On 2022/01/10 18:11, Arend van Spriel wrote:
On 1/4/2022 8:26 AM, Hector Martin wrote:
Newer Apple firmwares on chipsets without a hardware RNG require the
host to provide a buffer of 256 random bytes to the device on
initialization. This buffer is present immediately before NVRAM,
suffixed by a footer containing a magic number and the buffer length.
This won't affect chips/firmwares that do not use this feature, so do it
unconditionally.
Not sure what the general opinion is here, but pulling random bytes for
naught seems wasteful to me. So if there is a way of knowing it is
needed please make it conditional.
We could gate it on specific chips only, if you don't mind maintaining a
list of those. AIUI that would be all the T2 platform chips or so (the
newer two don't seem to need it).
Alternatively we could just do this only if an Apple OTP is detected.
That is already implicitly gated by the OTP offset chip list.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature