|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Secure Enclave"
(→Examples) |
|||
| Line 6: | Line 6: | ||
The SEP has its own OS called SEP OS and there exists a tool called [[seputil]] which is used to communicate with it. |
The SEP has its own OS called SEP OS and there exists a tool called [[seputil]] which is used to communicate with it. |
||
| − | |||
| − | ==Examples== |
||
| − | <pre> |
||
| − | ./seputil --pingflood |
||
| − | SEP ping #1000 |
||
| − | SEP ping #2000 |
||
| − | SEP ping #3000 |
||
| − | SEP ping #4000 |
||
| − | |||
| − | ./seputil --load sep-firmware.img4 |
||
| − | seputil: load fw returned 0xe00002d5 |
||
| − | seputil: load failed |
||
| − | |||
| − | ./seputil --new-nonce |
||
| − | Nonce (20 bytes): 0x67fc18385630dc6429726677d196c81466f47b5e |
||
| − | |||
| − | ./seputil --art get |
||
| − | raw ART: 305e0201003037020218340414519c0248f04d316a3d71e03978b4126fbfb2b15c0400041467fc18385630dc6429726677d196c81466f47b5e3103c00100042027b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60 |
||
| − | Successfully parsed ART: |
||
| − | counter: 6196 |
||
| − | manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c |
||
| − | sleep hash is absent |
||
| − | restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e |
||
| − | |||
| − | ./seputil --art set |
||
| − | Segmentation fault: 11 |
||
| − | |||
| − | ./seputil --log |
||
| − | Kernel message log has 128 entries |
||
| − | 289344381444: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289344385176: 0x0000000000000000 TX interrupt |
||
| − | 289344391044: 0x0000000000000000 TX interrupt |
||
| − | 289344408988: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289344409016: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289344413132: 0x0000000000000000 RX interrupt |
||
| − | 289344413304: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289344413904: 0x0000000000000000 RX interrupt |
||
| − | 289344413944: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289344414176: 0x0018000000dd1007 TX message ept 7, tag 10, opcode dd, param 0, data 180000 |
||
| − | 289344443356: 0x0000000000000000 RX interrupt |
||
| − | 289344443428: 0x0068000000dd9007 RX message ept 7, tag 90, opcode dd, param 0, data 680000 |
||
| − | 289346822748: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 |
||
| − | 289346829480: 0x0000000000000000 RX interrupt |
||
| − | 289346829560: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 |
||
| − | 289346830136: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 |
||
| − | 289406511168: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289406511204: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289406538900: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289406538936: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289406543628: 0x0000000000000000 TX interrupt |
||
| − | 289406549916: 0x0000000000000000 TX interrupt |
||
| − | 289406566580: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289406566612: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289406571220: 0x0000000000000000 RX interrupt |
||
| − | 289406571476: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289406571908: 0x0000000000000000 RX interrupt |
||
| − | 289406571952: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289406572320: 0x0018000000de1007 TX message ept 7, tag 10, opcode de, param 0, data 180000 |
||
| − | 289406605068: 0x0000000000000000 RX interrupt |
||
| − | 289406605152: 0x0068000000de9007 RX message ept 7, tag 90, opcode de, param 0, data 680000 |
||
| − | 289407383260: 0x003c000000df0907 TX message ept 7, tag 9, opcode df, param 0, data 3c0000 |
||
| − | 289407396284: 0x0000000000000000 RX interrupt |
||
| − | 289407396380: 0x002c000000df8907 RX message ept 7, tag 89, opcode df, param 0, data 2c0000 |
||
| − | 289407403656: 0x003c000000e00907 TX message ept 7, tag 9, opcode e0, param 0, data 3c0000 |
||
| − | 289407411688: 0x0000000000000000 RX interrupt |
||
| − | 289407411736: 0x002c000000e08907 RX message ept 7, tag 89, opcode e0, param 0, data 2c0000 |
||
| − | 289407414732: 0x003c000000e10907 TX message ept 7, tag 9, opcode e1, param 0, data 3c0000 |
||
| − | 289407422472: 0x0000000000000000 RX interrupt |
||
| − | 289407422524: 0x002c000000e18907 RX message ept 7, tag 89, opcode e1, param 0, data 2c0000 |
||
| − | 289408986276: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 |
||
| − | 289408991756: 0x0000000000000000 RX interrupt |
||
| − | 289408991824: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 |
||
| − | 289408992472: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 |
||
| − | 289459393276: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289459393348: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289459423004: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289459423048: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289459452628: 0x0000000000000000 TX interrupt |
