Difference between revisions of "Secure Enclave Processor"

From The iPhone Wiki
Jump to: navigation, search
(Grammar)
m (Lee Gray paper was a dead link, switching to internet archive)
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 
The '''Secure Enclave''' (not to be confused with the [[Secure Element]]) is part of the [[A7]] and newer chips used for data protection, [[Touch ID]], and [[Face ID]]. The purpose of the Secure Enclave is to handle keys and other info such as biometrics that is sensitive enough to not be handled by the [[Application Processor|AP]]. It is isolated with a hardware filter so the AP cannot access it. It shares RAM with the AP, but its portion of the RAM (known as TZ0) is encrypted. The secure enclave itself is a flashable 4MB AKF processor core called the secure enclave processor (SEP) as documented in [http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838 Apple Patent Application 20130308838]. The technology used is similar to [http://www.arm.com/products/processors/technologies/trustzone/index.php ARM's TrustZone/SecurCore] but contains proprietary code for Apple KF cores in general and SEP specifically. It is also responsible for generating the UID key on A9 or newer chips that protects user data at rest.
 
The '''Secure Enclave''' (not to be confused with the [[Secure Element]]) is part of the [[A7]] and newer chips used for data protection, [[Touch ID]], and [[Face ID]]. The purpose of the Secure Enclave is to handle keys and other info such as biometrics that is sensitive enough to not be handled by the [[Application Processor|AP]]. It is isolated with a hardware filter so the AP cannot access it. It shares RAM with the AP, but its portion of the RAM (known as TZ0) is encrypted. The secure enclave itself is a flashable 4MB AKF processor core called the secure enclave processor (SEP) as documented in [http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838 Apple Patent Application 20130308838]. The technology used is similar to [http://www.arm.com/products/processors/technologies/trustzone/index.php ARM's TrustZone/SecurCore] but contains proprietary code for Apple KF cores in general and SEP specifically. It is also responsible for generating the UID key on A9 or newer chips that protects user data at rest.
   
The SEP is located in the devicetree under IODeviceTree:/arm-io/sep and manged by the AppleSEPManager driver as seen [http://winocm.com/images/ioregdump.txt here]
+
The SEP is located in the devicetree under IODeviceTree:/arm-io/sep and manged by the AppleSEPManager driver as seen [https://web.archive.org/web/20130923194253/http://winocm.com/images/ioregdump.txt here]
   
 
==SEP OS==
 
==SEP OS==
   
The SEP has its own OS called SEP OS which is based on Darbat/L4[https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf][https://ts.data61.csiro.au/publications/papers/Lee_Gray_06.pdf] and there exists a tool called [[seputil]] which is used to communicate with it.
+
The SEP has its own OS called SEP OS which is based on Darbat/L4[https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf][https://web.archive.org/web/20190404203802/https://ts.data61.csiro.au/publications/papers/Lee_Gray_06.pdf] and there exists a tool called [[seputil]] which is used to communicate with it.
   
 
==Further References==
 
==Further References==

Latest revision as of 21:09, 21 April 2022

The Secure Enclave (not to be confused with the Secure Element) is part of the A7 and newer chips used for data protection, Touch ID, and Face ID. The purpose of the Secure Enclave is to handle keys and other info such as biometrics that is sensitive enough to not be handled by the AP. It is isolated with a hardware filter so the AP cannot access it. It shares RAM with the AP, but its portion of the RAM (known as TZ0) is encrypted. The secure enclave itself is a flashable 4MB AKF processor core called the secure enclave processor (SEP) as documented in Apple Patent Application 20130308838. The technology used is similar to ARM's TrustZone/SecurCore but contains proprietary code for Apple KF cores in general and SEP specifically. It is also responsible for generating the UID key on A9 or newer chips that protects user data at rest.

The SEP is located in the devicetree under IODeviceTree:/arm-io/sep and manged by the AppleSEPManager driver as seen here

SEP OS

The SEP has its own OS called SEP OS which is based on Darbat/L4[1][2] and there exists a tool called seputil which is used to communicate with it.

Further References

www.forbes.com