Reset76@siracusa I just read the Apple white paper on security around PCC and you seem like the right guy to ask this to: I*loosely* understand the protections and mitigations that have been made at the architectural level of the server side, but because the device does most of the authentication without user involvement could a compromised device in theory get steered away from those protections?
John Siracusa@Reset76 A “compromised device” can do anything.
@siracusa right. Fair. I guess I’m asking if the Secure Enclave has any kind of special purpose in the process to mitigate it.
@Reset76 The Secure Enclave should make both the client and server hardware harder to compromise (because stuff in there is not nearly as accessible as stuff in regular RAM or flash storage).