| ▲ | ozgune 9 hours ago | |
> Apple even says it will publish its software images (though unfortunately not the source code) so that security researchers can check them over for bugs. I think Apple recently changed their stance on this. Now, they say that "source code for certain security-critical PCC components are available under a limited-use license." Of course, would have loved it if the whole thing was open source. ;) https://github.com/apple/security-pcc/ > The goal of this system is to make it hard for both attackers and Apple employees to exfiltrate data from these devices. I think Apple is claiming more than that. They are saying 1/ they don't keep any user data (data only gets processed during inference), 2/ no privileged runtime access, so their support engineers can't see user data, and 3/ they make binaries and parts of the source code available to security researchers to validate 1/ and 2/. You can find Apple PCC's five requirements here: https://security.apple.com/documentation/private-cloud-compu... Note: Not affiliated with Apple. We read through the PCC security guide to see what an equivalent solution would look like in open source. If anyone is interested in this topic, please hit me up at ozgun @ ubicloud . com. | ||
| ▲ | saagarjha 3 hours ago | parent [-] | |
Some of the core elements of the boot process are not source available, unfortunately. | ||