SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 193: A Look at Apple Silicon with Nick Leon

Posted on July 30, 2020

Starting this year, Apple will begin making its own, ARM-based processors for the Mac. In this episode of The Checklist, we take a look at the background to this change, as well as what it means for Mac users:

Goodbye Intel, Hello ARM

When Apple announced their move from the Intel to the ARM processor architecture, it was clearly big news. But it also left many folks with a pretty basic question: What’s the actual difference between the two?

At a hardware level, Intel chips are built on the x86 architecture, whereas Arm’s processors use their own, proprietary ARM architecture. In computer science terms, x86 is what’s known as a Complex Instruction Set Computer (CISC) architecture, and ARM is a Reduced Instruction Set Computer (RISC) architecture. 

There are several differences between the two architectures, but perhaps the most basic one is the way in which they give instructions to the CPU. CISC architectures allow for more complex, “multi-step” instructions, while RISC architectures break instructions down into their individual steps and pass them to the CPU one-by-one.

In terms of how the two differ for actual human beings, RISC architectures tend to be extremely energy-efficient, which makes them a great fit for low-power environments like mobile devices and embedded systems. CISC architectures allow developers to tell the CPU what to do using fewer lines of code, which produces more compact programs and makes them appear a bit more “programmer-friendly” in the eyes of some people.

In terms of what the changeover will mean for actual Mac app developers, it’s still a little too soon to tell, but Apple is already saying that they’ll provide a range of tools intended to make the transition as smooth as possible, including functionality to automatically translate code written for x86 into something that will work on an ARM architecture, and extensive documentation to help developers port their apps to an ARM version.

There has been a great deal of discussion as to why, exactly, Apple decided to make this change — and there are likely several factors behind the decision.

For one thing, there have been rumors that Apple wasn’t happy about quality control issues at Intel in recent years. A CNBC report published last week lends some credence to this speculation: It seems that Intel will be forced to delay the release of one of their new chips for half a year due to production issues.

In addition, the move is pretty “on brand” for Apple as a company. Cupertino likes to do things in-house whenever it can — and prefers not to be constrained by another company’s quality issues, product offerings, or timetables. One past example of this comes from Apple’s 2008 acquisition of low-power chip manufacturer P.A. Semi (a move which marked the company’s first foray into manufacturing their own ARM chips). At the time, it was reported that the decision had to do with Apple’s dissatisfaction with Intel’s Atom line of chips for handheld devices, which they viewed as insufficiently power-efficient to meet their mobile development needs. 

In terms of the actual timing of the decision, it’s probably the case that Apple just feels ready to make the leap. They’ve been manufacturing chips for the iPhone and iPad for around 10 years (using the ARM architecture), and they now have a mature, successful silicon engineering division. For this reason, the company is confident that it can do at least as good a job of building processors for the Mac as Intel can.

Building a better Mac

There are some obvious business reasons for Apple to switch from Intel to ARM processors, but what will the change mean for end users? Will “Apple Silicon” really result in a noticeable improvement to the Mac?

Apple seems to think so. They’ve highlighted two key changes that ARM processors will allow them to implement — and say that these will help them to build a faster, more efficient Mac.

The first new feature is something called Asymmetric multiprocessing (AMP). AMP means that new Apple Silicon CPUs will have a mix of high-performance cores and power-efficient cores. Intel CPUs are multicore, of course, but all of the cores have relatively similar performance specs. This means that no matter what an app needs to do — whether it’s something that demands maximum performance or just a simple task that isn’t very resource-intensive — all of the processing is being done on a core that’s more or less the same as the others. AMP means that apps will be able to get their computational work done on a core that’s optimized for the kind of task they’re trying to accomplish: Tasks that require max performance will be sent to a high-performance core, and tasks that don’t require much in the way of system resources will be sent to a power-efficient core. The end result will be a Mac that gets all of its work done optimally, which should result in a faster, more efficient machine.

The second big change has to do with the way that the CPU and the GPU will share resources. At the moment, Intel Macs often have a CPU and a discrete GPU to handle graphics — and each has its own memory. This leads to computational overhead, since the CPU can only access graphical resources stored in the GPU’s memory by first requesting them and copying them over into its own memory area. Apple Silicon Macs will combine the CPU and GPU into a single system on a chip (SoC), which means that they’ll be working over the same memory. If the CPU needs a graphical resource like an image or a texture, it can get it from its own memory, without any extra steps. As with AMP, the end result for the user will be a Mac that doesn’t need to expend unnecessary effort to get its work done, which should result in increased efficiency and performance.

But is it safer?

If Apple is correct, ARM Macs will deliver enhanced performance and efficiency. But will they be any more secure than the current Intel Macs?

Again, Apple says yes.

In the developer sessions at WWDC, Apple characterized the change to ARM Macs as bringing many of the security protections of the iPhone over to the Mac (while still allowing the Mac to remain a Mac). There are three key features that they say will make the new Macs safer than ever before.

