> What you're saying that if an attacker is willing to physically dismantle the machine, he can then, using SPI-flasher HW, replace the UEFI firmware on the machine with a custom UEFI firmware which does not enforce secure-boot...
Yeah, that's kind of the classic evil maid attack, and it is not unheard of for various spy agencies to dismantle devices to gain access or install bugs.
> If that's the kind of attacker you are trying to protect against
That is exactly what the T2 chip is designed to protect against, and more.
The T2 chip also runs all of the encryption/decryption for the integrated storage, this way all data on the flash is encrypted at all times.
I can imagine that the T2 chip over time will be able to do much more to help provide extra verification and security to the device and help keep users safe.
> And if we're going down that lane: what prevents an attacker this sophisticated from doing the same with the T2-chip's firmware?
Because the firmware on the T2 chip is signed and the way the chip is designed the only way to get firmware on it is to decap it because it is stored internal to the chip itself.
With your stock standard x86 motherboard that is not the case because the firmware is loaded from an unencrypted and unverified flash chip.
> What Apple offers with the T2 chip, for most people, has almost zero value
We'll have to agree to disagree, because the T2 chip also does full line-rate encryption/decryption of the storage with no OS involvement at all. This means if your laptop falls in the wrong hands, now people can't get at the data even by reading directly from the flash chips.
----
You are the one that claimed that the article was fanboy-fluff, I just described a feature that no other machine has... and you immediately consider it a money-grab rather than something to laud Apple for. Yet SecureBoot is good enough? Why not keep improving upon the status quo? Why not make it easier for people to keep their data private and secure?
It's all about defense in depth, and Apple added one more depth to their platform.
So is pretty much all UEFI firmware too though. It may not be encrypted, but it is certainly verified. Feel free to ask the Coreboot people about details here.
> We'll have to agree to disagree, because the T2 chip also does full line-rate encryption/decryption of the storage with no OS involvement at all.
But for people who has been using BitLocker or LUKS transparently (because it's built into the OS) for half a decade+, there are absolutely zero new things offered, and no visible improvements offered.
The only effective change is restrictions in end-user freedom.
> Yet SecureBoot is good enough? Why not keep improving upon the status quo? Why not make it easier for people to keep their data private and secure?
If a security feature which can easily be implemented (securely) in the OS is moved to firmware, I could be willing to consider that a good thing, but not it comes at the cost of end-user freedom.
> That is exactly what the T2 chip is designed to protect against
The point the OP was making is that if your threat has the technical ability to dismantle down to the circuit level and rebuild then you've got bigger problems. Such as corporal or legal jeopardy.
They could just beat you with a rubber hose until you log in. Or throw you in jail for five years for contempt of court.
The classic 'evil maid' attack is more like script-kiddie threat compared to that, and Secure Boot was sufficient protection.
Yeah, that's kind of the classic evil maid attack, and it is not unheard of for various spy agencies to dismantle devices to gain access or install bugs.
> If that's the kind of attacker you are trying to protect against
That is exactly what the T2 chip is designed to protect against, and more.
The T2 chip also runs all of the encryption/decryption for the integrated storage, this way all data on the flash is encrypted at all times.
I can imagine that the T2 chip over time will be able to do much more to help provide extra verification and security to the device and help keep users safe.
> And if we're going down that lane: what prevents an attacker this sophisticated from doing the same with the T2-chip's firmware?
Because the firmware on the T2 chip is signed and the way the chip is designed the only way to get firmware on it is to decap it because it is stored internal to the chip itself.
With your stock standard x86 motherboard that is not the case because the firmware is loaded from an unencrypted and unverified flash chip.
> What Apple offers with the T2 chip, for most people, has almost zero value
We'll have to agree to disagree, because the T2 chip also does full line-rate encryption/decryption of the storage with no OS involvement at all. This means if your laptop falls in the wrong hands, now people can't get at the data even by reading directly from the flash chips.
----
You are the one that claimed that the article was fanboy-fluff, I just described a feature that no other machine has... and you immediately consider it a money-grab rather than something to laud Apple for. Yet SecureBoot is good enough? Why not keep improving upon the status quo? Why not make it easier for people to keep their data private and secure?
It's all about defense in depth, and Apple added one more depth to their platform.