Jump to content

Talk:bridgeOS

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia


There is no such thing as bridgeOS.

[edit]

The thing you're referring about sounds more like sepOS because sepOS runs everything up there but I am unsure about the cooling fans. Also it isn't based on watchOS or macOS at all it is based on an Apple modified L4 microkernel. If you want to sound like an idiot leave this up. I've already warned you once before I'm just trying to help.

https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web

DrewbieSnack (talk) 22:57, 11 August 2025 (UTC)[reply]

Presumably you're referring to "All Intel-based Mac computers that contain the Apple T2 Security Chip" in the list under "The Secure Enclave is a hardware feature of most versions of iPhone, iPad, Mac, Apple TV, Apple Watch, Apple Vision Pro, and HomePod—namely:".
The L4 microkernel is, as that page says, what runs on the Secure Enclave processor. That's not the only processor in the Apple T2 - see slide 7 of https://i.blackhat.com/USA-19/Thursday/us-19-Davidov-Inside-The-Apple-T2.pdf, which shows an ARM64 processor and the Secure Enclave Processor (SEP). sepOS is what runs on the Secure Enclave Processor; bridgeOS is what runs on the ARM64 processor.
HTH. Guy Harris (talk) 23:35, 11 August 2025 (UTC)[reply]
This is kinda what I was already saying. I am well aware of the T1, T2, and all the products that have apple silicon in them that also have an embedded Secure Enclave and if you would take two seconds to read the website I enclosed then you will see that what I was getting at is there is nothing now or ever called bridgeOS and it damn sure didn’t handle Secure Enclave calls. That’s done by sepOS like you said which is based on the L4 micro kernel. That came from Apple’s own website. I think they know better what’s in their products! Good day! DrewbieSnack (talk) 04:57, 12 August 2025 (UTC)[reply]
This is kinda what I was already saying. You said "The thing you're referring about sounds more like sepOS because sepOS runs everything up there ... Also it isn't based on watchOS or macOS at all it is based on an Apple modified L4 microkernel."
If by that you mean that the only software running on the T2, and the software that performs all of the T2 functions, including running the Touch Bar, with thepossible exception of the cooling fans, what the article says, and what I said, are not' "kinda what you were already saying".
if you would take two seconds to read the website I enclosed I read it before responding, as should be obvious from "The L4 microkernel is, as that page says, what runs on the Secure Enclave processor." in my response.
The paper in question is silent on the questions of 1) whether there's another processor on the T2 or if the T2 only contains the Secure Enclave with its Secure Enclave Processor and 2) whether the software running on that other processor, if it exists, is called "bridgeOS", so, no you will not see any support for your claim anywhere on the page in question.
it damn sure didn’t handle Secure Enclave calls Neither what I wrote nor what bridgeOS says make any claim whatsoever about bridgeOS (or whatever Apple calls it, if anything) handles Secure Enclave calls - it may make calls to the Secure Enclave, either for its own purposes or on behalf of macOS - but that doesn't mean it actually performs the Secure Enclave operations.
The bridgeOS and Apple T2 pages have what appear to be reliable sources indicating that there's an ARM64 processor on the T2, separate from the Secure Enclave and its Secure Enclave Processor, and that it runs an OS that somebody - whether it's Apple or the hackers who have studied it - call bridgeOS.
Unfortunately, Apple don't appear to say very much about the T2 other than the security functions it provides. It does say, on page 7 of Apple's December 2024 "Apple Platform Security" document, that

On a Mac with a T2 chip, trust for macOS secure boot begins with the T2. (Both the T2 chip and the Secure Enclave also execute their own secure boot processes using their own separate boot ROM—this is an exact analogue to how the A-series and M series chips boot securely.

which at least seems to suggest that there are two separate processors, both of which have their own boot processes - which makes sense if Apple wants to minimize what the Secure Enclave and its processor do, so as to minimize its attack surface, as per an earlier quote on that page:

These capabilities include a CPU that powers system security features, as well as additional silicon that’s dedicated to security functions. Security-focused hardware follows the principle of supporting limited and discretely defined functions to minimize attack surface. Such components include a boot ROM, which forms a hardware root of trust for secure boot, dedicated AES engines for efficient and secure encryption and decryption, and a Secure Enclave.

