Apple launched its latest M1 chip this week and a brief overview of its security features was provided by the firm.
The tech giant that in the coming weeks it would outline the defence features of the M1. It has only shared small details for now, but it was also enough to exchange some thoughts with experts.
Apple claims the first system-on-chip (SoC) expressly developed for the Mac is the M1. The chip uses 5nm processing, has 16 billion transistors, and has an 8-core CPU and an 8-core GPU, which the company claims provides high performance without requiring a great deal of power.
Apple says the M1 chip contains the next generation Protected Enclave, a high-performance storage controller with AES encryption technology, and a hardware-verified secure boot in terms of security features. The business says it has designed “deep into M1’s code execution infrastructure” new security safeguards.
Security researcher Daniel Gruss told that the M1 chip does not seem to contain any security breakthroughs.
Nonetheless, Gruss said The M1 is a very fascinating and cutting-edge piece of hardware based on the knowledge that has become public so far with state-of-the-art security techniques.”
Gruss is a professor at Austria’s Scientific University of Graz. He is one of the researchers interested in the detection of Meltdown, Specter and many other critical vulnerabilities in the processor, including the recently discovered PLATYPUS attack, which can be exploited through tracking the power usage of a processor to extract confidential data.
Jesse Michael, principal researcher at hardware security firm Eclypsium, clarified that Apple does not have to rely on potentially broken encryption in the SSD itself by attaching its own AES encryption hardware to the storage controller and it stops the main CPU from being bogged down due to encryption duties.
“A couple of years ago, Intel introduced AES-NI instructions to speed up encryption because dedicated hardware is better than doing it only using general-purpose instructions to do the AES operations,” Michael told.
As for hardware-verified safe booting, which is intended to ensure that only Apple-signed code will run on a computer (even though an intruder has physical access), the expert pointed out that similar features have been available for a while on Apple phones and it makes sense for them to add those to their laptops and other computers.”
“Many other manufacturers have been working on adding a stable boot root of faith based on hardware,” Michael said. Intel has the BootGuard capability to validate even the first pieces of the code that are read from the SPI flash and close one of the Intel platforms’ stable boot holes, but it is not yet implemented anywhere. BootGuard is most likely to exist, I believe, in corporate laptops.
As for the Protected Enclave, which, while the operating system has been hacked, is intended to encrypt extremely classified information the researcher observed that it is similar to Intel’s SGX code, but “Intel’s implementation is a little more common than the Apple Secure Enclave.”