hoakley June 15, 2024 Macs, Technology

A brief history of Mac enclaves and exclaves

Until 2016, no Mac had a processor dedicated to working with secrets like encryption keys, and those had to be handled by the main CPU, as in most other computers. This made it feasible for vulnerabilities in macOS and the CPU to be exploited to surrender those secrets, allowing an attacker to open anything protected by FileVault, for example.

Intel Macs

With the release of the first 13-inch MacBook Pro with a Touch Bar, Apple built its first Apple silicon chip into an Intel Mac, the T1, based on the S2 chip used in the Apple Watch Series 2. The T1 handles biometric data for Touch ID, as well as running the Touch Bar’s display and protecting Apple Pay. Although this isn’t a complete Secure Enclave, it was the first step on the road to Apple silicon Macs.

A year later, in December 2017, with the release of the iMac Pro, Apple moved up to the Mac’s first Secure Enclave in its T2 chip. This is more complex than the T1, and consists of a four-core main CPU derived from the A10 used in the iPhone 7 and contemporaneous iPads and iPod Touch.

Alongside that is a 32-bit Arm CPU running a completely different operating system, sepOS (a custom version of the L4 microkernel), dedicated to handling and working with the secrets protected by its Secure Enclave. That has its own secure EEPROM storage, an AES engine to perform hardware-accelerated encryption and decryption for the internal SSD, and more. Most subsequent Intel Macs came with a T2 chip, although they were incorporated late into iMacs, which didn’t get them until 2020, and the Mac Pro in 2019.

Apple silicon Macs

When the first M1 models were released in November 2020, they all came with integral Secure Enclaves, as have all subsequent M-series chips. These are a significant improvement on their predecessors in the T2, adding replay prevention, a second-generation Secure Storage Component, and more. They continue to run their own operating system, sepOS.

Among their more puzzling features is the potential to support Face ID, although that hasn’t yet been implemented on any Mac. Rather than integrate the required Secure Neural Engine into the Secure Enclave itself, this is now implemented as a secure mode in the main Neural Engine (ANE), but apparently remains unused in M-series chips.

Virtual machines

Prior to macOS Sequoia, macOS virtual machines (VMs) running in lightweight virtualisation on Apple silicon are unable to use Apple ID or to access iCloud, because they’re unable to access any protected secrets from the host Secure Enclave. In macOS 15 and later, creation of a VM running macOS 15 or later configures an identity derived from the host Secure Enclave, enabling access to resources requiring Apple ID including iCloud. If that VM is then run on a host using a different Apple ID, a different identity has to be created, again derived from the Secure Enclave.

Private Cloud Compute

Another new feature being introduced in macOS Sequoia is Private Cloud Compute (PCC), to support off-device Apple Intelligence. Apple has already stated that PCC nodes have a Secure Enclave. All code that can run on a node is part of a trust cache signed by Apple and loaded by the Secure Enclave to ensure that it can’t be changed at runtime. The enclave is also used to generate non-persisting encryption keys, and to enforce guarantees that those keys can’t be duplicated or extracted. It’s responsible for cryptographic erasure of the user’s data volume when it reboots at the end of each session, presumably using the same key erasure mechanism as in Erase All Content & Settings in macOS.

Most interesting of all, Apple has promised to provide images of the PCC used, including the sepOS firmware in plain text, for researchers to scrutinise.

Exclaves

While an enclave is a territory entirely surrounded by the territory of another state, an exclave is an isolated fragment of a state that exists separately from the main part of that state. Although exclave isn’t a term normally used in computing, macOS 14.4 introduced three kernel extensions concerned with exclaves. They seem to have appeared first in iOS 17, where they’re thought to code domains isolated from the kernel that protect key functions in macOS even when the kernel becomes compromised. This in turn suggests that Apple is in the process of refactoring the kernel into a central micro-kernel with protected exclaves. This has yet to be examined in Sequoia.

Conclave

This is a meeting of the College of Cardinals convened to elect a new Pope. As far as I’m aware, there are no conclaves in Macs. Yet.

References

Apple’s Platform Security Guide, last updated 2021.
Using iCloud with macOS VMs (Apple)
Private Cloud Compute (Apple)

15Comments

Add yours

1

Enzo Vincenzo on June 15, 2024 at 8:59 am
Reply

“Conclave This is a meeting of the College of Cardinals convened to elect a new Pope. As far as I’m aware, there are no conclaves in Macs. Yet.” 🤣🤣🤣

LikeLiked by 4 people
- 2
  
  Tristan Hubsch on June 15, 2024 at 2:19 pm
  Reply
  
  Wellll… the various diverse, different and variously distributed processors within our Macs may well conclave (in secret, of course🧐) to choose among themselves the one to rule them all. Let’s just hope they don’t decide to announce their decision by emitting smoke from our Macs.🙀
  
  LikeLiked by 2 people
  - 3
    
    Enzo Vincenzo on June 15, 2024 at 2:55 pm
    Reply
    
    Good joke, Tristan!… 🙂 But a Conclave of Apple’s Managing Directors who, under the inspiration of the Holy Spirit, elect a new CEO, as the perfect and inspired successor to Steve Jobs, would also be fine… 😉
    
    LikeLiked by 2 people
4

Duncan on June 15, 2024 at 3:07 pm
Reply

Autoclave: Disk Utility’s ‘Secure Erase’ option set to seven passes.

