Enter any questions on the following lines and we will attempt to answer:
How easy does this make it to bypass FileVault protections? Does it allow brute-forcing the password or other attacks?
What does this mean for SEP-protected ECC keys? Does this allow extracting or cloning the secrets to another device?
Does this allow forging the attestation provided for WebAuthN credentials or App Attest?
How feasible is it to compromise the T2 directly from macOS instead of via a physical connection?
Is this something Apple can firmware patch? Does it affect all T2 chips, or just older versions?
Does this make it possible to run an implant or keylogger on the T2 to collect FDE credentials? Was that possible before?
Is there a way this attack could be persistent?
From @mjc59
What can an attacker do with a compromised T2
What can an attacker do with a compromised SEP
Is there any way for a user to reliably reset their T2 into a known good state
Is there any way to detect that this has happened
Corrections from ironPeak
The T2 is not the SEP, the T2 contains the SEP
The boot sequence fully brings up the T2 / bridgeOS before the Intel is released from reset and allowed to boot EFI at all
No T2 has SATA, it uses NVMe and PCIe to talk to NAND storage
The T2 / bridgeOS is fully booted and stays on even when the computer is off, so the boot sequence holds here for the power button
This is not the“next boot disk” since each processor has it’s own system volume, also replace“APFS encryption” with FileVault2 as that is a more accurate term
Corrections from ironPeak
Answer Session