No, because that way a rogue kernel could overwrite the exclave itself and the n... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		brookst 10 months ago \| parent \| context \| favorite \| on: Apple Exclaves No, because that way a rogue kernel could overwrite the exclave itself and the next reboot would be insecure. You can’t trust a low-trust environment to update a high-trust environment.

MBCook 10 months ago [–]

Is that why everything is cryptographically secured in the boot chain? To ensure only trusted code is loaded?

kennysoona 10 months ago | [–]

Exactly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact