Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and...
Transcript of Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and...
![Page 1: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/1.jpg)
Ivan Krsti! Head of Security Engineering and Architecture, Apple
Behind the Scenes of iOS and Mac Security
![Page 2: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/2.jpg)
Mac secure boot iOS code integrity protection Find My
![Page 3: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/3.jpg)
Mac secure boot iOS code integrity protection Find My
![Page 4: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/4.jpg)
User Privacy Protection
Gatekeeper
![Page 5: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/5.jpg)
Gatekeeper macOS Catalina
First use, quarantined First use, quarantined Non-quarantined
Malicious content scan No known malicious content No known malicious content No known malicious content
Signature check No tampering No tampering "
Local policy check All new software requires notarization
All new software requires notarization "
First launch prompt User must approve Users must approve software in bundles "
![Page 6: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/6.jpg)
Contacts Calendars Reminders Photos
User Data Protections Data that requires user consent to access
![Page 7: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/7.jpg)
Contacts Calendars Reminders Photos
User Data Protections Data that requires user consent to access
![Page 8: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/8.jpg)
Contacts Calendars Reminders Photos
DesktopDocumentsDownloadsiCloud Drive Third-party cloud storageRemovable volumesNetwork volumes
User Data Protections Data that requires user consent to access
![Page 9: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/9.jpg)
What about secure boot?
![Page 10: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/10.jpg)
Apple Requirement UEFI
Signature verification of complete boot chain
System Software Authorization (server-side downgrade protection)
Authorization “personalized” for the requesting device (not portable)
User authentication required to downgrade secure boot policy
Secure boot policy protected against physical tamper
System can always be restored to known-good state
![Page 11: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/11.jpg)
T2
Mac Secure Boot
![Page 12: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/12.jpg)
T2 x86
Mac Secure Boot
![Page 13: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/13.jpg)
Mac Secure Boot
x86T2
![Page 14: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/14.jpg)
Mac Secure Boot
x86
UEFI firmwareiBootT2 ROM bridgeOS kernel
T2
![Page 15: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/15.jpg)
Mac Secure Boot
macOS booter
x86
macOS kernel
UEFI firmwareiBootT2 ROM bridgeOS kernel
T2
![Page 16: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/16.jpg)
Thunderbolt and PCIe Direct Memory Access (DMA) • Accessories can read/write host memory without the involvement of the CPU PCIe Option ROMs (OROMs) • Device-specific drivers for the early boot environment
Two Critical Challenges
![Page 17: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/17.jpg)
Refresher — OS Page Tablesx86 CPU MMU hardware x86 RAM
64 bit protected mode Virtual memory enabled
Page table hardware
Data 0x1570000
Verified UEFI firmware
“Read 4 bytes from address
0x000003000000000”
macOSUEFI
![Page 18: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/18.jpg)
Refresher — OS Page Tablesx86 CPU MMU hardware x86 RAM
64 bit protected mode Virtual memory enabled
Page table hardware
Data 0x1570000
Verified UEFI firmware
Consult page tables“Read 4 bytes from address
0x000003000000000”
macOSUEFI
![Page 19: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/19.jpg)
Refresher — OS Page Tablesx86 CPU MMU hardware x86 RAM
64 bit protected mode Virtual memory enabled
Page table hardware
Data 0x1570000
Verified UEFI firmware
Page tables: virtual address
0x000003000000000 is actually in RAM at
physical address 0x1570000
Consult page tables“Read 4 bytes from address
0x000003000000000”
macOSUEFI
![Page 20: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/20.jpg)
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFIRefresher — OS Page Tablesx86 CPU x86 RAM
64 bit protected mode
Data 0x1570000
Verified UEFI firmware
Page tables: virtual address
0x000003000000000 is actually in RAM at
physical address 0x1570000
“Read 4 bytes from address
0x000003000000000”
![Page 21: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/21.jpg)
MMU hardwareVirtual memory enabled
Page table hardware
Fetch from 0x1570000
in RAM instead of 0x000003000000000
macOSUEFIRefresher — OS Page Tablesx86 CPU x86 RAM
64 bit protected mode
Data 0x1570000
Verified UEFI firmware
Page tables: virtual address
0x000003000000000 is actually in RAM at
physical address 0x1570000
“Read 4 bytes from address