Page 3 of Apple's October 2018 "Apple T2 Security Chip Security Overview" says that "In addition to the security components, the T2 chip integrates several controllers found in other Mac systems—like the system management controller, image signal processor, audio controller, and SSD controller." and says on page 4 that "The Secure Enclave on the T2 chip uses encrypted memory and includes a hardware random number generator. It maintains the integrity of its security functions even if the macOS kernel has been compromised, and its limited function is a virtue: Security is enhanced by the fact that the hardware is limited to specific operations.", which suggests that Apple isn't going to give the Secure Enclave Processor the job of, for example, controlling the speaker volume. Guy Harris (talk) 08:12, 12 August 2025 (UTC)[reply]
I am not saying that most of what said is wrong there are some errors but this is about the existence of bridgeOS which is not mentioned in your documentation at all and when I have proof from Apple you still try and call me wrong when you have NO PROOF! I'm about to email Apple now for further proof. It's fine not to know something but it's not fine to not admit when you're wrong. You seem like a troll or a stubborn fool! Have a blessed day! DrewbieSnack (talk) 15:04, 12 August 2025 (UTC)[reply]
Also I want people to know the truth even if I was ever wrong (which I am not here) it's not about ego it's about teaching the right stuff so we don't have a bunch of idiots running around with knowledge based on misinformation. Misinformation is a pet peeve and a blight on the population! DrewbieSnack (talk) 15:08, 12 August 2025 (UTC)[reply]
this is about the existence of bridgeOS There's "the existence of a processor on the T2 chip, other than the Secure Enclave Processor, that performs various functions", there's "the existence of a Darwin-based operating system that runs on that processor", and there's "the name of that Darwin-based operating system being bridgeOS".
I've already presented Apple documents, one of which seems to suggest that said other processor exists. You haven't offered any proof whatsoever that the processor in question doesn't exist or that, if it exists, it isn't running some Darwin-based OS.
See the Apple T2 page for non-Apple information on the T2 chip, as discovered by various reverse-engineers, which also indicate that the processor exists and is running an OS that is, in some way, similar to iOS. See, for example, https://web.archive.org/web/20201011162230/https://blog.t8012.dev/on-bridgeos-t2-research/.
The only open question I see is whether Apple calls the OS on that processor "bridgeOS" or not. The page at https://newosxbook.com/articles/BridgeOS.html seems to suggest that Apple uses that name in at least some pathnames. Guy Harris (talk) 20:10, 12 August 2025 (UTC)[reply]
Yeah, you’re right this is about the existence of bridgeOS in which it doesn’t everything you have given as evidence either is from some third party or if you gave me something from Apple it didn’t say anything about bridgeOS (because it doesn’t exist). Think about it if they’re trying to protect their enclave from hackers why on earth would they use the same foundation as their main OS (Darwin) also if it is called bridgeOS why would Apple clearly call it sepOS and say it was based on L4 Microkernel? Do you or your third party idiots that you quote know more than Apple about their products? Perhaps Apple should hire you on. You’re just being ridiculous to waste everyone’s time. You don’t care about the truth and you don’t care if you teach people the wrong shit. I don’t care what you believe but I will not stand for misinformation! Oh you’re wrong this isn’t about T1, T2, or the Secure Enclave platform in general because those are very much so documented on Apple’s website, you know the people who make these computers? It is about the only real OS that runs on it (sepOS) not your made up OS (bridgeOS). Have a good life and I hope you realize the truth. DrewbieSnack (talk) 14:28, 14 August 2025 (UTC)[reply]

Yeah, you’re right this is about the existence of bridgeOS in which it doesn’t everything you have given as evidence either is from some third party Third parties are not incapable of discovering facts. Would you, for example, reject the findings of iFixit?

if you gave me something from Apple it didn’t say anything about bridgeOS (because it doesn’t exist). It doesn't refer to any code using that name. However, one thing I did show in this thread was Apple's December 2024 "Apple Platform Security" document, which says, on page 7, that

On a Mac with a T2 chip, trust for macOS secure boot begins with the T2. (Both the T2 chip and the Secure Enclave also execute their own secure boot processes using their own separate boot ROM—this is an exact analogue to how the A-series and M series chips boot securely.

