The secure enclave processor (SEP) was introduced by Apple as part of the A7 SOC with the release of the iPhone 5S, most notably to support their fingerprint technology, Touch ID. SEP is designed as a security circuit configured to perform secure services for the rest of the SOC, with with no direct access from the main processor. In fact, the secure enclave processor runs it own fully functional operating system - dubbed SEPOS - with its own kernel, drivers, services, and applications. This isolated hardware design prevents an attacker from easily recovering sensitive data (such as fingerprint information and cryptographic keys) from an otherwise fully compromised device.
Despite almost three years have passed since its inception, little is still known about the inner workings of the SEP and its applications. The lack of public scrutiny in this space has consequently led to a number of misconceptions and false claims about the SEP.
In this presentation, we aim to shed some light on the secure enclave processor and SEPOS. In particular, we look at the hardware design and boot process of the secure enclave processor, as well as the SEPOS architecture itself. We also detail how the iOS kernel and the SEP exchange data using an elaborate mailbox mechanism, and how this data is handled by SEPOS and relayed to its services and applications. Last, but not least, we evaluate the SEP attack surface and highlight some of the findings of our research, including potential attack vectors.
Tarjei Mandt (@kernelpool) is a senior security researcher at AzimuthSecurity. He holds a Master's degree in Information Security from GUC (Norway)and has spoken at security conferences such as Black Hat USA, CanSecWest,INFILTRATE, RECon, SyScan, and Hack in the Box. In his free time, he enjoysspending countless hours challenging security mechanisms and researchingintricate issues in low-level system components. Previously, he has discoveredseveral Windows kernel vulnerabilities, and spoken on topics such as kernelpool exploitation and user-mode callback attacks. More recently, he hasfocused on Apple technology and presented on various security flaws andweaknesses in Mac OS X and iOS.
Mathew Solnik is senior security researcher who's primary focus is in themobile, M2M, and embedded space specializing in cellular network,hardware/baseband, and OS security research/exploit development. Prior todoing full time research, Mathew was a Senior Member of Technical Staff atAppthority, Inc. where he helped design and build an automated mobile threatand malware analysis platform for use in the enterprise and defense space.Previous to Appthority, Mathew has held positions in multiple areas of IT andsecurity - including consulting for Accuvant, and iSEC Partners where heperformed the first Over-the-Air Car Hack (as was featured in a previous BlackHat talk) as well as R&D; for Ironkey where he handled in-housepenetration testing and design review for multiple DARPA funded projects.