0x000003000000000”
![Page 22: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/22.jpg)
macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
Unrestricted Direct Memory Accessx86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
Kernel heapPacket buffer
NIC kernel extension
macOS kernelFetch instructions
Network packet
![Page 23: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/23.jpg)
macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
Unrestricted Direct Memory Accessx86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
Kernel heapPacket buffer
NIC kernel extension
macOS kernelFetch instructions
Network packet
![Page 24: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/24.jpg)
macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
Unrestricted Direct Memory Accessx86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
Kernel heapPacket buffer
NIC kernel extension
macOS kernelFetch instructions
Network packet
![Page 25: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/25.jpg)
Unrestricted Direct Memory Access macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
x86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
NIC kernel extension
macOS kernelFetch instructions
Kernel heapPacket buffer! Network packet
![Page 26: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/26.jpg)
Unrestricted Direct Memory Access macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
x86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
NIC kernel extension
macOS kernelFetch instructions
Kernel heapPacket buffer! Network packet
![Page 27: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/27.jpg)
Unrestricted Direct Memory Access macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
x86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
NIC kernel extension
macOS kernelFetch instructions
Kernel heapPacket buffer
! Network packet
![Page 28: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/28.jpg)
Intel Virtualization Technology for Directed I/O (VT-d) is a mechanism by which the host can place restrictions on DMA from peripherals VT-d creates an I/O Memory Management Unit (IOMMU) to manage DMA We’ve used VT-d to protect the kernel since OS X Mountain Lion in 2012
VT-d
![Page 29: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/29.jpg)
macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
x86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
Fetch instructions
Direct Memory Access with VT-d
Kernel heapPacket buffer
NIC kernel extension
macOS kernel
VT-d IOMMU hardware
Page table hardware
! Network packet
![Page 30: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/30.jpg)
macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
x86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
Fetch instructions
Direct Memory Access with VT-d
Kernel heapPacket buffer
NIC kernel extension
macOS kernel
VT-d IOMMU hardware
Page table hardware
Consult page tables! Network packet
![Page 31: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/31.jpg)
macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
x86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
Fetch instructions
Direct Memory Access with VT-d
Kernel heapPacket buffer
NIC kernel extension
macOS kernel
VT-d page tables: “Packet buffer R/W,
everything else unmapped”
VT-d IOMMU hardware
Page table hardware
Consult page tables! Network packet
![Page 32: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/32.jpg)
macOSUEFI
MMU hardwareVirtual memory enabled
Page table hardware
x86 CPU
Network Interface Card (NIC)
64 bit protected modex86 RAM
Fetch instructions
Direct Memory Access with VT-d
Kernel heapPacket buffer
NIC kernel extension
macOS kernel
VT-d page tables: “Packet buffer R/W,
everything else unmapped”
VT-d IOMMU hardware
Page table hardware
Consult page tables! Network packet
![Page 33: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/33.jpg)
DMA Protection for Thunderbolt
x86
macOS kernelUEFI firmwareT2
![Page 34: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/34.jpg)
DMA Protection for Thunderbolt
macOS kernelUEFI firmwareT2
Thunderbolt malicious DMA
x86
![Page 35: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/35.jpg)
DMA Protection for Thunderbolt
macOS kernelUEFI firmwareT2
VT-d setup
Thunderbolt malicious DMA
x86
![Page 36: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/36.jpg)
DMA Protection for Thunderbolt
macOS kernelUEFI firmwareT2
VT-d setup
Thunderbolt malicious DMA
x86
![Page 37: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/37.jpg)
DMA Protection for Thunderbolt
macOS kernelUEFI firmwareT2
VT-d setup
x86
Thunderbolt malicious DMA
![Page 38: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/38.jpg)
macOS kernelUEFI firmwareT2
x86
DMA Protection for Thunderbolt
VT-d setup
Thunderbolt malicious DMA
![Page 39: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/39.jpg)
macOS kernelUEFI firmwareT2