LikeLiked by 1 person
- 5
  
  hoakley on June 15, 2024 at 3:10 pm
  Reply
  
  At least on Intel.
  Howard.
  
  LikeLike
6

milleri on June 15, 2024 at 3:19 pm
Reply

How much of this is enabled in Sequoia beta 1? Is it in the cards to run a macOS VM that can sign into iCloud or is that still down the road?

LikeLiked by 2 people
- 7
  
  hoakley on June 15, 2024 at 3:22 pm
  Reply
  
  Beta-releases are covered by an NDA. So I can’t tell you. All I can tell you is that my app, Viable, currently is unable to accept Apple ID in VMs, and from what I’ve heard other virtualisers are in the same situation.
  Howard.
  
  LikeLike
  - 8
    
    milleri on June 15, 2024 at 3:40 pm
    Reply
    
    Alternatively, I could simply read the release notes myself…
    
    LikeLiked by 1 person
    - 9
      
      hoakley on June 15, 2024 at 9:42 pm
      
      I’m sorry – I hadn’t looked at them yet, and of course they are openly available, and state that Apple ID doesn’t work yet.
      Howard.
      
      LikeLike
10

David C. on June 15, 2024 at 11:06 pm
Reply

Interestingly, the first Intel Macs (the developer kits – which were really just PC motherboards) had TPM chips. TPM chips provide secure storage and hardware encryption. But Apple didn’t use these on the production Macs, and therefore didn’t have secure enclave capabilities until they started shipping systems with the T1 and T2 chips.

I’ve always wondered why Apple didn’t (at least at first) use a TPM for these capabilities. I assume that either Apple didn’t consider them important at the time, or the TPM capabilities were not sufficient for Apple’s purposes.

Of course, since the introduction of Apple Silicon, it’s all just a historical curiosity.

LikeLiked by 1 person
- 11
  
  hoakley on June 16, 2024 at 12:56 pm
  Reply
  
  Thank you, but now you have puzzled me. I too had a DTK in 2005, and of course had to return it. But I didn’t think that TPMs existed for several years after that – at least according to Wikipedia on TPMs.
  Howard.
  
  LikeLiked by 1 person
  - 12
    
    David C. on June 16, 2024 at 3:15 pm
    Reply
    
    According to Wikipedia, TPM 1.2 became an ISO standard 2009. But it doesn’t mention anything before that point.
    
    According to “A Practical Guide to TPM 2.0”, chapter 1 (“History of the TPM” – https://link.springer.com/chapter/10.1007/978-1-4302-6584-9_1 ), the first widely-deployed TPM was version 1.1b, which was released in 2003. The chapter goes on to say that TPM 1.2 was deployed on most x86 PCs around 2005 and on servers around 2008 (before the ISO standard)
    
    I remember reading about this chip on motherboards, noting that no consumer operating systems at the time seemed to support or care about it. There were fears that Microsoft was going to mandate that PC makers install firmware using the TPM to prevent non-Windows operating systems from being installed, but as we know, that didn’t actually happen.
    
    As for the Apple DTKs, I remember reading blogs at the time citing people who violated their agreement by sharing a description of the board, claiming that was a TPM chip on the motherboard. And the pre-release Rosetta code was apparently tied to that chip. There were fears from some that Apple would use it to lock down the system – to prevent third-party apps as well as third-party operating systems. See also https://daringfireball.net/2005/08/trusted.
    
    Of course, those fears also failed to materialize and production Intel Macs didn’t have the chip.
    
    LikeLiked by 1 person
    - 13
      
      hoakley on June 16, 2024 at 3:44 pm
      
      Thank you for solving the mystery. This makes it all the more extraordinary that PCs have never used secure boot, or the more secure features available in UEFI.
      Howard
      
      LikeLiked by 1 person
14

Adrian B on June 17, 2024 at 11:56 am
Reply

I was looking at the reference links and thought “I’m sure there was a 2024 update to the Platform Security Guide”, and went looking. Indeed the link you’ve got states 2021, although if you look at the Document Revision History for that link it states it was updated in December 2022 (this was also the case with the PDF at the time, they quietly updated it). I also found the 2024 version as a PDF : https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

(I’m guessing you were aware of all that, but thought I’d add a comment on the (very) slim chance you weren’t!)

LikeLiked by 1 person
- 15
  
  hoakley on June 17, 2024 at 9:06 pm
  Reply
  
  Thank you. In fact, the changes between the 2021 and 2024 version of that page appear mostly clerical, like expanding M1 to M1, M2 and M3. Currently, Apple has got two different versions of this guide in a hopeless mess: access the en-gb version, and you get the previous version from two years ago, while the en-ca and en-us versions are the current. I can’t believe that translation is taking all that time!
  Howard.
  
  LikeLike