Difference between revisions of "Secure Enclave"

From The iPhone Wiki
Jump to: navigation, search
(Created page with "The '''Secure Enclave''' is part of the A7 chip and a basic part of Apples Touch ID fingerprint technology. Within the Secure Enclave the fingerprint data is stored in...")
 
Line 1: Line 1:
 
The '''Secure Enclave''' is part of the [[A7]] chip and a basic part of Apples [[Touch ID]] fingerprint technology. Within the Secure Enclave the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of A7 Chip and as well as the rest of iOS. The secure enclave itself is a flashable 4MB processore called the secure enclave processor (SEP) as documented in [http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838 Appple Patent Application 20130308838]. The technology used is basically [http://www.arm.com/products/processors/technologies/trustzone/index.php ARM's TrustZone/SecurCore].
 
The '''Secure Enclave''' is part of the [[A7]] chip and a basic part of Apples [[Touch ID]] fingerprint technology. Within the Secure Enclave the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of A7 Chip and as well as the rest of iOS. The secure enclave itself is a flashable 4MB processore called the secure enclave processor (SEP) as documented in [http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838 Appple Patent Application 20130308838]. The technology used is basically [http://www.arm.com/products/processors/technologies/trustzone/index.php ARM's TrustZone/SecurCore].
   
  +
The SEP has its on OS (called SEP OS) and there exists a tool called seputil which is used to communicate with it.
== Further References ==
 
  +
  +
seputil has the following valid commands:
  +
  +
<pre>
  +
--ping Send a PING operation to the SEP OS
  +
--load Load <file> as the SEP runtime firmware
  +
--restore Load <file> as the SEP runtime firmware in restore mode
  +
--restore+art Load <file> as the SEP runtime firmware in restore mode with ART
  +
--wait Pause for kernel driver to load before failing
  +
--preflight Pre-flight load/restore firmware against ART to pre-check for boot failures
  +
--log Dump the mailbox message log
  +
--rom status Get the ROM status
  +
--rom tz0 Send a ROM TZ0 command
  +
--rom nop Send a ROM NOP command
  +
--rom nonce Send a ROM nonce request
  +
--new-nonce Request new SEP/OS nonce
  +
--kill-nonce Request invalidate SEP/OS nonce
  +
--art get Dump current ART from Memory
  +
--art set Persist the supplied ART to storage
  +
--art clear Clear the persisted ART
  +
--art ctrtest Counter self-test (DESTRUCTIVE - WILL BRICK DEVICE)
  +
--sleep Sleep the SEP NOW!
  +
--nap Nap the SEP NOW!
  +
--pingflood Ping SEP endlessly
  +
--clkgate Enable SEP clock gating
  +
--get <obj> Read obj and write to stdout
  +
--put <obj> Read stdin and write to obj
  +
--boot-check <file> Check whether a firmware might be bootable WRT the current ART
  +
--dump-fw <file> Dump measurements of firmware file
  +
</pre>
  +
  +
==Further References==
   
 
[http://www.forbes.com/sites/quora/2013/09/18/what-is-apples-new-secure-enclave-and-why-is-it-important/ www.forbes.com]
 
[http://www.forbes.com/sites/quora/2013/09/18/what-is-apples-new-secure-enclave-and-why-is-it-important/ www.forbes.com]

Revision as of 15:06, 26 December 2013

The Secure Enclave is part of the A7 chip and a basic part of Apples Touch ID fingerprint technology. Within the Secure Enclave the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of A7 Chip and as well as the rest of iOS. The secure enclave itself is a flashable 4MB processore called the secure enclave processor (SEP) as documented in Appple Patent Application 20130308838. The technology used is basically ARM's TrustZone/SecurCore.

The SEP has its on OS (called SEP OS) and there exists a tool called seputil which is used to communicate with it.

seputil has the following valid commands:

--ping        Send a PING operation to the SEP OS
--load        Load <file> as the SEP runtime firmware
--restore     Load <file> as the SEP runtime firmware in restore mode
--restore+art Load <file> as the SEP runtime firmware in restore mode with ART
--wait        Pause for kernel driver to load before failing
--preflight   Pre-flight load/restore firmware against ART to pre-check for boot failures
--log         Dump the mailbox message log
--rom status  Get the ROM status
--rom tz0     Send a ROM TZ0 command
--rom nop     Send a ROM NOP command
--rom nonce   Send a ROM nonce request
--new-nonce   Request new SEP/OS nonce
--kill-nonce  Request invalidate SEP/OS nonce
--art get     Dump current ART from Memory
--art set     Persist the supplied ART to storage
--art clear   Clear the persisted ART
--art ctrtest Counter self-test (DESTRUCTIVE - WILL BRICK DEVICE)
--sleep       Sleep the SEP NOW!
--nap         Nap the SEP NOW!
--pingflood   Ping SEP endlessly
--clkgate     Enable SEP clock gating
--get <obj>   Read obj and write to stdout
--put <obj>   Read stdin and write to obj
--boot-check <file>  Check whether a firmware might be bootable WRT the current ART
--dump-fw <file>     Dump measurements of firmware file

Further References

www.forbes.com