So, today Apple released a very nerdy but quite well written in a way that humans can understand white paper on iOS security. It’s a fascinating read and I urge you to do so in full. At the outset, Apple provides the following explanation about the first level of security in iOS — The Secure Boot Chain:
Each step of the boot-up process contains components that are cryptographically signed by Apple to ensure integrity, and proceeds only after verifying the chain of trust. This includes the bootloaders, kernel, kernel extensions, and baseband firmware.
When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the Low-Level Bootloader (LLB) is signed by Apple before allowing it to load. This is the first step in the chain of trust where each step ensures that the next is signed by Apple. When the LLB finishes its tasks, it verifies and runs the next-stage bootloader, iBoot, which in turn verifies and runs the iOS kernel.
This secure boot chain ensures that the lowest levels of software are not tampered with, and allows iOS to run only on validated Apple devices.
OK. Got it? This is effectively saying that they first check at the hardware level to make sure that the iOS you are running is Apple’s iOS and that it has not been modified in any way.
Then, also today, I see this rant on Boing Boing from Cory Doctorow (of whom I am a big fan) come across the feed titled Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users’ computers. Here is the lead paragraph:
A quiet announcement from the Fedora Linux community signals a titanic shift in the way that the computer market will work from now on, and a major threat to free/open operating systems. Microsoft and several PC vendors have teamed up to ensure that only operating systems bearing Microsoft’s cryptographic signature will be able to boot on their hardware, meaning that unless Microsoft has blessed your favorite flavor of GNU/Linux or BSD, you won’t be able to just install it on your machine, or boot to it from a USB stick or CD to try it out. There is a work-around for some systems involving a finicky and highly technical override process, but all that means is that installing proprietary software is easy and installing free/open software is hard.
OK. Got it? This is effectively saying that Microsoft is going to start to check at the hardware level to make sure that the OS you are running is Microsoft Windows or someone else who has paid them to also include a cryptographic signature (the cost of which is $99.00) and that it has not been modified in any way.
Two companies. Two effectively identical approaches to improved security. But, here is a thought that struck me…
The difference is that nobody really expects to run anything but iOS on a iPhone or iPad so this level of security is welcome (or, even better, expected) where as some PC users often can’t wait to get rid of Windows and install something else so, thus, the ire from Free/Open advocates like Cory.
No major point here. As Arsenio always said, it’s one of those things that make you go hmmmm…