Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Apple Unveils Security Features in New M1 Chip

Apple M1 chip security features

Apple this week unveiled its new M1 chip and the company has provided a brief description of its security features.

Apple M1 chip security features

Apple this week unveiled its new M1 chip and the company has provided a brief description of its security features.

The tech giant told SecurityWeek that it will detail the M1’s security features in the coming weeks. For now, it has only shared limited information, but it was still enough for experts to share some thoughts.

Apple says the M1 is the first system-on-chip (SoC) designed specifically for the Mac. The chip uses 5nm technology, it has 16 billion transistors, and it includes an 8-core CPU, as well as an 8-core GPU, which the company says deliver high performance without consuming a lot of power.

In terms of security features, Apple says the M1 chip includes the latest generation Secure Enclave, a high-performance storage controller with AES encryption hardware, and hardware‑verified secure boot. The company says it has built new security protections “deep into the code execution architecture of M1.”

Security researcher Daniel Gruss told SecurityWeek that the M1 chip does not appear to contain any breakthroughs in terms of security.

Nevertheless, Gruss said, “The M1 is a very interesting and cutting-edge piece of hardware with state-of-the-art security techniques based on the information that has become public so far.”

Gruss is a researcher at the Graz University of Technology in Austria. He is one of the researchers involved in the discovery of Meltdown, Specter and several other significant processor vulnerabilities, including the recently disclosed PLATYPUS attack, which can be used to obtain sensitive data by monitoring a processor’s power consumption.

Jesse Michael, principal researcher at hardware security company Eclypsium, explained that by adding its own AES encryption hardware to the storage controller, Apple doesn’t have to depend on possibly-broken encryption in the SSD itself and it prevents the main CPU from being bogged down due to encryption duties.

“Intel added AES-NI instructions a number of years ago to speed up encryption because dedicated hardware to do the AES operations is faster than doing it only using general-purpose instructions,” Michael told SecurityWeek.

As for hardware-verified secure boot, which is designed to ensure that only Apple-signed code can run on a device (even if an attacker has physical access), the expert pointed out that similar features have been available on Apple’s phones for a while and “it makes sense for them to add those to their laptops and other devices.”

“Many other vendors have been working on adding a hardware-based root of trust for secure boot,” Michael said. “Intel has the BootGuard feature to verify even the first parts of the code that are read out of the SPI flash and close one of the secure boot gaps in Intel platforms, but it’s not deployed everywhere yet. BootGuard is most likely to show up in enterprise laptops, I think.”

As for the Secure Enclave, which is designed to protect highly sensitive information even if the operating system has been compromised, the researcher noted that it’s similar to Intel’s SGX technology, but “Intel’s version is a little more general-purpose than the Apple Secure Enclave.”

Related: Apple Announces New Privacy Features at WWDC 2020

Related: Researchers Get Big Bounties From Apple For Critical Vulnerabilities

Related: Apple Offers Hackable iPhones to Security Researchers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Endpoint Security

The Zero Day Dilemma

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...