Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1

Dive into a 40-minute Black Hat conference talk that uncovers the mysteries behind Apple's customized Pointer Authentication (PA) hardware implementation on the M1 chip. Explore how researchers reverse-engineered this security feature, which has been deployed on all Apple-silicon-based products since 2018. Learn about the "dark magic" discovered by Brandon Azad in 2019 that allows Apple's PA to defend against cross-EL/Key attacks without software support. Understand the progress made in revealing the causes of these cross-attack mitigations, four years after the initial discovery. Gain insights from the research team's findings on the inner workings of Apple's PA hardware and its implications for system security.