Apple's known that the T2 has an exploitable vulnerability in the bootrom for an extended period of time now, and still hasn't provided any details that allow users to determine what the associated risks are.
5
44
133
Conversation
Replying to
Same with Qualcomm Secure Enclave too. Widevine and a lot of stuff is already hacked is using the same.
1
1
Widevine is implemented with the TrustZone implementation (QSEE), not the Qualcomm SPU. Neither of those is in the situation that you're portraying.
TrustZone is an execution mode. It's not a secure element / co-processor. It shares a lot more and has much more attack surface.
1
4
That was a firmware bug patched in a security update, not a bug in a ROM that cannot be fixed without new hardware. It was a much different thing.
QSEE also wasn't ever part of the root of trust for verified boot. It's essentially being phased out for non-Widevine uses now.
There main thing it provides is the traditional / legacy keystore implementation. The more secure StrongBox keystore is provided via a secure element like the Qualcomm SPU or Titan M. Other hardware-based security features are moving to those. TrustZone isn't very useful anymore.
1
3
It's going to just become the place where DRM is implemented because it's unacceptable additional attack surface for a secure element but TrustZone is enough to satisfy the media companies. Can't really think of many real use cases for it. Hypervisor can be used for mitigations.
5