||
| − | 289459453612: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289459453664: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289459466460: 0x0000000000000000 TX interrupt |
||
| − | 289459469548: 0x0000000000000000 RX interrupt |
||
| − | 289459470000: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289459470632: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289459471304: 0x0018000000e21007 TX message ept 7, tag 10, opcode e2, param 0, data 180000 |
||
| − | 289459524572: 0x0000000000000000 RX interrupt |
||
| − | 289459524728: 0x0068000000e29007 RX message ept 7, tag 90, opcode e2, param 0, data 680000 |
||
| − | 289459532644: 0x004c000000e30f07 TX message ept 7, tag f, opcode e3, param 0, data 4c0000 |
||
| − | 289459552888: 0x0000000000000000 RX interrupt |
||
| − | 289459553044: 0x002c000000e38f07 RX message ept 7, tag 8f, opcode e3, param 0, data 2c0000 |
||
| − | 289459646732: 0x0018000000e41007 TX message ept 7, tag 10, opcode e4, param 0, data 180000 |
||
| − | 289459681116: 0x0000000000000000 RX interrupt |
||
| − | 289459681272: 0x0068000000e49007 RX message ept 7, tag 90, opcode e4, param 0, data 680000 |
||
| − | 289461898836: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 |
||
| − | 289461906796: 0x0000000000000000 RX interrupt |
||
| − | 289461906968: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 |
||
| − | 289461908400: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 |
||
| − | 289526725980: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289526726016: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289526757512: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289526757552: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289526774468: 0x0000000000000000 TX interrupt |
||
| − | 289526782688: 0x0000000000000000 TX interrupt |
||
| − | 289526786468: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289526786540: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289526795320: 0x0000000000000000 RX interrupt |
||
| − | 289526795828: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289526796304: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289526796984: 0x0018000000e51007 TX message ept 7, tag 10, opcode e5, param 0, data 180000 |
||
| − | 289526847216: 0x0000000000000000 RX interrupt |
||
| − | 289526847348: 0x0068000000e59007 RX message ept 7, tag 90, opcode e5, param 0, data 680000 |
||
| − | 289529224460: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 |
||
| − | 289529235316: 0x0000000000000000 RX interrupt |
||
| − | 289529235488: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 |
||
| − | 289529236920: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 |
||
| − | 289584681764: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289584681836: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289584710576: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289584710608: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289584730996: 0x0000000000000000 TX interrupt |
||
| − | 289584738992: 0x0000000000000000 TX interrupt |
||
| − | 289584739572: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289584739612: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289584748648: 0x0000000000000000 RX interrupt |
||
| − | 289584748984: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289584749300: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 289584749332: 0x0018000000e61007 TX message ept 7, tag 10, opcode e6, param 0, data 180000 |
||
| − | 289584790484: 0x0000000000000000 RX interrupt |
||
| − | 289584790568: 0x0068000000e69007 RX message ept 7, tag 90, opcode e6, param 0, data 680000 |
||
| − | 289587176748: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 |
||
| − | 289587185760: 0x0000000000000000 RX interrupt |
||
| − | 289587185916: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 |
||
| − | 289587186840: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 |
||
| − | 288741485000: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 288741485084: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 288741514772: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 288741514812: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 288741533984: 0x0000000000000000 TX interrupt |
||
| − | 288741541992: 0x0000000000000000 TX interrupt |
||
| − | 288741543608: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 288741543680: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 288741552216: 0x0000000000000000 RX interrupt |
||
| − | 288741552884: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 288741553388: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 |
||
| − | 288741553672: 0x0018000000db1007 TX message ept 7, tag 10, opcode db, param 0, data 180000 |
