Announcement

Collapse
No announcement yet.

Apple's New Hardware With The T2 Security Chip Will Currently Block Linux From Booting

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    Originally posted by L_A_G View Post
    Not really when Apple's security chips are supposed to be part of a full all-in-one security system with tamper-proof boot and full disc encryption.
    Yes really, as UEFI + TPM + a self-encrypting drive (or a software-based disk encryption) can do the same, the only difference is that in Apple hardware they don't allow custom signing keys to be added.

    There shouldn't be any pin pulling as the T2 doesn't work with a separate SSD.
    Yeah right, you fanboys don't know shit. Onboard SSD isn't different from separate SSD, it's using the same hardware and same electrical interfaces, and all controllers in the universe have a "reset" pin.

    I've seen repair videos of Apple boards, their SMC (system management controller) does have the ability to pull all other separate controller reset pins (wifi, SSD, thunderbolt) even in devices where the SSD is soldered on, as it has to do so on system reset or other occasions.

    As I said, this is really just Apple implementing the same iPhone tech that has caused so many headaches to law enforcement trying to access devices. If that's anything to go by then this is a clear step up from what's been done before. You can go on about how this is nothing new, but as usual whenever Apple tries something that has already been done their solution is usually more involved and refined.
    As I said, this is Secure Boot + TPM + secure self-encrypting drive baked on the same board, normal businness-grade hardware is like that since at least 5 years. I still fail to see how this is more "involved and refined".

    When the government sued Apple they refused to create the protection nullifying "cancer" update and the case was dropped primarily because the FBI was contacted by the developer of the really involved hardware attack.
    This is your own dream, the way they used to hack into the phone was not disclosed, and will not be for a while.
    But the fact that someone already knew how to hack it called them does not give me a lot of confidence.
    Nor shit like the iCloud passwords bruteforced ("The Fappening") because the auth mechanism was completely retarded and could be tricked with fabricated tokens.

    With normal business grade hardware the attack would probably have to have been less involved than the one the FBI had to resort to in their effort to gain access to the San Bernadino terrorist's phone.
    More dreaming.
    I'm not saying businness-grade stuff is airtight, mind me, I'm just saying that they at least have a track record and some evolution.

    It seems like you completely misunderstood my sarcasm there... Because the point was that the Mac Mini is expensive to the point of simply not being worth it.
    And my point is that this is not news for any Apple product since like 1999 or something so I'm unsure of what the point was.

    T2 isn't making them more expensive, people isn't buying them because they are more secure, they buy because Apple cult.

    Except maybe if you're a pedophile, drug dealer, terrorist, spy or some other kind of person the government would want to see what you've got on your HDD.
    Yeah, it's amazing how good you are at fanboying.

    I'm totally going to trust some random company's self-written PR material with my crucial stuff, and not buy actual certified hardware from vendors that made self-encrypting drives fir for businness and agency use for the last decades, nor use some decent opensource software disk encryption with a password I store in my brain.

    Seriously, security needs to be proven and tested, PR statements don't count.

    Well your "REEE!!!! STOP LIKING WHAT I DON'T LIKE!!!1"-nonsense isn't exactly making the Linux user community look any better...
    I'm just posting facts to keep dumb fanboy shit at bay.

    We are talking of security here, people can get hurt if they trust the wrong party.

    Comment


    • #62
      Originally posted by gnuurman View Post

      There actually is a way to debug those kind of problems - a DTrace-based app called Instruments, you can get it for free with Xcode.
      Cool, thanks. I hope XCode is free? I went to site to see if I can download it, and it asks me for an Apple id. I don't have one, but my gf probably does. Will see this evening if we can do anything about it.

      UPD: nvm, I didn't see the "free" was part of your sentence
      Last edited by Hi-Angel; 07 November 2018, 09:30 AM.

      Comment


      • #63
        Originally posted by starshipeleven View Post
        Yes really, as UEFI + TPM + a self-encrypting drive (or a software-based disk encryption) can do the same, the only difference is that in Apple hardware they don't allow custom signing keys to be added.
        Never claimed that the same functionality couldn't be achieved with other methods, just that this is done in a way that makes the whole thing quite a bit harder to crack.

        Yeah right, you fanboys don't know shit. Onboard SSD isn't different from separate SSD, it's using the same hardware and same electrical interfaces, and all controllers in the universe have a "reset" pin.
        Messing with the controller doesn't really do much here when it's not the controller that has the encryption key or does the actual decryption, that's done by the secure enclave inside the T2 chip. The controller really just retrieves encrypted data for the security chip that decrypts it and passes it on as cleartext to the CPU.

        I'm serious here, you can mess with the SSD controller all you want, but you're not getting any cleartext out or encryption keys out of it as it couldn't provide you with those even if you wanted it to. The encryption key never leaves the enclave inside the security chip.
        As I said, this is Secure Boot + TPM + secure self-encrypting drive baked on the same board, normal businness-grade hardware is like that since at least 5 years. I still fail to see how this is more "involved and refined".
        I've never seen anything like this implemented in one single solution so you're going to have to bring up some examples. I've seen hardware-encrypted drives and UEFI with bootloader signing, but never something that does both of these done outside of Apple devices.

        This is your own dream, the way they used to hack into the phone was not disclosed, and will not be for a while. But the fact that someone already knew how to hack it called them does not give me a lot of confidence.
        The FBI tried to be covert about it, but the company who did that attack for them did end up letting it slip that it really was them who cracked the iPhone in question. It's not really a practical hack in any sense of the word so it's not really of much concern unless you're someone a government actor really wants to catch.

        Nor shit like the iCloud passwords bruteforced ("The Fappening") because the auth mechanism was completely retarded and could be tricked with fabricated tokens.
        It seems like you don't know what a brute force attack is because "the fappening" used a relatively short list of common passwords and after that Apple improved things so that their protections are downright draconian. We really are talking about user-caused security vulnerabilities with weak passwords that Apple fixed pretty quickly. These days your passwords need to be pretty long and complex (you have to have upper and lower case letters, numbers and special characters) and two factor authentification is literally mandatory.

        I'm not saying businness-grade stuff is airtight, mind me, I'm just saying that they at least have a track record and some evolution.
        If Apple is anything to go by their security is among

        And my point is that this is not news for any Apple product since like 1999 or something so I'm unsure of what the point was.
        The point, which you still don't seem to understand, is that they're expensive enough for most people to discount on that basis alone.

        Yeah, it's amazing how good you are at fanboying.
        Right... I'm saying that they're stupidly expensive and I'm still somehow a fanboy. Been watching a few too many louis rossman videos have we?

        Seriously, security needs to be proven and tested, PR statements don't count.
        The white papers have been out there for years, giving third parties ample opportunities to discount them but we've yet to see much in terms of serious vulnerabilities that don't exploit quickly fixed bugs in the OS.

        I'm just posting facts to keep dumb fanboy shit at bay.
        Says someone who called Apple a cult...

        We are talking of security here, people can get hurt if they trust the wrong party.
        If recent history is anything to go by Apple is probably one of the most trustworthy parties here...
        "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."

        Comment


        • #64
          BTW. Rossmann has been my personal friend for many years and I think his gripe is more with the “lifestyle” or the Apple culture than the products. He is kinda dishonest about them “screwing over their customers”. Lenovo is the same way. There is no perpetual warranty because your computer costed $2000. Of course, the cheaper the product, the cheaper is to fix it. Try getting an X1 Carbon or a Samsung Galaxy repaired and see how much they quote you.
          After all, if TCO was all that mattered, everyone would buy a Toyota Camry. The same way if someone drives a red mustang, he is perceived as vain and douchy. It’s not that Mustangs are bad cars.
          i think this what drives most of Apple hate. The naivette that people are idiots and don’t know what TCO is and then they get stuck with expensive repairs. Apple has been making laptops for decades. I think the “sheeple” have gotten the memo that the repairs are cheaper on a PC from bestbuy.

          Comment


          • #65
            RussianNeuroMancer talking about Dell — a company I'm working in bought a number of DELL 5767 with preinstalled Ubuntu. We found a problem, which likely persists on most DELL models: upon upgrading Ubuntu 16.04 → 18.04 graphics driver crashes after trying to log in. The reason is that they installed AMDGPU-pro, which stops building after system upgrade.

            It's obviously a DELL problem, so today I tried to report, so they at least could do something with currently produced models, because a usual user wouldn't be able to figure it out. So I tried to contact them — and guess what? It's impossible! The only way to contact them is some chat, and they can only help in fixing something. They can't report anything higher their stack, and they unable to get any information about how to do it.

            So, DELL got a major problem, and there's no way to even report it to them. That really sucks.
            Last edited by Hi-Angel; 08 November 2018, 03:35 PM. Reason: s/system/graphics driver

            Comment


            • #66
              Originally posted by Hi-Angel View Post
              The only way to contact them is some chat, and they can only help in fixing something. They can't report anything higher their stack, and they unable to get any information about how to do it.

              So, DELL got a major problem, and there's no way to even report it to them. That really sucks.
              Yeah, I know, and even with critical firmware issues (like USB controller bug that corrupt data written to flash drive) it's same story. You still could try to report it to [email protected] or to Justin from Linux section of Dell forums.

              Comment

              Working...
              X