| ▲ | btown 3 hours ago | |
From the paper: https://github.com/Layr-Labs/d-inference/blob/master/papers/... > Apple’s attestation servers will only generate the FreshnessCode for a genuine device that checks in via APNs. A software-only adversary cannot forge the MDA certificate chain (Assumption 3). Com- bined with SIP enforcement (preventing binary replace- ment) and Secure Boot (preventing bootloader tampering), this provides strong evidence that the signing key resides in genuine Apple hardware. | ||
| ▲ | saagarjha 44 minutes ago | parent [-] | |
I am not entirely sure they understand that System Integrity Protection and Secure Boot can be turned off. | ||