Apple's approach is heavily based on hardware.
Apple has today updated its Platform Security Guide, a document that has only grown over the last decade. Currently, the guide sits at over 200 pages and outlines every security measure that Apple implements across its set of devices and operating systems, including iOS, iPadOS and even WatchOS. Pouring through the document, there are some very interesting bits that stand out. Here are some of them.
Hardware-First Approach
The Apple Platform Security Guide says that “For software to be secure, it must rest on hardware that has security built in.” While most of us might look at an Apple SoC, say, like the A14 Bionic and talk mostly about its performance, there are so many components built into that chip that is just for security. Apple’s approach to securing devices starts at the silicon level, with something called the Secure Enclave. This is a part of the SoC for both the mobile and M1 powered MacBook Pro and MacBook Air. The Secure Enclave follows the same design principles as the SoC does—a boot ROM to establish a hardware root of trust, an AES engine for efficient and secure cryptographic operations, and protected memory. The information stored within the Secure Enclave is processed using a dedicated Secure Enclave processor, so as to prevent any side-channel attacks by malware which usually rely on the software sharing the same execution cores as the target software.