4 New Security Features For Apple A12 And S4 That Weren’t Mentioned Onstage
Apple’s 2018 iPhone lineup comes with several new features that suit an ‘S’ upgrade. The company has improved camera performance, introduced a new color option and updated its mobile processor. All three iPhones feature the Apple A12 Bionic which is manufactured on TSMC’s 7nm process. Today we’ve got more information for this chip and the Apple Watch’s S4 courtesy of Apple’s latest iOS security white paper. Take a look below for more details.
Apple’s A12 And S4 Processors Extend Passcode Seed Bit Key Protection To DFU Mode, Extending Protection Down To Bootrom
Apple’s Gather Around event for the iPhone XS, iPhone XS Max and iPhone XR focused on a lot of new upgrades. However, as the company’s events are for the general public, Apple often chooses to withhold information. The information that it does share is often directly marketable. As the A12’s CPU did not receive any major performance boosts this year, Apple chose to devote less stage time to the processor.
A handful of upgrades that Apple also did not mention last week relate to security. The 2018 iPhones’ A12 processor and the Apple Watch 4’s S4 come with improvements to the Secure Enclave, Bootrom protection and software updates. For the uninitiated, a Secure Enclave is a separate piece of silicon on the SoC (system-on-chip) which is responsible for deep level data protection.
We’ll start with the Secure Enclave to take a look at Apple’s security upgrades with its two new processors. The Apple A12 and S4 improve boot level security by making improvements to how the Secure Enclave and its bootrom communicate and store data on a device’s main file system. When the Enclave starts to generate protection keys it follows a sequence of steps.
These steps are in a specific order, and to prevent unauthorized access, Apple placed an anti-replay counter in a dedicated nonvolatile memory IC (integrated circuit). On the A12 and S4, this anti-replay counter is now paired with a secure storage IC. This move adds a new layer of security and makes it harder to tamper with the Secure Enclave and its integrity tree.
The second important security upgrade made on the A12 and S4 extends kernel level protection to the A12’s system coprocessors. Coprocessors on the iPhone and Apple Watch are particularly important as they play important roles in security highlighted above by the Secure Enclave’s functions.
The Enclave’s responsibilities broaden on Apple’s two latest chips. It is now responsible for ensuring that outsiders without authorization cannot interfere with any of the A12 or S4’s coprocessor firmware at boot time. Which leads us to Apple’s third security upgrade.
When an iOS device is locked with a passcode, certain files cannot be accessed. This happens because the files are encrypted by unique class keys. These keys require a user’s passcode or biometric authentication for unlocking; with a new decryption key generated each time a device is unlocked. Apple has extended this class key protection down to the most basic level with the A12 and S4.
Processors before these used the Secure Enclave’s OS to strip these files of viewing privileges once the device entered Recovery Mode. Now the Secure Element ROM locks the passcode seed bit (the portion which determines whether a file has data locked by the user’s passcode) when the iOS or WatchOS device enters either DFU or Recovery mode. This adds for an added layer of protection.
Finally, the Apple A12 also features a brand new microarchitecture – another fact which the company did not mention at its presentation. ARM’s ARMv8.3 brings several new features on board, one of which is Pointer Authentication. Pointer Authentication first surfaced on iOS 12 kernel and now Apple has confirmed that recent exploits that made jailbreaking possible on the iPhone X and iOS 12 Beta 4.
Thoughts? Let us know what you think in the comments section below and stay tuned. We’ll keep you updated on the latest.