I would think the Secure Enclave would handle such things. That said I’m not sur... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		MBCook 11 months ago \| parent \| context \| favorite \| on: Apple Exclaves I would think the Secure Enclave would handle such things. That said I’m not sure what you or GP mean by “update exclave”. It’s just part of the kernel binary loaded up at system start. Wouldn’t it be updated the same way the rest of the kernel is, probably requiring a restart?

brookst 11 months ago [–]

No, because that way a rogue kernel could overwrite the exclave itself and the next reboot would be insecure. You can’t trust a low-trust environment to update a high-trust environment.

MBCook 11 months ago | [–]

Is that why everything is cryptographically secured in the boot chain? To ensure only trusted code is loaded?

kennysoona 11 months ago | | [–]

Exactly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact