP may boot with ART
 
 
./seputil --dump-fw sep-firmware.img4
 
manifest digest (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c
 
sepi digest (20 bytes): a22813c5ceaeada5b7eeaa55808f3019814e8b8e
 
sepi nonce (20 bytes): e5074bd1befefc685c6b5ec6797ffc851366f76f
 
rsep digest (20 bytes): cb9f4c6520889e2582414c5969fb0abc3b0d8277
 
rsep nonce (20 bytes): e5074bd1befefc685c6b5ec6797ffc851366f76f
 
</pre>
 
 
==ART Object==
 
 
Example 1:
 
<pre>
 
./seputil --art get
 
raw ART: 305e0201003037020218340414519c0248f04d316a3d71e03978b4126fbfb2b15c0400041467fc18385630dc6429726677d196c81466f47b5e3103c00100042027b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60
 
Successfully parsed ART:
 
counter: 6196
 
manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c
 
sleep hash is absent
 
restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e
 
</pre>
 
 
raw ART is also a [http://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One#Example_encoded_in_DER DER encoded ASN.1 object]:
 
 
<pre>
 
30 — type tag indicating SEQUENCE
 
5e — length in octets of value that follows (92)
 
02 — type tag indicating INTEGER
 
01 — length in octets of value that follows
 
00 — value (0)
 
30 — type tag indicating SEQUENCE
 
37 — length in octets of value that follows (55)
 
02 — type tag indicating INTEGER
 
02 — length in octets of value that follows
 
1834 — value (6196) (of counter)
 
04 — type tag indicating STRING
 
14 — length in octets of value that follows (20)
 
519c0248f04d316a3d71e03978b4126fbfb2b15c — value (of manifest hash)
 
04 — type tag indicating STRING
 
00 — length in octets of value that follows (0); empty, so no value to follow (sleep has is absent)
 
04 — type tag indicating STRING
 
14 — length in octets of value that follows (20)
 
67fc18385630dc6429726677d196c81466f47b5e — value (of restore nonce)
 
31 — type tag indicating SET
 
03 — length in octets of value that follows (3)
 
c00100 — value
 
04 — type tag indicating STRING
 
20 — length in octets of value that follows (32)
 
27b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60 — value
 
</pre>
 
 
Example 2:
 
<pre>
 
./seputil --art get
 
raw ART: 3072020100304b0202186c0414519c0248f04d316a3d71e03978b4126fbfb2b15c04147f75cb9012128cf71eb8fcd6b13e56a02a7324db041467fc18385630dc6429726677d196c81466f47b5e3103c0010004209ce3646167631d0df8d4db28973db8d5a27f85d345ad6ec220aeb1e22f39f31f
 
Successfully parsed ART:
 
counter: 6252
 
manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c
 
sleep hash (20 bytes): 7f75cb9012128cf71eb8fcd6b13e56a02a7324db
 
restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e
 
</pre>
 
 
Decode (used the decoder [http://lapo.it/asn1js/ here]):
 
 
<pre>
 
SEQUENCE (3 elem)
 
INTEGER 0
 
SEQUENCE (5 elem)
 
INTEGER 6252
 
OCTET STRING (20 byte) 519C0248F04D316A3D71E03978B4126FBFB2B15C
 
OCTET STRING (20 byte) 7F75CB9012128CF71EB8FCD6B13E56A02A7324DB
 
OCTET STRING (20 byte) 67FC18385630DC6429726677D196C81466F47B5E
 
SET (1 elem)
 
Private 0 (1 byte) 00
 
OCTET STRING (32 byte) 9CE3646167631D0DF8D4DB28973DB8D5A27F85D345AD6EC220AEB1E22F39F31F
 
</pre>
 
 
Example 3:
 
<pre>
 
./seputil --art clear
 
ART cleared from storage
 
 
./seputil --art get
 
seputil: Get ART command error: 0xe00002bc
 
</pre>
 
   
 
==Further References==
 
==Further References==

Revision as of 02:00, 4 August 2018

The Secure Enclave is part of the A7 and newer chips used for data protection, Touch ID, and Face ID. The purpose of the Secure Enclave is to handle keys and other info such as biometrics that is sensitive enough to not be handled by the AP. It is isolated with a hardware filter so the AP cannot access it. It shares RAM with the AP, but it's portion of the RAM (known as TZ0) is encrypted. The secure enclave itself is a flashable 4MB AKF processor core called the secure enclave processor (SEP) as documented in Apple Patent Application 20130308838. The technology used is similar to ARM's TrustZone/SecurCore but contains proprietary code for Apple KF cores in general and SEP specifically. It is also responsible for generating the UID key on A9 or newer chips that protects user data at rest.

The SEP is located in the devicetree under IODeviceTree:/arm-io/sep and manged by the AppleSEPManager driver as seen here

SEP OS

The SEP has its own OS called SEP OS and there exists a tool called seputil which is used to communicate with it.

Further References

www.forbes.com