The first of these is Kernel Integrity Protection (KIP). This is a security feature that is currently found on the iPhone and iPad. If you’ve listened to The Checklist for a while, you’ll recall that the “kernel” of an operating system just refers to its core code: It’s the heart of the OS, and provides basic functionally to apps as well as handling things like memory and task management. For this reason, it’s extremely important — and anything that could affect the kernel code is considered to be significant from a security standpoint. This is also why, when we review Apple security updates, we’ll often highlight kernel vulnerability patches as particularly important. KIP is a protection built into the hardware that makes the kernel code immutable once the kernel has been initialized, and prevents any additional kernel code from being loaded. This is important in terms of security, because certain types of attack rely on injecting malicious code into a running kernel. KIP should help to prevent such attacks.

The second major security feature that Apple Silicon Macs will bring is called “write xor execute”, or W^X. Write xor execute is a memory protection that mandates that chunks of memory can be writable, or they can be executable, but not both at the same time (as an aside, that’s all that “xor” means in computing: It’s the “exclusive or” which basically says “A or B, but not A and B together”). This is important, because it’s considered dangerous to allow memory to be writable and executable at the same time, since some attacks are carried out by writing malicious code into a memory area intended for data — and then executing it. 

Unfortunately, many apps contain tools called just-in-time compilers or “JIT compilers”, which need memory to be both writable and executable (great for the JIT compiler, not so great for security). However, JIT compilers can’t just be dispensed with altogether, because they allow for the fast, dynamic translation of certain human-readable types of code into a format that can be executed by the computer. For this reason, Apple has created a new API that will allow memory areas to be toggled quickly back and forth between being writable and executable. This will allow JIT compilers to function, but will also eliminate the vulnerability caused by allowing memory to be both writable and executable at the same time.

The third and final security enhancement expected for ARM Macs is something called “pointer authentication”. To understand why this is a security protection, you first need to know a little bit about how computer memory works, and how it impacts security.

Underneath the hood of your computer, when the CPU receives instructions to execute code, it’s always being told exactly where in memory it needs to go (e.g. go to this memory address and execute the instruction you find there; go to that memory address and retrieve the value stored there). And the way a CPU knows where to go in memory is by using a “memory pointer”, which is just a sequence of bits that references a specific memory address. 

The reason that this can become a security issue is that there are certain kinds of vulnerability that allow bad actors to craft malicious pointers and feed them to the computer, essentially telling it to go to the wrong place in memory. This can result in crashes, or, even worse, in the computer executing arbitrary instructions or malicious code. In a truly worst-case scenario, an attacker might be able to gain remote admin access to a compromised machine.

The most recent versions of the ARM architecture have introduced a protection designed to prevent this from happening (a protection which is already in place on the iPhone). The 64-bit memory pointers used by modern ARM architectures don’t actually use all 64 bits to reference a memory address — there are always some extra, leftover bits. So ARM decided to put those surplus bits to good use! The previously unused bits are now used to store a “pointer authentication code” (PAC), which is basically a cryptographically generated digital signature for pointers. PACs allow the system to use cryptography to verify that the pointer came from a trusted source. Before it uses a memory pointer, it can check to make sure it’s validly signed. If it isn’t signed, or if the signature is invalid, the computer knows that something is wrong — and refuses to use the pointer. This means that although bad actors may try to send malicious pointers to an ARM Mac, they won’t be able to provide the digital signature required to get the computer to actually use their pointer. The end result should be a Mac that is hardened against these kinds of attacks. 

Apple Silicon Macs will be good for Apple, and good for users in terms of performance and security. But that leaves one final question: Should prospective Mac buyers wait for the Apple Silicon Macs to come out before investing in a new computer? 

As with so many things, it’s going to come down to each individual user’s needs and concerns, but we can offer a bit of guidance — especially for those who are worried that an Intel Mac purchased today will soon become obsolete.

First, it’s important to keep in mind that the transition to ARM Macs is supposed to be gradual, not instantaneous. Apple isn’t even releasing the new Apple Silicon machines until the end of the year, and they still have unreleased Intel Macs in their product pipeline. The full move away from Intel is expected to take around 2 years to complete. So it’s safe to say that Intel Macs are not going anywhere for the time being.

Secondly, Apple has announced that it will support Intel Macs with new versions of macOS for the foreseeable future — pretty much indefinitely. In addition, their developer tools will make it reasonably easy for devs to maintain versions of their apps that work on both the x86 and the ARM architecture, which means that it’s very unlikely that you have to worry about your favorite apps suddenly disappearing.

The bottom line is this: If you want to wait six months, or a year, to purchase a Mac, then go ahead and wait for the Apple Silicon versions to come out. But if you need to buy a new Mac right away for whatever reason — your old machine is giving out, you’re starting a new job or heading off to college — then you shouldn’t be put off by concerns about support and compatibility. Most people who buy an Intel Mac today won’t have to worry about these issues for a long time to come…and by the time it does start to become a problem, they’ll probably be ready to purchase a new Mac anyway.

That takes us to the end of this edition of The Checklist, but if you’d like to continue learning about digital security and privacy while you wait for the next podcast, please take a moment to look through our archive, where you’ll find audio and complete notes for all of our past episodes. And as always, if you have a question about security or an idea for a future show, let us know!

Join our mailing list for the latest security news and deals