- Joined
- May 18, 2017
- Messages
- 7
- Motherboard
- ASRock H77/Pro4 MVP
- CPU
- i5-3450
- Graphics
- nVidia GTX760
Well, of course they could. Nintendo has shown it with, for example, the 3DS machines: they include a crypto key in hardware that can not be changed. You need that brick of silicon to run any software, as it needs to be decrypted. If I remember correctly, it took the -- rather small and unfunded -- hacking community about three years to recover the keys, and that was only the case because we could not run our own software anyways. As long as we can recompile and swap the kernel we can just dump the entire RAM making any encryption pointless, albeit that any decryption stuff would have to be patched out of the kernel. And on-the-fly kernel patches are already a thing Without aggressive inlining of the decryption routine the patch would be very small too.It also occurred to me that they have the technical knowledge to simply put a block on us converting PCs to their OS.
Also, I think it wouldn't be long until such a chip would be decapped and it's key published. There are a few guys out there who would love such a challenge. Like this fella here.
Anything other than encryption is trivially bypassable. I'll let you guess what FakeSMC.kext is for. The worst thing that could happen is if they start to move more things to the secure enclave, but we won't see that until all supported macs have one. And even then we could probably just emulate it. Less secure, but on most hacks it does not matter anyways. My TPM on my laptop is already disabled because I tinkered with my firmware to be able to swap my wifi card (thanks Lenovo). So no secure boot for me.
I would worry more about Hollywood lobbying firms that want manufacturers to enable secure boot permanently, without the possibility to install user certificates or disabling that thing. Clover will never ever be signed by e.g. the Microsoft EFI signing program.