x86
DMA Protection for Thunderbolt
VT-d setup
Thunderbolt malicious DMA
![Page 40: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/40.jpg)
macOS kernelUEFI firmwareT2
x86
DMA Protection for Thunderbolt
VT-d setup
Thunderbolt malicious DMA
![Page 41: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/41.jpg)
macOS kernelUEFI firmwareT2
x86
DMA Protection for PCIe
VT-d setup
Thunderbolt malicious DMA
![Page 42: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/42.jpg)
macOS kernelUEFI firmwareT2
x86
DMA Protection for PCIe
VT-d setup
Thunderbolt malicious DMA
PCIe malicious DMA
![Page 43: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/43.jpg)
macOS kernelUEFI firmwareT2
x86
DMA Protection for PCIe
VT-d setup
Thunderbolt malicious DMA
PCIe malicious DMA
![Page 44: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/44.jpg)
macOS kernelUEFI firmwareT2
x86
DMA Protection for PCIe
VT-d setup
Thunderbolt malicious DMA
PCIe malicious DMA
![Page 45: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/45.jpg)
macOS kernel
T2
x86
VT-d setup
DMA Protection for PCIe Bus 0
Thunderbolt malicious DMA
PCIe malicious DMA
UEFI firmware
![Page 46: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/46.jpg)
macOS kernel
T2
x86
Thunderbolt malicious DMA
PCIe malicious DMA
Pre-RAM firmware Post-RAM firmware
VT-d setup
DMA Protection for PCIe Bus 0
![Page 47: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/47.jpg)
macOS kernel
T2
x86
Thunderbolt malicious DMA
PCIe malicious DMA
Pre-RAM firmware Post-RAM firmware
VT-d setup
PCIe Bus 0 malicious DMA
DMA Protection for PCIe Bus 0
![Page 48: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/48.jpg)
MMU hardwarePass-through
Page table hardware
T2x86 CPU32 bit protected mode
CacheStack
RAM not initialized
Fetch instructions
macOSUEFI
VT-d IOMMU hardware
Page table hardware x86 RAM
Verified, read-only UEFI firmware
![Page 49: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/49.jpg)
MMU hardwarePass-through
Page table hardware
T2x86 CPU32 bit protected mode
CacheStack
RAM not initialized
Fetch instructions
macOSUEFI
VT-d IOMMU hardware
Page table hardware
Pre-RAM
x86 RAM
Verified, read-only UEFI firmware
![Page 50: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/50.jpg)
VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions RAM not initializedx86 RAM
Verified, read-only UEFI firmware
Verified UEFI firmware
Pre-RAM
![Page 51: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/51.jpg)
VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode Verified, read-only
UEFI firmware
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions RAM not initializedx86 RAMVerified, read-only
UEFI firmwareVerified
UEFI firmware
Pre-RAM
![Page 52: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/52.jpg)
PCIe Bus 0 device VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 RAM
Verified, read-only UEFI firmware
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions
Pre-RAM
Verified UEFI firmware
! Malicious data
![Page 53: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/53.jpg)
PCIe Bus 0 device VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 RAM
Verified, read-only UEFI firmware
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions
Pre-RAM
Verified UEFI firmware
! Malicious data
![Page 54: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/54.jpg)
PCIe Bus 0 device VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 RAM
Verified, read-only UEFI firmware
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions
Pre-RAM
Verified UEFI firmware! Malicious data
![Page 55: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/55.jpg)
// This array contains the root and interrupt remapping tables. Each table is // 4kB, and must be 4kB aligned as well. We can only guarantee the alignment by // manually mapping our 2 4kB tables into this 12kB array. By initializing the // array to all zeros, every bus is marked as not present, and no interrupts // are allowed. STATIC UINT8 mTables[TABLE_SIZE * 3] = {0};
STATIC EFI_STATUS EFIAPI VTdBlockDMAForUnit(UINTN VTdBar) { EFI_STATUS Status; VTD_ECAP_REG ExtCapabilities; UINT64 RootTable; UINT64 InterruptTable;
CHECKED_VTD_CALL(CheckCapabilities(VTdBar));
// ExtCap needed for IOTLB register offset ExtCapabilities.Uint64 = MmioRead64(VTdBar + R_ECAP_REG);
![Page 56: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/56.jpg)
// This array contains the root and interrupt remapping tables. Each table is // 4kB, and must be 4kB aligned as well. We can only guarantee the alignment by // manually mapping our 2 4kB tables into this 12kB array. By initializing the // array to all zeros, every bus is marked as not present, and no interrupts // are allowed. STATIC UINT8 mTables[TABLE_SIZE * 3] = {0};
STATIC EFI_STATUS EFIAPI VTdBlockDMAForUnit(UINTN VTdBar) { EFI_STATUS Status; VTD_ECAP_REG ExtCapabilities; UINT64 RootTable; UINT64 InterruptTable;
