[…]The thing that his team had been able to analyze for the first time was the iPhone’s Secure Enclave Processor (SEP), which handles data encryption for the iPhone. How they were able to do this was a valid question given Apple’s notorious secrecy, and the fact that the SEP is one of the most important and most closely guarded components of the iPhone, the most secure smartphone on the market. […]
A new macOS EFI password tool has appeared on Github today
…but I’ve no time today to look at how it works. 😦
CLOSED-SOURCE WARNING: The project includes a few pre-compiled .EFI binaries but no source, so be careful.
Apple has updated their T2 knowledge base article:
Here’s an article that describes how you can check if an Apple system is T2-based or not:
Apple has — at least I think so — updated their Secure Boot knowledge base article in the last few days:
New Apple T2-enabled hardware no longer allows Linux to be used.
Failure to run Apple’s proprietary diagnostic software after a repair “will result in an inoperative system and an incomplete repair.”
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
[…]There are two ways for spies to alter the guts of computer equipment.
One, known as interdiction, consists of manipulating devices as they’re in transit from manufacturer to customer. This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden.
The other method involves seeding changes from the very beginning.[…]
Howard Oakley has yet another new blog post on how Apple EFI works:
There have been multiple recent blog posts on Apple EFI from this author! Eg:
The last piece in the puzzle that is the booting of a Mac is understanding how any given volume is made bootable, and how it can be made the next startup volume.[…]
This article provides a simplified visual summary of the various stages which take place when a modern Intel Mac starts up in macOS 10.12 or 10.13, from pressing the Power button through to running the kernel and its extensions.[…]
NVRAM stores key settings which your Mac cannot obtain from disk during startup. Variables vary according to the model, version of macOS, and EFI firmware in use. Included among these are the following:[…]
The whole purpose of the BootROM and EFI phases is to get to load and run the macOS kernel and its extensions, which is what boot.efi, the “OS X booter”, finally does. Although boot.efi doesn’t suddenly vanish, from here on it is very little needed.[…]
Settings that can be audited/ fixed:
enable automatic updates
enable admin password preferences
enable terminal secure entry
disable firewall builin software
disable firewall downloaded signed
disable mail remote content
disable remote apple events
disable remote login
set airdrop contacts only
set appstore update check daily
check kext loading consent
check EFI integrity
check firmware password set
Open source apfs.efi loader based on reverse-engineered Apple’s ApfsJumpStart driver
Loads apfs.efi from ApfsContainer located on block device.
Apfs driver verbose logging suppressed.
Version system: connects each apfs.efi to the device from which it was retrieved
Supports AppleLoadImage protocol provides EfiBinary signature check
WARNING: Please load AppleLoadImage.efi right before ApfsDriverLoader, or just put it inside drivers64uefi folder of your Clover bootloader
Implementation of AppleLoadImage protocol discoverd in ApfsJumpStart Apple driver. This protocol installs in CoreDxe Apple’s firmware.
It provides safe EFI binary loading into memory by verifiyng it’s signature.
Also gives ability to use native ApfsJumpStart driver from Apple firmware
WARNING: ApplePartitionDriver needed
This library provides reverse-engineered Apple’s crypto signature algorithms.