Apple Platform Security Guide Reveals Focus on Vertical Integration

Starting with an iOS-specific security document in 2012, Apple has periodically published details about its security efforts at least every year, with multiple updates in some years. While the iOS and Mac guides used to be separate documents, Apple merged them in December of 2019. The Apple Platform Security guide exists in the grey area between highly technical developer documentation and easy-to-read consumer overview. It is an incredibly useful resource for anyone who wants to understand how Apple protects information and devices.

As wonderful as the Apple Platform Security guide is as a resource, writing about it is about as easy as writing a hot take on the latest updates to the dictionary. Sure, the guide has numerous updates and lots of new content, but the real story isn’t in the details, but in the larger directions of Apple’s security program, how it impacts Apple’s customers, and what it means to the technology industry at large.

From that broader perspective, the writing is on the wall. The future of cybersecurity is vertical integration. By vertical integration, I mean the combination of hardware, software, and cloud-based services to build a comprehensive ecosystem. Vertical integration for increased security isn’t merely a trend at Apple, it’s one we see in wide swaths of the industry, including such key players as Amazon Web Services. When security really matters, it’s hard to compete if you don’t have complete control of the stack: hardware, software, and services.

Vertical Integration Is the Key to Security

Apple lays out its entire security strategy in the second paragraph of the guide:

Every Apple device combines hardware, software, and services designed to work together for maximum security and a transparent user experience in service of the ultimate goal
 of keeping personal information safe. For example, Apple-designed silicon and security hardware powers critical security features. And software protections work to keep the operating system and third-party apps protected. Finally, services provide a mechanism for secure and timely software updates, power a protected app ecosystem, and facilitate secure communications and payments. As a result, Apple devices protect not only the device and its data but the entire ecosystem, including everything users do locally, on networks, and with key internet services.

This is vertical integration: using control of the entire hardware, software, and services stack to build a trusted ecosystem and, ideally, make the whole greater than the sum of the parts. Vertical integration for security is incredibly powerful, but it introduces its own concerns as customers trade off some of their control for security. The Apple Platform Security guide is replete with examples of how vertical integration forms the foundation of security in the Apple ecosystem.

As highlighted in the guide, Apple is aggressively vertically integrating security across all three layers in all of its platforms:

• Hardware: At the core of all Apple silicon computing devices sits dedicated security hardware, including the Secure Enclave for handling super-sensitive functions like encryption key management and protecting passcodes and Face ID/Touch ID data. The Secure Enclave is the hardware root of trust for the Apple ecosystem, ensuring every device is as inherently secure as possible and can securely connect to Apple services.
• Software: Apple’s operating systems and apps tightly integrate into the hardware security features. For example, this integration enables more advanced memory protection and data protection using the hardware root of trust and security capabilities built into the CPU.
• Services: Apple has increasingly integrated its cloud services into the ecosystem’s security model. For example, Apple servers cryptographically sign apps in the App Store using keys that can be validated by the hardware root of trust in the Secure Enclave.

The combination of all three layers is what enables many of the practical security benefits for Apple users. Apple’s secure boot and update process is an excellent example of how this works.

This process builds a secure chain of trust from the read-only boot memory all the way until the user logs in and their data is unencrypted. All the different low-level software components are cryptographically signed by Apple and tied to an encryption key burned into the Secure Enclave hardware before it leaves the factory. Apple then leverages the embedded digital certificates and security policies on the devices to ensure that only Apple operating systems can be installed, only the latest versions of those operating systems (depending on device and settings), and only when obtained from Apple.

In other words, the hardware root of trust enables the secure boot process, which relies on Apple’s cloud servers to provide the right operating system and prevent the installation of older or unauthorized/compromised operating system versions. Practically speaking, this makes it very hard for attackers to compromise a Mac by installing an older, vulnerable operating system, plugging in a hardware device to crack the Mac during boot, or installing a rootkit that sneaks in during boot. Apple even breaks out the operating system and runs it in a special read-only volume that is also cryptographically signed to prevent modification.

It’s turtles all the way down. Assuming all the turtles are cryptographically signed and chained.

