[Cryptography] On the deployment of client-side certs

Tony Arcieri bascule at gmail.com
Thu Nov 17 15:00:51 EST 2016

On Thu, Nov 17, 2016 at 8:37 AM, Ray Dillinger <bear at sonic.net> wrote:

> It remains to be seen whether they will bite the bullet and fully
> divorce the hardware for security from the hardware that actually runs
> their OS.

That's exactly what they did:


> I REALLY doubt that they will give the security hardware its own I/O on
> the first iteration though; they really hate to put visible external
> bits and bobs on their hardware.

The visible bit is the Touch Bar.

At an absolute minimum, there needs to be an externally-visible LED or
> something that isn't even connected to the hardware that runs the OS.

The Touch Bar is connected to the T1 chip via USB.

The T1 chip is an ARM SoC running what is allegedly a fork of watchOS,
completely divorced from OS X running on the primary Intel CPU.
Furthermore, the T1 chip actually sits earlier in the secure boot process
than the Intel CPU, and holds the master keys to the OS X keychain.

According to the Apple Insider article:

"*AppleInsider* has learned there is no association procedure between a
service stock generic Touch Bar, and the T1 inside the MacBook Pro. As a
result, at least for now, if the Track Bar needs replacing for any reason,
so does the T1."

So, if Apple Insider is to believed, the T1 chip, Touch Bar, and the
front-facing camera are all cryptographically paired in an irreversible

This makes the Touch Bar a secure display which is inaccessible by OS X.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161117/f86790c1/attachment.html>

More information about the cryptography mailing list