CHECKED_VTD_CALL(CheckCapabilities(VTdBar));
// ExtCap needed for IOTLB register offset ExtCapabilities.Uint64 = MmioRead64(VTdBar + R_ECAP_REG);
![Page 57: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/57.jpg)
UINT64 InterruptTable;
CHECKED_VTD_CALL(CheckCapabilities(VTdBar));
// ExtCap needed for IOTLB register offset ExtCapabilities.Uint64 = MmioRead64(VTdBar + R_ECAP_REG);
RootTable = (UINT64)mTables;
// Align the root table to a 4kB boundary within the table buffer. RootTable = (RootTable + TABLE_SIZE - 1) & ~(TABLE_SIZE - 1);
// Set deny-all root table SetRootTable(VTdBar, RootTable);
// Put the interrupt remapping table right after the root table InterruptTable = RootTable + TABLE_SIZE;
// Set deny-all interrupt table SetInterruptRemapTable(VTdBar, InterruptTable);
Use mTable as RootTable
![Page 58: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/58.jpg)
RootTable = (UINT64)mTables;
// Align the root table to a 4kB boundary within the table buffer. RootTable = (RootTable + TABLE_SIZE - 1) & ~(TABLE_SIZE - 1);
// Set deny-all root table SetRootTable(VTdBar, RootTable);
// Put the interrupt remapping table right after the root table InterruptTable = RootTable + TABLE_SIZE;
// Set deny-all interrupt table SetInterruptRemapTable(VTdBar, InterruptTable);
Use RootTable for DMA VT-d
![Page 59: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/59.jpg)
// Set deny-all root table SetRootTable(VTdBar, RootTable);
// Put the interrupt remapping table right after the root table InterruptTable = RootTable + TABLE_SIZE;
// Set deny-all interrupt table SetInterruptRemapTable(VTdBar, InterruptTable);
Same for MSI VT-d interrupts
![Page 60: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/60.jpg)
![Page 61: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/61.jpg)
VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 RAM
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions
Verified, read-only UEFI firmware
Pre-RAM
Verified, read-only UEFI firmware
Verified UEFI firmware
![Page 62: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/62.jpg)
VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 RAM
Bus0 VT-d page tables “deny all”
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions
Verified, read-only UEFI firmware
Pre-RAM
Verified, read-only UEFI firmware
Verified UEFI firmware
![Page 63: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/63.jpg)
VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 RAM
Bus0 VT-d page tables “deny all”
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions
Verified, read-only UEFI firmware
Pre-RAM
Verified, read-only UEFI firmware
Verified UEFI firmware
![Page 64: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/64.jpg)
VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 RAM
Bus0 VT-d page tables “deny all”
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions
PCIe Bus 0 device
Pre-RAM
! Malicious data
Verified UEFI firmware
Verified, read-only UEFI firmware
![Page 65: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/65.jpg)
VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 RAM
Bus0 VT-d page tables “deny all”
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions
PCIe Bus 0 device
Consult page tables
Pre-RAM
! Malicious data
Verified UEFI firmware
Verified, read-only UEFI firmware
![Page 66: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/66.jpg)
VT-d IOMMU hardware
Page table hardware
T2x86 CPU64 bit protected mode
x86 RAM
Bus0 VT-d page tables “deny all”
x86 CPU64 bit protected mode
MMU hardwareVirtual memory enabled
Page table hardware
macOSUEFI
Fetch instructions
PCIe Bus 0 device
Consult page tables
Pre-RAM
! Malicious data
Verified UEFI firmware
Verified, read-only UEFI firmware
![Page 67: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/67.jpg)
macOS kernel
T2
x86
Thunderbolt malicious DMA
PCIe malicious DMA
Pre-RAM firmware Post-RAM firmware
VT-d setup
PCIe Bus 0 malicious DMA
DMA Protection for PCIe Bus 0
![Page 68: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/68.jpg)
macOS kernel
T2
x86
Thunderbolt malicious DMA
PCIe malicious DMA
Pre-RAM firmware Post-RAM firmware
VT-d setup
PCIe Bus 0 malicious DMA
DMA Protection for PCIe Bus 0
![Page 69: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/69.jpg)
macOS kernel
T2
x86
Thunderbolt malicious DMA
PCIe malicious DMA
Pre-RAM firmware Post-RAM firmware
VT-d setup
PCIe Bus 0 malicious DMA
DMA Protection for PCIe Bus 0
![Page 70: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/70.jpg)
PCIe Option ROMs
![Page 71: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/71.jpg)
Device drivers which PCIe devices supply to UEFI UEFI firmware, including OROMs, mostly all run at the same x86 privilege level: Ring 0 All code loaded after OROMs, including the booter and kernel, isvulnerable to overwrite
PCIe Option ROMs
![Page 72: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/72.jpg)
Other UEFI drivers (storage, network, etc)
Core UEFI firmware
PCIe card 2PCIe card 1 PCIe card 3
x86 CPU
Virtual Memory Space
Ring 0 (More privileged)
Hardware (More privileged)
OROM 1
OROM 2
OROM 3
![Page 73: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/73.jpg)
PCIe card 2PCIe card 1 PCIe card 3
x86 CPU
Virtual Memory Space
Ring 0 (More privileged)
Hardware (More privileged)
Other UEFI drivers (storage, network, etc)
Core UEFI firmware
OROM 1
OROM 2
OROM 3
![Page 74: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/74.jpg)
PCIe card 2PCIe card 1 PCIe card 3
x86 CPU
Virtual Memory Space
Ring 0 (More privileged)
Hardware (More privileged)
Other UEFI drivers (storage, network, etc)
Core UEFI firmware
OROM 1
OROM 2
OROM 3
![Page 75: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/75.jpg)
PCIe card 2PCIe card 1 PCIe card 3
x86 CPU
Ring 0 (More privileged)
Hardware (More privileged)
Virtual Memory Space
Other UEFI drivers (storage, network, etc)
Core UEFI firmware
OROM 1
OROM 2
OROM 3Ring 3 (Less privileged)
![Page 76: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/76.jpg)
PCIe card 2PCIe card 1 PCIe card 3
x86 CPU
Ring 0 (More privileged)
Hardware (More privileged)
Virtual Memory Space
Other UEFI drivers (storage, network, etc)
Core UEFI firmware
OROM 1
OROM 2
OROM 3Ring 3 (Less privileged)
![Page 77: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/77.jpg)
Other UEFI drivers (storage, network, etc)
x86 CPU
Core UEFI firmware
OROM 2 OROM 3OROM 1
PCIe card 2PCIe card 1 PCIe card 3
Ring 0 (More privileged)
Ring 3 (Less privileged)
Hardware (More privileged)
![Page 78: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/78.jpg)
Other UEFI drivers (storage, network, etc)Non-sandboxed UEFI drivers
x86 CPU
Core UEFI firmware
Virtual Memory Space 1 Virtual Memory Space 2 Virtual Memory Space 3
OROM 2 OROM 3OROM 1
PCIe card 2PCIe card 1 PCIe card 3
Ring 0 (More privileged)
Ring 3 (Less privileged)
Hardware (More privileged)
![Page 79: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/79.jpg)
Other UEFI drivers (storage, network, etc)Non-sandboxed UEFI drivers
OROM sandbox driver
x86 CPU
Core UEFI firmware
Virtual Memory Space 1 Virtual Memory Space 2 Virtual Memory Space 3
OROM 2 OROM 3OROM 1
PCIe card 2PCIe card 1 PCIe card 3
Ring 0 (More privileged)
Ring 3 (Less privileged)
Hardware (More privileged)
![Page 80: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/80.jpg)
Other UEFI drivers (storage, network, etc)Non-sandboxed UEFI drivers
OROM sandbox driver
x86 CPU
Core UEFI firmware
Virtual Memory Space 1 Virtual Memory Space 2 Virtual Memory Space 3
OROM 2 OROM 3OROM 1
PCIe card 2PCIe card 1 PCIe card 3
Ring 0 (More privileged)
Ring 3 (Less privileged)
Hardware (More privileged)
![Page 81: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/81.jpg)
OROMs can only call a limited subset of expected UEFI interfaces • Similar to system call filtering OROMs can only install a limited subset of expected UEFI interfaces • E.g. read and write to disk blocks, or draw to graphics
OROM Sandbox
![Page 82: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/82.jpg)
OROM sandbox driver
Non-sandboxed UEFI drivers
x86 CPU
Virtual Memory Space 1 Virtual Memory Space 2 Virtual Memory Space 3
OROM 2OROM 1 OROM 3
PCIe card 2PCIe card 1 PCIe card 3
Core UEFI firmware
Ring 0 (More privileged)
Ring 3 (Less privileged)
Hardware (More privileged)
![Page 83: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/83.jpg)
OROM sandbox driver
Non-sandboxed UEFI drivers
x86 CPU
Virtual Memory Space 1 Virtual Memory Space 2 Virtual Memory Space 3
OROM 2OROM 1Call “Write NVRAM” interface
OROM 3
PCIe card 2PCIe card 1 PCIe card 3
Core UEFI firmware
Ring 0 (More privileged)
Ring 3 (Less privileged)
Hardware (More privileged)
![Page 84: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/84.jpg)
OROM sandbox driver
Non-sandboxed UEFI driversRing 0 (More privileged)
Ring 3 (Less privileged)
Hardware (More privileged)
PCIe card 2PCIe card 1 PCIe card 3
Core UEFI firmware
x86 CPU
Virtual Memory Space 1 Virtual Memory Space 2 Virtual Memory Space 3
OROM 2OROM 1 OROM 3
![Page 85: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/85.jpg)
OROM sandbox driver
Non-sandboxed UEFI driversRing 0 (More privileged)
Ring 3 (Less privileged)
Hardware (More privileged)
PCIe card 2PCIe card 1 PCIe card 3
Core UEFI firmware
x86 CPU
Virtual Memory Space 1 Virtual Memory Space 2 Virtual Memory Space 3
“I’m a SecureBoot driver”
“I’m a network driver (for Card 2)”
“I’m a storage driver (for Card 1)”
OROM 2OROM 1 OROM 3
![Page 86: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/86.jpg)
OROM can only talk to the assigned device in its sandbox • This is the device it was embedded on The VT-d policy allows a device to DMA to any memory allocated within its OROM’s sandbox • Preserve high-throughput DMA but with strong VT-d protection • OROM doesn’t even have to be VT-d aware!
