Apple's known that the T2 has an exploitable vulnerability in the bootrom for an extended period of time now, and still hasn't provided any details that allow users to determine what the associated risks are.
5
44
133
Conversation
Replying to
Same with Qualcomm Secure Enclave too. Widevine and a lot of stuff is already hacked is using the same.
1
1
Widevine is implemented with the TrustZone implementation (QSEE), not the Qualcomm SPU. Neither of those is in the situation that you're portraying.
TrustZone is an execution mode. It's not a secure element / co-processor. It shares a lot more and has much more attack surface.
That was a firmware bug patched in a security update, not a bug in a ROM that cannot be fixed without new hardware. It was a much different thing.
QSEE also wasn't ever part of the root of trust for verified boot. It's essentially being phased out for non-Widevine uses now.
1
3
Show replies