Does Apple use ARM TrustZone?

Apple has customized a highly optimized version of TrustZone and created what is now known Secure Enclave. Of course, Apple will likely never release the details of what they do in the custom hardware for number of reasons. Thus I will speak directly of TrustZone and extrapolate to Secure Enclave.

Which Apple devices have Secure Enclave?

The Secure Enclave is a hardware feature of most versions of iPhone, iPad, Mac, Apple TV, Apple Watch, and HomePod—namely:

  • iPhone 5s or later.
  • iPad Air or later.
  • MacBook Pro computers with Touch Bar (2016 and 2017) that contain the Apple T1 Chip.
  • Intel-based Mac computers that contain the Apple T2 Security Chip.

What is TrustZone in ARM?

Arm® TrustZone® technology provides a cost-effective methodology to isolate security critical components in a system, by hardware separating a rich operating system, from a much smaller, secure operating system.

How secure is iPhone Secure Enclave?

The Secure Enclave is a security coprocessor included with almost every Apple device to provide an extra layer of security. All data stored on iPhone, iPad, Mac, Apple Watch, and other Apple devices is encrypted with random private keys, which are only accessible by the Secure Enclave.

Can Secure Enclave be hacked?

Security researchers have recently revealed a vulnerability in the Secure Enclave Processor, but while the data store for sensitive information means data including Apple Pay details and Face ID biometric records are potentially at risk to attackers, the reality is that it is still extremely unlikely to be a major …

What is SGX enclave?

A trusted execution environment embedded in a process. The core idea of SGX is the creation of a software ‘enclave’. The enclave is basically a separated and encrypted region for code and data. The enclave is only decrypted inside the processor, so it is even safe from the RAM being read directly.

Does iPhone have TPM?

Since Apple sells iPhones in China (see this NY Times article), we can infer that the iPhone doesn’t ship with TPM chips.

Why do we need TrustZone?

With TrustZone handling the user identity and payment systems, it becomes very difficult for the sensitive data to be hijacked. In this way, TrustZone allows devices to be more secure from the ground up.

What is TrustZone used for?

TrustZone technology provides a foundation for system-wide security and the creation of a trusted SoC. Any part of the system can be designed as part of the secure world, including debug, peripherals, interrupts and memory.

Is Secure Enclave a TPM?

HSM, TPM, Secure Enclave, and Secure Element/Hardware Root of Trust all have the same function, which is to securely store keys, and securely execute cryptographic operations. The difference is that they’re all uniquely named.

Should I disable Intel SGX?

Generally, you shouldn’t disable Intel SGX under any circumstances. If you plan to use Intel SGX to help secure your applications and sensitive data, disablement should be completely avoided, as disablement offers no application or data protection whatsoever.

What is SGX enclave size?

The size of the SGX enclave is fixed but is different depending on the processor model. Sizes range from 8 GB to 512 GB per processor. For a 2-socket ThinkSystem server, if enough DDR memory is installed, the system BIOS can reserve between 16GB and 1TB based on processor model installed.