If someone gets physical access, all bets are off. Just wire a ChipWhisperer (https://www.newae.com/chipwhisperer) between the TEE and the CPU or GPU, and it’s trivial to get around all protections. Throw in clock or voltage-glitching and…
This one area I don’t have even superficial knowledge of, but armchair logic suggests if you have physical access, it’s reasonable to assume with enough resources (and time), you can probably find a way to defeat TEEs.
How relevant this is to the real world is a separate question.
This is the same tired “well it can be defeated so no security is better than fake security” excuse people already make. The point is to make it take so long to break in the value of what is extracted has expired by the time they do.
If your phone is yoinked by the bois for evidence, do you want them to see what you’ve been doing on your ohone right away? And “nothing to hide” doesn’t matter if they can use mental gymnastics to spin innocence into guilt. At least with long enough protection timing you have a shot at getting through via lack of tangible evidence.
Kinda fucks apps like signal up if they need to rely on the secure enclave on cloud servers
Stuff is already encrypted when they reach their servers
https://signal.org/blog/private-contact-discovery/
Features like this depend on the secure enclave
Fair point
Yeah, in the article they even say manufacturers don’t provide any guarantees against physical attacks.
