Apple’s T2 Chip Raises Hardware Security Bar
Apple's new T2 security chip has several features designed to thwart attackers including a feature that makes it difficult to eavesdrop on a laptop's microphone.
Few companies make bigger productions out of their product introductions than Apple does, and the company’s latest event in Brooklyn this week had no shortage of flash and glitz. Apple introduced a number of updated devices, including new versions of the MacBook Air and iPad Pro, as well as updated software for the iPhone and Macs.
But hidden among the pomp and circumstance of the product rollouts was a significant security announcement that again raises the degree of difficulty for attackers targeting Apple devices. During the announcement of the new MacBook Air model, Apple VP of Engineering Laura Legros mentioned that the notebook includes a new security chip called the T2. Dropped in among talk of a Retina display, a new keyboard, and a lighter body, the mention of the T2 didn’t get much of a reaction from the crowd, but the chip is a critical addition to the Mac security architecture.
The T2 chip is the second version of Apple’s own custom security silicon, and it has a number of features and functions that advance the state of the art for hardware security. The chip handles encryption operations and also is the secure root of trust for the notebook’s boot process.
“It also ensures software loaded during the boot process has not been tampered with, offering the Air the most secure boot process of any notebook,” Legros said during the Apple keynote.
The secure boot process is an invisible but vital backbone of the security of the device. It’s designed as a chain of checks that ensure that each portion of the device’s software, from the lowest level to the OS itself, is legitimate and hasn’t been modified. It’s a complex process that begins with the boot ROM, which is loaded into the T2 chip during the manufacturing process.
“The boot process proceeds only after verifying the integrity of the software at every step, which creates a chain of trust rooted in hardware. This includes the UEFI firmware, bootloaders, kernel, and kernel extensions necessary for boot. This secure boot chain helps ensure that the lowest-level software isn’t tampered with, so the Mac computer will be in a known trustworthy state when it’s booted,” Apple’s new white paper on the T2 says.
The T2 chip also includes a separate coprocessor called the Secure Enclave, which handles much of the security functionality inside the Mac. The Secure Enclave has been present in iPhones for some time, and it’s involved in many of the security operations on the new MacBook Air, including the data from the integrated Touch ID sensor.
“It protects the necessary cryptographic keys for FileVault and secure boot, and is also responsible for processing fingerprint data from the Touch ID sensor (if present) and determining if there’s a match,” Apple’s paper says.
“The Secure Enclave on the T2 chip uses encrypted memory and includes a hardware random number generator. It maintains the integrity of its security functions even if the macOS kernel has been compromised, and its limited function is a virtue: Security is enhanced by the fact that the hardware is limited to specific operations.”
The inclusion of the T2 chip presents a significant barrier for attackers. Getting to and compromising the chip itself or any of the data that it protects is a tall order, much more difficult than software-based attacks. As part of the change, Apple also developed a hardware-based feature that completely cuts off the laptop’s microphone whenever the MacBook Air’s lid is closed. The feature is designed to defeat malware that surreptitiously activates a machine’s microphone to record sound without the victim’s knowledge.
“This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,” the Apple paper says.