2016 MBP & the T1 Secure Enclave Chip

[ck2875]

I wasn't able to watch the keynote, but saw mention of Touch ID using a T1 secure enclave. Anyone know if the presence of this enclave allows for device encryption like iOS devices offer? I know we have FileVault 2 in macOS/OS X, but I've read that FileVault isn't that secure anymore.

 

[killawat]

Some of the keying material may be stored in the secure enclave but I expect those details to be sparse until we get the unit.

Where did you hear that FV is insecure? FV 2 is fine and speedy.

 

[ck2875]

Where did you hear that FV is insecure? FV 2 is fine and speedy.

https://www.engadget.com/2012/02/03/apple-filevault-2-encryption-cracked-but-dont-panic/

http://www.techworld.com/news/secur...ryption-cracked-by-forensic-software-3334788/

 

[killawat]

Oh, much of that stuff was patched out back in 2012-2013, have a look here:

https://ilostmynotes.blogspot.com/2014/11/thunderbolt-dma-attacks-on-os-x.html

FW Systems are still vulnerable but newer TB machines shouldn't be.

 

[Rigby]

https://www.engadget.com/2012/02/03/apple-filevault-2-encryption-cracked-but-dont-panic/

http://www.techworld.com/news/secur...ryption-cracked-by-forensic-software-3334788/

There is always a risk that someone will find a hardware hack to retrieve the encryption keys from the memory if the computer is running or sleeping (including some extreme methods that involve freezing and extracting the memory chips). To get the full security, shut the computer down when you're away from it (which will clear the RAM including the keys). The encryption scheme itself is still sound.