undefined | Better HN

0 pointsakvadrako7y ago0 comments

It's not because of the T2 though - it's because of the Secure Enclave holding the keys for disk encryption and firmware/kernel signatures.

They might have bundled them together, but the layer around the secure part is just another system - it doesn't make anything more secure. All it's functions could have been taken up by the main system.

The only possible security win is by making BridgeOS simpler and less likely to have vulnerabilities.

0 comments

lloeki7y ago

I'd still say it's a net gain overall†, although the Great Bundling is questionable and definitely concerning in terms of attack surface, yet the synergies when finding and fixing vulnerabilities should not be taken lightly.

† It's overall a good thing evil maid/law enforcement/whatever doesn't get to have trivial access to the user's device anymore.

j / k navigate · click thread line to collapse

0 pointsakvadrako7y ago0 comments

It's not because of the T2 though - it's because of the Secure Enclave holding the keys for disk encryption and firmware/kernel signatures.

The only possible security win is by making BridgeOS simpler and less likely to have vulnerabilities.

0 comments

lloeki7y ago

† It's overall a good thing evil maid/law enforcement/whatever doesn't get to have trivial access to the user's device anymore.

j / k navigate · click thread line to collapse