Comment by londons_explore

2 years ago

Coresight is not some backdoor - it's a debug feature of all ARM CPU's. This looks like a necessary extension to coresight to work with Apples memory protection stuff.

Even though no public documentation exists, I'm sure thousands of Apple engineers have access to a modded gdb or other tooling to make use of it.

8 comments

londons_explore

repiret 2 years ago

One persons debug tool is another’s back door.

smallnix 2 years ago

That does not explain the weird hashing.

duskwuff 2 years ago
As explained by marcan: it's not "hashing", it's an error-correcting code. Much more understandable in that light.
https://social.treehouse.systems/@marcan/111655847458820583
- adrian_b 2 years ago
  
  That the secret registers are in fact cache test registers, as explained at that link, is a very plausible explanation for their existence.
  Nevertheless, this does not explain at all the astonishing fact that they were mapped by default in the accessible memory space, unless listed and explicitly denied in the system configuration files.
  No amount of incompetence seems enough to explain such a default policy, so the supposition of an intentional backdoor still seems more likely.
  
  4 replies →