OROM Sandbox
![Page 87: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/87.jpg)
OROM Sandbox will drive attackers to privilege escalation and sandbox escapes We added a strong set of exploit mitigations to EFI on T2 systems • Stack Cookies • All EFI memory W^X with read-only page tables • SMAP: Ring 0 can’t directly read/write Ring 3 data • SMEP: Ring 0 can’t execute Ring 3 code • Some Spectre/Meltdown mitigations
EFI Exploit Mitigations
![Page 88: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/88.jpg)
The T2 Security Chip brings key secure boot properties from iOS to the Mac, far outclassing UEFI SecureBoot-based systems Our DMA protection for PCIe Bus 0 provides state-of-the-art protection against DMA attacks targeting firmware The Mac OROM Sandbox provides unprecedented defense against malicious PCIe Option ROMs compromising the secure boot process
Mac Secure Boot Summary
![Page 89: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/89.jpg)
Mac secure boot iOS code integrity protection Find My
![Page 90: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/90.jpg)
Kernelcache signature verified by iBoot at load time Userland __TEXT pages code signed • CodeDirectory checked at load time (or static) • Pages checked at fault time Compromised kernel could change its own __TEXT Compromised kernel could disable codesigning altogether, or alter userland pages
Software Enforced Code Integrity Before iOS 9
![Page 91: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/91.jpg)
Goal • Maintain integrity of kernel code and read-only data after secure boot Threat model • Kernel arbitrary read/write • Arbitrary kernel instruction pointer control • Arbitrary read/write by DMA agents and system coprocessors Out of scope • Secure boot bypass
Kernel Integrity Protection
![Page 92: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/92.jpg)
At system initialization, EL3 monitor creates array of kernel page table and text hashes in TZ1 Monitor periodically verifies hashes, panics on mismatch Effective against long-lived patches, inherently vulnerable to races
Kernel Integrity Protection v0 iOS 9
![Page 93: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/93.jpg)
Kernel Integrity Protection v0
CPU Address,TZ1 (TZ1 can only be set by
Accesses from EL3)
EL3, EL1, EL0
Memory controller
TZ1 endData TZ1 base
DRAM
Monitor code
Page hashes
Kernel code
Kernel data
Kernel code
Kernel data
Kernel code
TZ1 Access requires TZ1 bit
![Page 94: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/94.jpg)
Bootstrap KIP Disable FPU Bootstrap XNU Trap to KIP Hash all regions
Save system registers
Disable FPU
Trap to EL3
IRQ
Return to EL1/EL0
Route IRQs to EL3
Reenable FPU
Return to EL1/EL0
Check hashes
Trap to EL3
Trap to XNU
Attempt FP
![Page 95: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/95.jpg)
Must protect critical data in addition to code • Page tables • Global offset table entries • Sandbox configuration Integrity verification after boot is vulnerable to race conditions Easier to adapt hardware architecture to fit security requirements
Lessons Learned
![Page 96: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/96.jpg)
New hardware design tailored to our goals Our threat model had three hardware requirements • CPU prevents modification of kernel memory • CPU also prevents EL1 execution of non-kernel memory • Memory controller prevents DMA writes to protected physical range
Kernel Integrity Protection v1 iPhone 7
![Page 97: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/97.jpg)
Kernel Integrity Protection v1
CPU
Memory controller
ROR endROR base
DRAM
Init code
Kernel and kext code
Kernel page tables
Read Only Region (ROR)
MMU
Kernel endKernel base
X, RO
XN, RO
XN, RW
PA, XN, ROVA
![Page 98: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/98.jpg)
We have a strong design for code, but protecting data requires additional finesse Neither KIP v0 nor KIP v1 prevent modification of TTBR1, which tells CPU where to find the kernel’s page tables By using a very careful initialization sequence, we make sure no instructions are available to modify TTBR1 after CPU finishes initializing
Kernel Integrity Protection v1: Read-Only Data
![Page 99: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/99.jpg)
Required significant rework of kernelcache layout Build time checks that no TTBR1 write gadget exists Very effective at protecting kernel code integrity Only public bypass was off-by-one error in our protection range calculation
Kernel Integrity Protection v1
![Page 100: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/100.jpg)
Applied lessons learned from KIP v1 Control bits prevent changes to TTBR1, MMU enable, and exception vector addresses • Guarantees in hardware that MMU configuration cannot be modified • Replaces init-only instructions from KIP v1 Configuration is retained when CPU goes into idle power-off • Less complexity in power management transitions
Kernel Integrity Protection v2 iPhone Xs
![Page 101: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/101.jpg)
Robust enforcement of kernel code and read-only data integrity Hardware implementation tailored to software security requirements Essential foundation for next-generation security features
Kernel Integrity Protection Summary
![Page 102: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/102.jpg)
Builds upon software-only Hardened WebKit JIT Mapping in iOS 10 CPU register to quickly restrict permissions on RWX memory, per thread Removes overhead of a syscall and walking page tables to change permissions
Fast Permission Restrictions (APRR) iPhone X
![Page 103: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/103.jpg)
Pre-APRR VM Permissions
Process code Heap Framework code JIT memory
R-X RW- R-X RWX
![Page 104: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/104.jpg)
APRR: JavaScriptCore Execution Threads
Process code Heap Framework code JIT memory
R-X RW- R-X RWX
APRR = ~W
Effective = R-X
![Page 105: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/105.jpg)
APRR: JavaScriptCore JIT Compiler Thread
Process code Heap Framework code JIT memory
R-X RW- R-X RWX
APRR = ~X
Effective = RW-
![Page 106: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/106.jpg)
What about userland?
![Page 107: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/107.jpg)
KIP gives us strong integrity protection for kernel text Page table overrides with KIP rely on kernel code being static Userland code is dynamically loaded, so we would need dynamic overrides
Protecting Userland Integrity
![Page 108: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/108.jpg)
Ensures userland code can’t be modified after code signature checks complete Built upon KIP and APRR Manages page tables, code signing validation Small TCB Guarantees only code inside PPL can alter protected pages
Page Protection Layer (PPL) iPhone Xs
![Page 109: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/109.jpg)
Kernel heap Kernel code Page tables
PPL heapPPL codeTrampolines
DefaultAPRREffective
RW- R-X R-X R-X R-X RW- RW-~X ~X ~W ~W
RW- R-X R-X R-- R-- R-- R--
![Page 110: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/110.jpg)
Kernel heap Kernel code Page tables
PPL heapPPL codeTrampolines
DefaultAPRREffective
RW- R-X R-X R-X R-X RW- RW-
RW- R-X R-X R-X R-X RW- RW-
![Page 111: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/111.jpg)
System-wide dynamic code integrity enforcement • Even with a compromised kernel! Massive attack surface reduction Low overhead • No hypervisor traps • No nested page tables
Page Protection Layer Summary
![Page 112: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/112.jpg)
With code integrity protected, how do we protect control flow?
