Comment by kbolino
1 day ago
The hardware will not allow this, at least not without modifications. The encryption keys are not exportable from the Secure Enclave, not even to Apple's own servers.
1 day ago
The hardware will not allow this, at least not without modifications. The encryption keys are not exportable from the Secure Enclave, not even to Apple's own servers.
The Apple security paper describe how to disable ADP through a key rotation sequence.
This will be a "forced rotation", they just need to decide how to communicate to users and work out what happens to those who don't comply. Lockout until key rotation look like an option as someone said.
Yeah, this seems the most likely thing to happen here. You'll be forced to disable ADP to continue using iCloud in the UK. This still leaves the question of tourists and other visitors, but it at least fits within the parameters of the system without changing its fundamentals.
Behind the scenes, it'd probably decrypt it locally piece-by-piece with the key in the Secure Enclave, and then reencrypt it with a new key that Apple has a copy of when you disable ADP.
Are you gonna unlock that phone anytime soon?
Thanks for opening the enclave, don't mind if I ship these keys back home.
No notification needed, Apple has root access.
Unless I am making a mistake here, you still can't extract keys of an opened enclave. You can just run operations against those keys.
Assuming the enclave can receive OTA firmware updates and those updates can completely compromise it, which are not actually proven facts, there's no way to target this to the UK alone without either exempting tourists and creating a black market for loophole phones or else turning all of Britain into a "set foot here and ruin your iPhone forever" zone.