Apple publishes whitepaper on T2 security chip

https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf

New Apple MacBook Pros prevented from non-Apple Independent Repair

https://motherboard.vice.com/en_us/article/yw9qk7/macbook-pro-software-locks-prevent-independent-repair

Failure to run Apple’s proprietary diagnostic software after a repair “will result in an inoperative system and an incomplete repair.”

Bloomberg: The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

[…]There are two ways for spies to alter the guts of computer equipment.
One, known as interdiction, consists of manipulating devices as they’re in transit from manufacturer to customer. This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden.
The other method involves seeding changes from the very beginning.[…]

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

 

 

Howard Oakley on Booting the Mac

Howard Oakley has yet another new blog post on how Apple EFI works:

Booting the Mac: Will my Mac boot from this disk? A visual guide

There have been multiple recent blog posts on Apple EFI from this author! Eg:

https://firmwaresecurity.com/2018/08/30/booting-the-mac-bless-and-what-makes-a-volume-bootable/

https://firmwaresecurity.com/2018/08/26/booting-the-mac-visual-summary/

https://firmwaresecurity.com/2018/08/26/whats-stored-in-mac-nvram/

https://firmwaresecurity.com/2018/08/24/booting-the-mac-the-kernel-and-extensions/

https://firmwaresecurity.com/2018/08/10/booting-the-mac-loading-boot-efi-and-secure-boot/

Booting the Mac: the kernel and extensions

The whole purpose of the BootROM and EFI phases is to get to load and run the macOS kernel and its extensions, which is what boot.efi, the “OS X booter”, finally does. Although boot.efi doesn’t suddenly vanish, from here on it is very little needed.[…]

Booting the Mac: the kernel and extensions

mOSL: Bash script to audit and fix macOS High Sierra (10.13.x) security settings

Settings that can be audited/ fixed:

enable automatic updates
enable gatekeeper
enable firewall
enable admin password preferences
enable terminal secure entry
disable firewall builin software
disable firewall downloaded signed
disable ipv6
disable mail remote content
disable remote apple events
disable remote login
set airdrop contacts only
set appstore update check daily
check SIP
check kext loading consent
check EFI integrity
check filevault
check firmware password set

https://github.com/0xmachos/mOSL

 

AppleSupportPkg: ApfsLDriverLoader, AppleLoadImage, AppleDxeImageVerificationLib

ApfsDriverLoader
Open source apfs.efi loader based on reverse-engineered Apple’s ApfsJumpStart driver
Loads apfs.efi from ApfsContainer located on block device.
Apfs driver verbose logging suppressed.
Version system: connects each apfs.efi to the device from which it was retrieved
Supports AppleLoadImage protocol provides EfiBinary signature check
WARNING: Please load AppleLoadImage.efi right before ApfsDriverLoader, or just put it inside drivers64uefi folder of your Clover bootloader

AppleLoadImage
Implementation of AppleLoadImage protocol discoverd in ApfsJumpStart Apple driver. This protocol installs in CoreDxe Apple’s firmware.
It provides safe EFI binary loading into memory by verifiyng it’s signature.
Also gives ability to use native ApfsJumpStart driver from Apple firmware
WARNING: ApplePartitionDriver needed

AppleDxeImageVerificationLib
This library provides reverse-engineered Apple’s crypto signature algorithms.

https://github.com/acidanthera/AppleSupportPkg

Booting Secure [on Apple systems]

http://michaellynn.github.io/2018/07/27/booting-secure/

PS: A few articles on the new T2 processor as well:

https://www.computerworld.com/article/3290415/apple-mac/the-macbook-pro-s-t2-chip-boosts-enterprise-security.html

https://www.digitaltrends.com/computing/apple-t2-chip-brings-deeper-secuirty-to-macbook-pro/

The MacBook Pro’s T2 chip boosts enterprise security: Secure boot, even for Windows installations on a Mac