![Page 113: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/113.jpg)
New instructions in ARMv8.3 Uses spare bits in pointers to store a cryptographic hash Designed to be robust in the presence of arbitrary read/write primitives
Pointer Authentication
![Page 114: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/114.jpg)
Pointer Authentication Instructions
pacKK Xd, Xn
IB keyDA keyDB key
IA key Encrypt Xd
Extra data
Pointer
Key
Signed Pointer
![Page 115: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/115.jpg)
Pointer Authentication Sign
0000000Pointer
100a41238
![Page 116: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/116.jpg)
Pointer Authentication Sign
0000000Padding Address
100a41238
![Page 117: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/117.jpg)
Pointer Authentication Sign
7b9352eAddress
100a41238Signature
![Page 118: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/118.jpg)
Pointer Authentication Authenticate
Address
100a412387b9352eSignature
![Page 119: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/119.jpg)
Pointer Authentication Authenticate
Address
0000000100a41238Padding
![Page 120: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/120.jpg)
7b9352f
Pointer Authentication Auth failure
Signature Address
100a41238
![Page 121: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/121.jpg)
2000000
Pointer Authentication Auth failure
Address
100a41238Padding
![Page 122: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/122.jpg)
5 secret 128-bit values • IA, IB, DA, DB, and GA keys • I keys for instructions, D keys for data • GA key for data MAC Randomly generated • At boot (A keys) • At process creation (B keys) Can’t be read by attacker
Pointer Authentication Keys
![Page 123: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/123.jpg)
Pointer Authentication Pointers to code
Function Return Address I B Storage Address
Function Pointers I A 0
Block Invocation Function I A Storage Address
Objective-C Method Cache I B Storage Address + Class + Selector
C++ V-Table Entries I A Storage Address + Hash(mangled method name)
Computed Goto Label I A Hash(function name)
1010 1110 1001
+
![Page 124: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/124.jpg)
Pointer Authentication Function return address before PAC_func:
stp x29, x30, [sp, #-16]! ... ldp x29, x30, [sp], #16 ret
![Page 125: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/125.jpg)
Pointer Authentication Function return address after PAC_func: pacibsp stp x29, x30, [sp, #-16]! ... ldp x29, x30, [sp], #16 retab
1010 1110 1001
+
IB Code
Process
StorageAddress
![Page 126: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/126.jpg)
Pointer Authentication Pointers to data, code via data
Kernel Thread State G A *
User Thread State Registers I A Storage Address
C++ V-Table Pointers D A 0
1010 1110 1001
+
![Page 127: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/127.jpg)
Abort on all authentication failures in kernel Adoption across all Apple kexts Hardened jump tables
Pointer Authentication Improvements in iOS 13
![Page 128: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/128.jpg)
ObjC method dispatch hardening • Sign and authenticate IMP pointers in
method cache tables Hardened exception handling • Hash and verify sensitive register state JavaScriptCore JIT and extra data hardening
Pointer Authentication Improvements in iOS 13
![Page 129: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/129.jpg)
Authenticated members of high value data structures • Processes, tasks • Codesigning • Virtual Memory subsystem • IPC structures
Pointer Authentication Coming soon
![Page 130: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/130.jpg)
Mac secure boot iOS code integrity protection Find My
![Page 131: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/131.jpg)
Any device in proximity can help, even if stranger to the owner Offline device communicates via Bluetooth with participating strangers (finders) Finders report their location and a timestamp Owner uses a second device to find the lost device
Helping users find lost devices, even when offline
![Page 132: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/132.jpg)
A static device identifier makes the device trackable Even with a rotated identifier, finder can’t encrypt location end-to-end • Server would have access to the location information
Challenges
![Page 133: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/133.jpg)
• Location reports are not accessible to Apple servers – Cannot read, modify, or even add bogus reports
• Finder identities and location not revealed to Apple servers – No finder identifier recorded – Reported location is encrypted
• Information broadcasted by the lost device cannot be used to track it, except by the owner
Security and Privacy Goals Protect owners, finders, and devices
![Page 134: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/134.jpg)
Find My Setup
Generate EC P-224 key pair {d, P = d # G} Generate symmetric key SK0 Store {d, P, SK0} in iCloud Keychain
Encrypted {d, P, SK0} in iCloud Keychain
![Page 135: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/135.jpg)
A Find My time period, i, is 15 minutes long Derive symmetric key SKi • SKi = KDF(SKi-1, “update”) Derive anti-tracking secret pair (ui, vi) • (ui, vi) = KDF(SKi, “diversify”) Unlinkably diversify public key P • Pi = ui # P + vi # G Broadcast Pi to nearby finders
Find My Device broadcasting its location
![Page 136: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/136.jpg)
Finder ECIES-encrypts its location to public key Pi Computes lookup indexi = SHA256(Pi) Uploads encrypted report with indexi to Apple servers
Find My Reporting location of a broadcasting device
![Page 137: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/137.jpg)
Find My Owner locating their device
Retrieve di from iCloud Keychain Compute Pi = di # G for lookup period i Compute lookup indexi = Hash(Pi) ECIES decrypt (posi,0, timei,0) = D(di, rec0)
Query DB for location reports at indexi
DB responds with [rec0, rec1, …]
![Page 138: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/138.jpg)
Novel design to enable users to enlist the help of strangers to locate lost devices Highly rigorous privacy properties to protect participating device owners and finders
Find My Summary
![Page 139: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/139.jpg)
Mac secure boot iOS code integrity protection Find My
![Page 140: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/140.jpg)
Mac secure boot iOS code integrity protection Find My
![Page 141: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/141.jpg)
Apple Security Bounty
![Page 142: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/142.jpg)
Platforms iOS, iCloud
Categories 5
Participation Very small invited researcher audience
Maximum payout $200,000
Introduced in 2016
![Page 143: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/143.jpg)
50 High-Value Reports
![Page 144: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/144.jpg)
What’s next?
