|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Secure Enclave"
m |
|||
| Line 1: | Line 1: | ||
The '''Secure Enclave''' is part of the [[A7]] chip and a basic part of Apples [[Touch ID]] fingerprint technology. Within the Secure Enclave the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of A7 Chip and as well as the rest of iOS. The secure enclave itself is a flashable 4MB processore called the secure enclave processor (SEP) as documented in [http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838 Appple Patent Application 20130308838]. The technology used is basically [http://www.arm.com/products/processors/technologies/trustzone/index.php ARM's TrustZone/SecurCore]. |
The '''Secure Enclave''' is part of the [[A7]] chip and a basic part of Apples [[Touch ID]] fingerprint technology. Within the Secure Enclave the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of A7 Chip and as well as the rest of iOS. The secure enclave itself is a flashable 4MB processore called the secure enclave processor (SEP) as documented in [http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838 Appple Patent Application 20130308838]. The technology used is basically [http://www.arm.com/products/processors/technologies/trustzone/index.php ARM's TrustZone/SecurCore]. |
||
| − | The SEP has its |
+ | The SEP has its own OS called SEP OS and there exists a tool called seputil which is used to communicate with it. |
seputil has the following valid commands: |
seputil has the following valid commands: |
||
Revision as of 16:16, 26 December 2013
The Secure Enclave is part of the A7 chip and a basic part of Apples Touch ID fingerprint technology. Within the Secure Enclave the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of A7 Chip and as well as the rest of iOS. The secure enclave itself is a flashable 4MB processore called the secure enclave processor (SEP) as documented in Appple Patent Application 20130308838. The technology used is basically ARM's TrustZone/SecurCore.
The SEP has its own OS called SEP OS and there exists a tool called seputil which is used to communicate with it.
seputil has the following valid commands:
--ping Send a PING operation to the SEP OS --load Load <file> as the SEP runtime firmware --restore Load <file> as the SEP runtime firmware in restore mode --restore+art Load <file> as the SEP runtime firmware in restore mode with ART --wait Pause for kernel driver to load before failing --preflight Pre-flight load/restore firmware against ART to pre-check for boot failures --log Dump the mailbox message log --rom status Get the ROM status --rom tz0 Send a ROM TZ0 command --rom nop Send a ROM NOP command --rom nonce Send a ROM nonce request --new-nonce Request new SEP/OS nonce --kill-nonce Request invalidate SEP/OS nonce --art get Dump current ART from Memory --art set Persist the supplied ART to storage --art clear Clear the persisted ART --art ctrtest Counter self-test (DESTRUCTIVE - WILL BRICK DEVICE) --sleep Sleep the SEP NOW! --nap Nap the SEP NOW! --pingflood Ping SEP endlessly --clkgate Enable SEP clock gating --get <obj> Read obj and write to stdout --put <obj> Read stdin and write to obj --boot-check <file> Check whether a firmware might be bootable WRT the current ART --dump-fw <file> Dump measurements of firmware file
