Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Apple IOS Security Notes

    Încărcat de

    Noob
    16 vizualizări1 pagină
    Security on Operating System iOS by Apple which runs on Apple iPhones

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    ODT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Security on Operating System iOS by Apple which runs on Apple iPhones

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca ODT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    16 vizualizări1 pagină

    Apple IOS Security Notes

    Încărcat de

    Noob
    Security on Operating System iOS by Apple which runs on Apple iPhones

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca ODT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 1

    System security is designed so that both software and hardware are secure across all core

    components of every iOS device. This includes the boot-up process, software updates, and Secure
    Enclave. This architecture is central to security in iOS, and never gets in the way of device usability.
    Secure Boot Chain:
    bootloaders, kernel, kernel extensions, and baseband rmware
    turn iDevice on Boot ROM Low-Level Bootloader (LLB) iBoot iOS Kernel
    Boot Rom: code containing Apple Root CA public key, used to verify that the Low-Level
    Bootloader (LLB) is signed by Apple before allowing it to load.
    LLB: runs its tasks, verifies and runs iBoot.
    iBoot: verifies and runs iOS Kernel.
    The secure boot chain ensures the lowest levels of software are not tampered with malicious
    code, allowing iOS to run only on validated Apple devices.
    For devices with SIM cards, the baseband subsystem does its own process of secure booting
    to ensure identity, with keys verified by the baseband processor.
    For devices powered by A7 processor or any later A-series, the Secure Enclave
    (co)Processor utilizes a separate secure boot process, ensuring its components are verified and
    signed by Apple.
    If one step of the chain is unable to load or verify the next one, startup is stopped and device
    enters in recovery mode. If the chain breaks at Boot ROM level (unable to load LLB), device enters
    in DFU mode, where it can only be restored utilizing iTunes, where the iDevice will be restored to
    its factory settings.
    To prevent devices from being downgraded to older versions that lack the latest security
    updates, iOS uses a process called System Software Authorization. If downgrades were possible, an
    attacker who gains possession of a device could install an older version of iOS and exploit a
    vulnerability thats been fixed in the newer version.
    The Secure Enclave provides all cryptographic operations for Data Protection key
    management and maintains the integrity of Data Protection even if the kernel has been
    compromised. Communication between the Secure Enclave and the application processor is isolated
    to an interrupt-driven mailbox and shared memory data buers.
    iOS has additional encryption and data protection features to safeguard user data, even in
    cases where other parts of the security infrastructure have been compromised (for example, on a
    device with unauthorized modifications).

    S-ar putea să vă placă și