This draws a distinction between "the T2 chip" and "the Secure Enclave" and indicates that both of them have boot processes and thus that both of them have independent software running on them.

Think about it if they’re trying to protect their enclave from hackers why on earth would they use the same foundation as their main OS (Darwin) They're trying to protect the Secure Enclave from hackers, which is why the Secure Enclave Processor is separate from the other processor on the T2 chip, and runs the L4-based sepOS rather than whatever software runs on the other processor. That not only isolates it from the main Intel CPU, it also isolates it from the other CPU on the T2 SoC. Given that the other CPU is not in charge of the Secure Enclave, has little if any more direct access to the Secure Enclave than the main CPU, and performs a bunch of functions including UI functions (for example, the Touch Bar in systems that have it), a Darwin-based OS could make sense.

also if it is called bridgeOS why would Apple clearly call it sepOS and say it was based on L4 Microkernel? There isn't one "it" here, there are two "it"s here. There's the L4-based sepOS, which runs on the Secure Enclave Processor, and there's the Other OS, which runs on the other T2 processor. Therefore, your question is invalid, as the "it" that might be called bridgeOS, based on file names and possibly other information, is not the same thing as the "it" that is sepOS, running on the Secure Enclave Processor. Those two "it"s are different things. (If I were designing for security, I wouldn't put the Secure Enclave Processor in charge of the Touch Bar, image processing, video encoding and decoding, speech recognition, etc., as Apple T2 § Other features indicates, with references, that the T2 handles - that would significantly increase its attack surface.)

Perhaps Apple should hire you on. They did, in 2004; I worked as an engineer in the file system subgroup of the Core OS group, and later the remote file system sub subgroup of that group, on projects such as the OpenSolaris-based automounter introduced in Leopard (things were a bit different when we shipped - the "Personalized Autmounting" didn't happen (oh, and why the **** did I spell it "MacOSX" when I did that slide, WTF was I thinking? :-))). (Tip of the hat to Brent Callaghan, one of my officemates and one of the creaters of the autofs automounter when he was at Sun before joining Apple, for the idea of the readdir extension to external automounter maps.) I retired in 2011.

You don’t care about the truth I do, which is why I wrote my original response to your comment here, and subsequent responses.

Oh you’re wrong this isn’t about T1, T2, or the Secure Enclave platform in general because those are very much so documented on Apple’s website, The security functions of the T2, including the Secure Enclave, are documented there. Apple doesn't say much about the other stuff the T2 does, which is why third parties were poking at it to figure out more about how it works.

And, given that the T2 does more than Security Enclave stuff, it is about the T2, as the Other Processor is what runs the Other Software, which, from the research of the reverse-engineers, appears to be a Darwin-based OS, possibly named "bridgeOS". Guy Harris (talk) 22:16, 14 August 2025 (UTC)[reply]

I don't trust third parties over Apple's own engineers. I will email Apple very soon and give you the verdict but I can't help to feel you're being a troll at this point or are very dense. I have shared with you from the people who make all these systems what it is called. Third party companies and news organizations have been caught time and time again copying misinformation from each other without fact checking. So no they shouldn't be trusted especially when I gave you a report from Apple themselves! Like wow haha! If you really go through life with this mindset I don't know how you made it this far. DrewbieSnack (talk) 19:47, 27 August 2025 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:BridgeOS&oldid=1308148961"