||
| − | 288741591912: 0x0000000000000000 RX interrupt |
||
| − | 288741592040: 0x0068000000db9007 RX message ept 7, tag 90, opcode db, param 0, data 680000 |
||
| − | 288741599128: 0x004c000000dc0f07 TX message ept 7, tag f, opcode dc, param 0, data 4c0000 |
||
| − | 288741620732: 0x0000000000000000 RX interrupt |
||
| − | 288741620900: 0x002c000000dc8f07 RX message ept 7, tag 8f, opcode dc, param 0, data 2c0000 |
||
| − | 288742902624: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 |
||
| − | 288742912320: 0x0000000000000000 RX interrupt |
||
| − | 288742912496: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 |
||
| − | 288742913700: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 |
||
| − | 289344354176: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289344354216: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | 289344381416: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 |
||
| − | |||
| − | ./seputil --boot-check sep-firmware.img4 |
||
| − | preflight: manifest hash matches sepi |
||
| − | bootCheck: SEP may boot with ART |
||
| − | |||
| − | ./seputil --dump-fw sep-firmware.img4 |
||
| − | manifest digest (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c |
||
| − | sepi digest (20 bytes): a22813c5ceaeada5b7eeaa55808f3019814e8b8e |
||
| − | sepi nonce (20 bytes): e5074bd1befefc685c6b5ec6797ffc851366f76f |
||
| − | rsep digest (20 bytes): cb9f4c6520889e2582414c5969fb0abc3b0d8277 |
||
| − | rsep nonce (20 bytes): e5074bd1befefc685c6b5ec6797ffc851366f76f |
||
| − | </pre> |
||
==ART Object== |
==ART Object== |
||
Revision as of 09:17, 1 January 2014
The Secure Enclave is part of the A7 chip and a basic part of Apples Touch ID fingerprint technology. Within the Secure Enclave the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of A7 Chip and as well as the rest of iOS. The secure enclave itself is a flashable 4MB processor called the secure enclave processor (SEP) as documented in Apple Patent Application 20130308838. The technology used is basically ARM's TrustZone/SecurCore.
The SEP is located in the devicetree under IODeviceTree:/arm-io/sep and manged by the AppleSEPManager driver as seen here
SEP OS
The SEP has its own OS called SEP OS and there exists a tool called seputil which is used to communicate with it.
ART Object
Example 1:
./seputil --art get raw ART: 305e0201003037020218340414519c0248f04d316a3d71e03978b4126fbfb2b15c0400041467fc18385630dc6429726677d196c81466f47b5e3103c00100042027b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60 Successfully parsed ART: counter: 6196 manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c sleep hash is absent restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e
raw ART is also a DER encoded ASN.1 object:
30 — type tag indicating SEQUENCE
5e — length in octets of value that follows (92)
02 — type tag indicating INTEGER
01 — length in octets of value that follows
00 — value (0)
30 — type tag indicating SEQUENCE
37 — length in octets of value that follows (55)
02 — type tag indicating INTEGER
02 — length in octets of value that follows
1834 — value (6196) (of counter)
04 — type tag indicating STRING
14 — length in octets of value that follows (20)
519c0248f04d316a3d71e03978b4126fbfb2b15c — value (of manifest hash)
04 — type tag indicating STRING
00 — length in octets of value that follows (0); empty, so no value to follow (sleep has is absent)
04 — type tag indicating STRING
14 — length in octets of value that follows (20)
67fc18385630dc6429726677d196c81466f47b5e — value (of restore nonce)
31 — type tag indicating SET
03 — length in octets of value that follows (3)
c00100 — value
04 — type tag indicating STRING
20 — length in octets of value that follows (32)
27b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60 — value
Example 2:
./seputil --art get raw ART: 3072020100304b0202186c0414519c0248f04d316a3d71e03978b4126fbfb2b15c04147f75cb9012128cf71eb8fcd6b13e56a02a7324db041467fc18385630dc6429726677d196c81466f47b5e3103c0010004209ce3646167631d0df8d4db28973db8d5a27f85d345ad6ec220aeb1e22f39f31f Successfully parsed ART: counter: 6252 manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c sleep hash (20 bytes): 7f75cb9012128cf71eb8fcd6b13e56a02a7324db restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e
Decode (used the decoder here):
SEQUENCE (3 elem)
INTEGER 0
SEQUENCE (5 elem)
INTEGER 6252
OCTET STRING (20 byte) 519C0248F04D316A3D71E03978B4126FBFB2B15C
OCTET STRING (20 byte) 7F75CB9012128CF71EB8FCD6B13E56A02A7324DB
OCTET STRING (20 byte) 67FC18385630DC6429726677D196C81466F47B5E
SET (1 elem)
Private 0 (1 byte) 00
OCTET STRING (32 byte) 9CE3646167631D0DF8D4DB28973DB8D5A27F85D345AD6EC220AEB1E22F39F31F
Example 3:
./seputil --art clear ART cleared from storage ./seputil --art get seputil: Get ART command error: 0xe00002bc