This approach builds a base of trust that the rest of the operating system, apps, and other services can use. For example, iMessage uses the Secure Enclave to secure the encryption keys used to protect messages and Apple servers to find and connect users, all without letting Apple peek into any communications. In another example of the integration of software and services, Apple further protects iMessage with the new BlastDoor “sandbox” service to block malware in messages (see “BlastDoor Hardens iMessage Against Malware Assaults,” 4 February 2021). Oddly, BlastDoor is absent from the Platform Security guide.

Hardware, software, and services all working together to protect the security of your Memoji gyrating to the latest TikTok dance moves. Welcome to the future.

Vertical Integration Is the Future of Security

Apple isn’t the only company using vertical integration to enhance security. Many Android devices include their own versions of a Secure Enclave, but it’s harder for them to provide the same degree of top-to-bottom security since their manufacturers control neither the full operating system nor the services. Gaming systems are another good place to see vertical integration in practice. Microsoft and Sony make tremendous investments in locking down their Xbox and PlayStation platforms to defend their gaming ecosystems (admittedly, largely from users pirating games).

Amazon Web Services is my favorite new example. AWS has been rolling out its Nitro architecture, which embeds security chips into AWS servers and then ties them back into Amazon’s software stacks and APIs. Nitro even includes Nitro Enclaves for secure processing, also integrated with Amazon’s Key Management Service. The end result is that even AWS employees can’t snoop on customers’ virtual machines, and customers gain highly secure environments for handling sensitive data. Hardware. Software. Services. All tightly integrated and designed to work together.

In my opinion, vertical integration is the lynchpin for defending against the threats of today and tomorrow. Today’s attackers have become so advanced and dedicated that it is extremely difficult to build a secure device without complete integration of the operating system and the hardware. I’ve seen conference presentations where the speakers showed X-ray and electron microscope images of chips they could compromise through direct manipulation. For desirable devices like the iPhone, iPad, and Mac, the security bar to keep attackers out is incredibly high, even if they can gain physical control of a target device.

Services are the important third leg to support secure software updates, communications, and convenient, customer-focused features. Find My, Activation Lock, iCloud Keychain Sync (so your passwords are on every device), iMessage, iCloud Backup, and HomeKit are examples of Apple services that use vertical integration to provide valuable features. Well, depending on your opinion of HomeKit.

But with great power comes great lock-in. Relying on a particular vendor’s cloud service means that if the service goes down or the vendor decides to discontinue the service, you are the proud owner of a useless hunk of plastic and electronic components. While Apple isn’t going out of business anytime soon, we saw issues earlier this year when the company’s certificate server was overwhelmed and responded slowly to integrity checks, preventing some users from being able to launch apps (“Apple Network Failure Destroys an Afternoon of Worldwide Mac Productivity,” 13 November 2020). Vertical integration also clearly drives customers to use more of the vendor’s devices and services, increasing sales.

Such integration in the name of security also has the effect of reducing flexibility and removing features. Something as simple as making a bootable duplicate of a drive has become a major hurdle for backup developers thanks to macOS 11 Big Sur’s signed system volume. Even creating a bootable external drive for an M1-based Mac is fraught with problems. Put simply, we’re not in Kansas anymore, Toto, and we can no longer rely on the security practices of 1939.

The Apple Platform Security guide is essential reading for anyone curious about security. It weighs in at nearly 200 pages and includes information on such diverse topics as the hardware cutoff for MacBook microphones, Ultra Wideband security in iOS, the Apple Security Research Device, and even car key security. And while I’ve focused this piece on how Apple is combining hardware, software, and services, that emphasis comes at the expense of highlighting many significant security advances in each of those areas.

Apple’s iOS devices are the most secure consumer hardware ever made. The M1-based Macs may be the most secure general-purpose consumer computers we’ve ever seen. “Most secure” isn’t invincible, and Apple continues to recognize that this is an arms race that will never end. For every advance Apple makes, professional criminals and hostile governments (well, all governments) are looking for the next way in. But in the years to come, it’s clear that Apple will be using every tool in its arsenal to build a secure ecosystem that relies on the integration of hardware, software, and services.