Ive come to discover recently that apple does not let you store secrets in the secure enclave. Its off limits to the owner/user of the device and meant for storing apple secrets….
So then wallets on ios/macos are sitting on the drive, encrypted by the OS? This really bothers me a LOT. They’re unwrapped for use and exposed in RAM instead of inside the secure enclave. Why would anyone in their right mind want to use these devices with crypto in mind?
If you got rootkitted its game over but windows TPM 2.0 and android strongbox/titan allow users to store secrets in the vault. A rootkit can’t get in the vault. But with apple, kernel access means the ability to unwrap your secrets that were out on the front sidewalk anyway and not inside the house and in the safe where they belong.
What in the world is this? Its really bothering me.
I don’t understand you concern. My ssh secret key is stored in secure enclave. All my passkeys are stored in secure enclave. If anything, we just need to have more apps support passkey.
Hey Brian, the concern is that Apple doesn’t let third party apps generate keys inside the Secure Enclave. What you’re describing is Apple managing keys on your behalf through their own APIs. That’s a different thing.
For a trustless proof-of-personhood primitive, I need users to generate sovereign keypairs in hardware that nobody can extract, including Apple. Android StrongBox gives developers that. So does Windows hardware, even if running Linux. Apple doesn’t.
Passkeys authenticate you to a service. They can’t sign arbitrary payloads with a user-sovereign private key. Those are different things and the distinction matters for what I’m building.
If I understand correctly you are bothered that third party developers cannot store keys in the Secure Enclave. My ELI5 understanding is that the Secure Enclave was never intended nor designed to generate and store arbitrary keys. Its single purpose is to store and keep secret a device-bound private key that can be used for signing purposes by the owner of the device.
It makes sense from a use case and hardware perspective. I never did a dive into TPMs, but Apple is using space on the CPU silicon vs a coprocessor chip - so different design trade offs and considerations.
Good context. iOS is already accounted for in my system: devices without access to third party hardware key generation get a lower trust tier by design. No frustration there, just an honest reflection of what the hardware allows.
Android StrongBox is a different story. Google explicitly allows third parties to generate and store arbitrary keys in hardware. Same with TPM 2.0. This is why TPM2-containing devices and devices with strongbox are first class citizens for PoP in my system, and unfortunately the entire Apple ecosystem is not.