Skip to main content

SEP

SEP is a security coprocessor in Apple devices. It is responsible for the secure enclave, which is a secure area of memory that can only be accessed by the SEP. SEP is also responsible for the Touch ID sensor.

SEP Firmware Binary

On a Corellium virtual device, SEP firmware can be run in an emulator instead of protocol-level SEP emulation. An unencrypted img4 or raw binary image must be provided. This may not be changed after device creation. You can also patch SEPOS to print debug messages to the console.

SEP Bootrom

The SEP firmware binary can be loaded via SEP ROM image instead of directly loaded into SEP memory. A raw binary image must be provided. This may not be changed after device creation.

Simulation vs Model

Corellium currently has two ways to support SEP:

  1. Software Simulation: Used by default when no SEP firmware images provided (cloud/on-site). This works on a SEP ↔︎ AP (Application Processor, CPU where iOS runs) protocol level returning data expected by AP partially simulating SEP behavior.
  2. SEP Model: available only for on-site customers, it provides software model of SEP hardware and allows you to run actual SEPOS (Operating System for SEP) firmware images (decrypted). In turn, it also has two modes of operating: with and without SEPROM. If you provide a SEPROM image, SEP model starts from it, otherwise it starts straight from provided SEPOS image.

Some websites provide SEPROM images and we expect them to work; however, you must provide a decrypted SEPOS image as well to make mode (2) work.