a trend with laptops that needs to die is this whole "lets just put the NVMe directly on the motherboard" thing. apple started it, but now other vendors have followed. i shouldn't have to do impromptu board repair to save my data.
13
21
155
Conversation
Replying to
Just FYI, but at least with Apple’s implementation, the onboard SSD is cryptographically linked with the security coprocessor. Even if you could remove the SSD, there is nothing useful that can be done (unless you count erasing the drive as useful)
1
9
Apple's SSD controller is *in* the SoC. What you can pull off of the board is basically raw flash memory with a custom interface, so not exactly easy to do data recovery on, even ignoring the crypto.
1
12
yes, on apple (especially M1) the flash memory is entirely useless if you take it off the board.
i don’t know to what extent that is true on my dell, but either way, that still sucks that it’s all on one board there too
1
2
At least there are security reasons for the crypto stuff, and security and performance reasons to put the controller in the SoC... Other vendors just solder down generic NVMe for no damn reason.
3
5
UFS/NVMe controller in the SoC is how most mobile devices work.
Snapdragon has similar inline encryption/decryption support, but it's optional to use in the wrapped key mode where the OS can't access the keys. Even when it's not in wrapped key mode, keys are usually hw bound.
in this case we’re talking about a core i5 laptop from 2017 tho
1
1
It's a nice way to make sure people have to pay them premium prices on mediocre SSDs.
I'd totally believe Apple did it primarily to stop people using a low end SSD or RAM (assume that's why iPhone didn't move to USB-C) and/or because they want tear down pictures to look pretty.
1
Show replies
The security property of preventing a past compromise of the OS from providing future decryption of storage is the only part that depends on the wrapped key support and Apple's equivalent. Pixels choose not to use that because they want to verify encryption works from the OS.
1
1
It would be nice if laptops had a secure element with the Weaver feature from the Titan M:
grapheneos.org/faq#encryption
It provides a set of slots (one per possible user) where you can store a key + value and need to provide the key to get back the value, with aggressive throttling.
1
3
Show replies
I'm pretty sure putting the NVMe controller in the SoC is not that common, considering we're having to add platform device NVMe to Linux because the M1 is the first supported SoC where it's not a PCIe device.
1
3
Nearly everyone other than Apple uses UFS rather than NVMe but they do have the storage controller as part of the SoC. I didn't mean that NVMe was common elsewhere but rather that it's normal to have it built-in to the SoC with inline encryption/decryption support for it.
1
2
Show replies