![Page 145: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/145.jpg)
Apple Security Bounty will be open to all researchers
![Page 146: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/146.jpg)
![Page 147: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/147.jpg)
Revised and expanded categories
![Page 148: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/148.jpg)
Maximum Payout
Unauthorized access to iCloud account data on Apple servers $100,000
Attack via physical accessLock screen bypass $100,000
User data extraction $250,000
Attack via user-installed appUnauthorized access to high-value user data $100,000Kernel code execution $150,000CPU side channel attack on high-value user data $250,000
Network attack requiring user interactionOne-click unauthorized access to high-value user data $150,000
One-click kernel code execution $250,000
Network attack with no user interactionZero-click radio to kernel with physical proximity $250,000
Zero-click access to high-value user data $500,000
![Page 149: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/149.jpg)
Vulnerabilities in designated pre-release builds
![Page 150: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/150.jpg)
50%bonus
![Page 151: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/151.jpg)
What about getting started?
![Page 152: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/152.jpg)
We want to attract exceptional researchers who have been focused on other platforms New researchers shouldn’t have to find a full chain to bootstrap research Existing iOS researchers shouldn’t have to hold back chains for research
Making It Easier to Get Started with iOS Research
![Page 153: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/153.jpg)
iOS Security Research Device Program
![Page 154: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/154.jpg)
Unprecedented, Apple-supported iOS security research platform Comes with ssh, a root shell, and advanced debug capabilities New research fusing, neither production nor development
iOS Security Research Device program
![Page 155: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/155.jpg)
Unprecedented, Apple-supported iOS security research platform Comes with ssh, a root shell, and advanced debug capabilities New research fusing, neither production nor development Program applications open to everyone with a track record of high-quality systems security research on any platform
iOS Security Research Device program
![Page 156: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/156.jpg)
Unprecedented, Apple-supported iOS security research platform Comes with ssh, a root shell, and advanced debug capabilities New research fusing, neither production nor development Program applications open to everyone with a track record of high-quality systems security research on any platform Coming next year
iOS Security Research Device program
![Page 157: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/157.jpg)
Participation open to all researchers in the Fall Expanded and revised categories Highest maximum payouts in the industry iOS Security Research Device Program for exceptional researchers new to our platform
Apple Security Bounty Summary
![Page 158: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/158.jpg)
What about a zero-click iOS full chain with kernel code execution and
persistence?
![Page 159: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/159.jpg)
!!!!!!$1,000,000 !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
![Page 160: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/160.jpg)
Maximum Payout
Unauthorized access to iCloud account data on Apple servers $100,000
Attack via physical accessLock screen bypass $100,000User data extraction $250,000
Attack via user-installed appUnauthorized access to high-value user data $100,000Kernel code execution $150,000CPU side channel attack on high-value user data $250,000
Network attack requiring user interactionOne-click unauthorized access to high-value user data $150,000One-click kernel code execution $250,000
Network attack with no user interactionZero-click radio to kernel with physical proximity $250,000Zero-click access to high-value user data $500,000Zero-click kernel code execution with persistence $1,000,000
![Page 161: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/161.jpg)
We’re excited to work with you!
![Page 162: Behind the Scenes of iOS and Mac Security€¦ · Ivan Krstić Head of Security Engineering and Architecture, Apple Behind the Scenes of iOS and Mac Security](https://reader033.fdocuments.in/reader033/viewer/2022053001/5f05259a7e708231d41180dc/html5/thumbnails/162.jpg)
TM and © 2019 Apple Inc. All rights reserved.