macOS-Security-and-Privacy-Guide icon indicating copy to clipboard operation
macOS-Security-and-Privacy-Guide copied to clipboard

Published 20 hours ago verified publisher icon drduh

Full disk encryption: PRNG info outdated

Open iamsilvio opened this issue 4 years ago • 6 comments

Macs with T1 or T2 chip use CPRNG from the Secure Enclave (MacBook's from 2016 and newer) and other sources to gain entropy.

Mac's before the T1 chip used intels RDRAND to increase entropy, they were affected by side-channel attacks, but this was patched.

Also, the Mac kernel uses multiple sources to gain entropy and manual steps are not required.

iamsilvio avatar May 11 '21 21:05 iamsilvio

The FDE/entropy section definitely needs some love. PRs to improve it are welcome!

drduh avatar May 31 '21 16:05 drduh

We're still looking for contributors to update the disk encryption section. Any volunteers?

drduh avatar Oct 24 '21 19:10 drduh

We're still looking for contributors to update the disk encryption section. Any volunteers?

I’ve got no problem working on this. Just recently picked up a mac with an M1 chip in it so have been looking reassessing my own docs and noticed this doc leaves out info in relation to the new Apple Silicon SoC

johnsoga avatar Dec 25 '21 23:12 johnsoga

@drduh can you assign this to me?

johnsoga avatar Jan 09 '22 07:01 johnsoga

@johnsoga how's it going? Can we offer any support?

drduh avatar Dec 26 '22 22:12 drduh

@drduh didn't realize this had actually gotten assigned to me. I'll start working on it

johnsoga avatar Jan 17 '23 05:01 johnsoga