Comment by codedokode
4 months ago
As I understand, the purpose of "secure enclaves" is to enforce DRM, copyright protection, anti-debugging measures, so breaking them is a good thing.
4 months ago
As I understand, the purpose of "secure enclaves" is to enforce DRM, copyright protection, anti-debugging measures, so breaking them is a good thing.
Well, also used for confidential computing and other stuff that you might benefit from too, so not just to gatekeep stuff. Depending on what you use it for (or rather, what your computer is using it for), you might not want it broken in all cases.
With that said, I'd rather see it broken than not, considering it's mostly used for negative stuff, and it isn't open enough to evaluate if it actually is secure enough.
The purpose of secure enclave is to prevent administrator from accessing the data. I don't want anyone doing "confidential computing" on my devices. I am the person which can be trusted so there is no need to hide the encryption keys from me.
Agreed. We need legally enforceable standards granting owners full control of their devices.
But also: TPMs could be used to prevent evil maid attacks and to make it uneconomical for thieves who stole your device to also steal your data. It makes it possible for devices to remotely attest to their owners that the OS has not been compromised, which is relevant to enterprise IT environments. There are a lot of good uses for this technology, we just need to solve the political problems of aggressive copyright, TIVOization, etc.
> The purpose of secure enclave is to prevent administrator from accessing the data
Not only, it has many purposes. I'm also the administrator of my computer, and some things I want to be unchangable by software, unless I myself unlock it, like I don't want anyone to be able to boot or install other OSes than the ones I've installed myself. The secure enclave and secure boot is perfect for this, even if my computer gets malware they won't be able to access it, and even if someone gets physical access to my computer, they won't be able to boot their OS from a USB.
The false assumption in your argument IMHO is the assumption that none of the software on your device will ever betray you or contain an exploitable security hole. In actuality, it is useful from time to time to be able to run software you cannot completely trust such that the software cannot access all the data on the device (because the untrusted software cannot access your enclave).
6 replies →
But I do want to secure my encryption keys on my device from someone who steals my device.
Any feature controlled by the owner of the computer is good; features controlled by anyone else like the manufacturer can be bad. And note that in this viewpoint, leasing makes you temporary owner.
With the rise of "passkeys" that every single website is cramming down our throats now, aren't those also stored in the secure enclave? AKA the keys to your entire encrypted data and digitized life?
I look forward to recordings of the scam calls, where they ask the victim to "place a small piece of hardware between a single physical memory chip and the motherboard slot it plugs into".
More like buying old phones en masse to spelunk to find valuable account info.
Not your keys - not your computer
Imagine this being voted down on hacker news.
They also store passkeys for logging into websites with biometrics and PIN.
So do hard drives.
Yeah, you can implement a software based method using PBKDF2 or BCrypt. This is why most password managers use a "Master Password." They are much less convenient than hardware based keys like Yubikey and HSMs/Secure Enclave.
2 replies →
It’s also where private keys for your device to secure your data live, so it’s like nuclear power, you can make a bomb or a clean power plant.
No, these should exist in the TPM and highly volatile memory like CPU cache. This including the decryption code. This can be achieved using mechanisms similar to what Coreboot does before RAM is initialized.
No need for the keys or decryption to touch easily intercepted and rowhammered RAM.
Yes, I think we’re saying the same thing. A TPM is a Secure Enclave.
Why the keys for my device should be not accessible for me? The purpose of secure enclave is to prevent administrator from accessing the data.
A secure enclave should allow no one to access the data inside. It's essentially a little self contained computer that can do some basic crypto operations using the stored keys. It should never disclose the keys.
the private keys to secure my data live in my brain