Inside the Apple T2

The presentation discusses the T2 chip and its role in enhancing secure boot and mitigating firmware attacks on Apple devices.

• The T2 chip utilizes integrity protection features found on the iPhone and Apple Watch to create a hardware root of trust.
• The T2 chip replaces the vulnerable flash chip on the motherboard and becomes the arbiter of all flash access operations.
• The T2 chip enhances secure boot by utilizing the slave attached flash functionality typically found on Xeon chipsets.
• The T2 chip's user LAN interface, Mac EFI Util, manages UEFI firmware and non-volatile variables.
• Firmware attacks can be mitigated by eliminating the vulnerable flash chip and utilizing the T2 chip's secure boot features.

The presentation describes how the T2 chip replaces the vulnerable flash chip on the motherboard, which can be exploited through software or hardware-based attacks. The T2 chip utilizes the enhanced serial peripheral interface (East by) to communicate with embedded controllers and BMCs, and becomes the arbiter of all flash access operations. This functionality allows the T2 chip to quickly reset the UEFI firmware or perform remote upgrades, enhancing secure boot and mitigating firmware attacks.

Apple's T2 Security Chip promised to bring "a new level of integration and security" to new generation Mac systems. The T2 chip provides systems with a secure enclave coprocessor that is leveraged to protect Touch ID data, enable encrypted storage and provide secure boot capabilities. In this presentation we will share a deep dive into the inner workings of the T2 going way beyond the limited technical details Apple have made public up to now. In addition, we will share our methodology along with the tooling we developed and subsequently released in an effort to enable the audience to learn about our process of tackling complex security research tasks as well as being able to build on top of our initial research. Our goal was to assess the current security posture of the T2 chip as well as build tools to enable future research into the platform. Two specific areas of interest for us were Apple's secure boot process as well as how the T2 chip communicates with macOS. Our research of Secure Boot functionality outlines how the process works, what attacks may be mitigated and what attack surface remains. In addition we will cover how Apple implemented eSPI and what this means from an attacker's perspective. Attendees will obtain an understanding of how the T2 chip has been implemented and what services it exposes to both the OS and application layers. In exploring the T2's communication, we reverse engineered Apple's proprietary XPC protocol, which previously had near-zero third-party documentation. In addition to decoding the messaging format, we demonstrate the ability to interface directly with the T2 chip from unprivileged userspace code by writing our own client application. Our talk will present methods and tooling to query the T2's exposed services as well as decode and encode valid messages.