Demystifying the Secure Enclave Processor

Recommendations

Info

Sending Anti-Replay Token • Stage 3 message loop will receive earlier ping in mailbox and respond. • Anti-Replay Token is sent (opcode 7), encoding physical address in top 4 bytes of message. • SEP validates that the address is not in TZ0 or TZ1 and is within physical memory. ▫ Spin if it doesn’t validate. • SEP copies 4096 bytes from specified address into buffer within TZ0. • SEP acknowledges ART Acknowledge Ping Copy in ART Acknowledge ART Copy in SEPOS Validate SEPOS and ART Acknowledge SEPOS Boot SEPOS Send ART Send SEPOS Send Shared Memory Addr
Sending SEPOS • SEPOS is sent (opcode 6), encoding physical address in top 4 bytes of message. • SEP exits message loop. • SEP validates address and copies in first 4096 bytes. • Determines full size of DER based on first 4096 bytes. • Validates the address of and copies page-by-page rest of the SEPOS DER. Acknowledge Ping Copy in ART Acknowledge ART Copy in SEPOS Validate SEPOS and ART Acknowledge SEPOS Boot SEPOS Send ART Send SEPOS Send Shared Memory Addr
Page 1 and 2: Demystifying the Secure Enclave Pro
Page 3 and 4: Introduction • iPhone 5S was a te
Page 5 and 6: Secure (?) Enclave Processor • Ve
Page 7 and 8: Glossary • AP: Application Proces
Page 11 and 12: Dedicated Hardware Peripherals •
Page 13 and 14: Physical Memory • Dedicated BootR
Page 17 and 18: SEP Initialization - Page Tables
Page 19 and 20: SEP Initialization - Second Stage
Page 21 and 22: SEP Boot Flow SEP AP Configure TZ0
Page 23 and 24: Memory Encryption Setup • Use “
Page 25 and 26: • Mode actually used is AES-256-X
Page 27: SEP Boot Flow: Stage 3 SEP AP Ackno
Page 31 and 32: Boot-loading: Img4 • SEP uses the
Page 33 and 34: Img4 - Manifest • The manifest (A
Page 35 and 36: IMG4 - Manifest Properties (2/2) He
Page 37 and 38: Reversing SEP’s Img4 Parser: Stag
Page 39 and 40: Img4 Parsing Flow SEP AP Decode Pay
Page 43 and 44: Secure Mailbox • Actual mailbox i
Page 45 and 46: Interrupt-based Message Passing •
Page 47 and 48: Mailbox Message Format • A single
Page 49 and 50: SEP Endpoint • Each endpoint is r
Page 51 and 52: SEP Endpoints (2/2) Index Name Driv
Page 53 and 54: Control Endpoint Opcodes Opcode Nam
Page 55 and 56: Endpoint Registration (AP) Start Cr
Page 59 and 60: L4-embedded • Modified version of
Page 61 and 62: SEPOS Architecture SEP Applications
Page 63 and 64: System Calls (1/2) Num Name Descrip
Page 65 and 66: Privileged System Calls • Some sy
Page 67 and 68: SEPOS (INIT) • Initial process on
Page 69 and 70: Application List • Includes infor
Page 71 and 72: Bootstrap Server • Implements the
Page 73 and 74: Privileged Methods • An applicati
Page 75 and 76: proc_has_privilege( ) int proc_has_
Page 77 and 78: Entitlement Assignment int proc_cre
Page 79 and 80:
SEP Drivers • Hosts all SEP drive
Page 81 and 82:
Driver Interaction Retrieves SEPD t
Page 83 and 84:
SEP Services • Hosts various SEP
Page 85 and 86:
Service Interaction Retrieves sepS
Page 87 and 88:
Demystifying the Secure Enclave Pro
Page 89 and 90:
Attack Surface: AKF Endpoints • E
Page 91 and 92:
Attack Surface: Endpoint Handler SE
Page 93 and 94:
Address Space Layout - Image • SE
Page 95 and 96:
Stack Corruptions • The main thre
Page 97 and 98:
Stack Corruptions • SEP applicati
Page 99 and 100:
Heap Corruptions: malloc() Free Lis
Page 101 and 102:
No-Execute Protection • SEPOS imp
Page 103 and 104:
Attack Surface: BootROM • Effecti
Page 105 and 106:
Attack Surface: Hardware • Memory
Page 107 and 108:
End Game: JTAG • Glitch the fuse
Page 109 and 110:
Conclusion • SEP(OS) was designed
Page 111 and 112:
Thanks! • Questions?
Page 113 and 114:
SEPOS: System Methods Class Id Meth
Page 115 and 116:
SEPOS: Object Methods (2/2) Class I
show all

Demystifying the Secure Enclave Processor

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?