Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I am not an expert in Apple hardware / firmware, but I admire your trust that the US government could not exert the same influence on Apple as they did on Intel.

Intel probably had to disclose the existence of IME due to collaboration with mainboard vendors. Apple does not face this constraint, so it is a lot easier for them to keep such subsystems under wraps.

Of course I'm just speculating here, but a product typically mirrors its environment.



The IME was never a secret. Anyone can decap an Intel chip and point to it.

I find it implausible that the A/M series chips have an independent subsystem that is so obfuscated that the expert attention which each Apple die receives has turned up no trace of it.

The company has its own approach to secure compute with the T2 modules, but no, I don't believe Apple would be able to hide something like IME on their CPUs without it being detected as such.


In recent decades it has become much harder in most countries to get access to the red fuming nitric acid necessary to decap epoxy-encapsulated chips; it's considered a "drug precursor" and/or "explosives precursor". I hear that a few years ago someone figured out that boiling the chip in colophony for a few hours also works? At the boiling point of the colophony, that is, not water. I haven't tried it myself.


Which is to say, it's hiding in plain sight. The secure enclave and T2 modules can do things to the processor. Who's to say "things" doesn't include ME-like capabilities?


It might be useful to go over Wikipedia's entry for both platforms, here's the IME:

https://en.wikipedia.org/wiki/Intel_Management_Engine

And this for the T2:

https://en.wikipedia.org/wiki/Apple_T2

Neither of these are obscure products, they are of great interest to reversers and other security researchers. The list of shady things IME does which the T2 isn't known to is extensive.


The people who reverse-engineered the secure enclave firmware can say that.


“Anyone can decap a chip” made me laugh. I am curious how many people can do that and then understand what is going on.


The point is that the answer is "everyone who needs to be able to".

The number of expert and curious people, with the means, is higher than the number of new chip types Apple or Intel produces. There's always a detailed die photo available within the first few weeks of a product launching.


I see your point and agree. Anyway, I am already using “anyone can decap a chip” for the listeners' amusement in my daily conversations.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: