Oh; so the camera LED and camera data path would run a remote attestation protocol with the exclave, and the exclave would make sure the led is on whenever it’s forwarding on data from the camera?

(Though I’m not convinced that will actually work on modern apple devices, where the led is pixels that run through the compositor — I guess the video driver stack and window managers are also exclaves in this world?)

I'm not sure how complex modern display controllers are, but I could imagine a simple priority hardware overlay functionality that an exclave has access to (similar to the dedicated "cursor overlay" functionality some older GPUs had, as far as I understand).

Once you have that, you can take the idea further: Displaying an indicator that confirms that all your keystrokes are going to an exclave validating your password, for example.

The much-hated touch bar actually enabled just that, for Apple Pay payments, as far as I remember: It could display something like "touch to confirm payment of $x" on its own screen in a way that was impossible to manipulate from macOS – now here's an opportunity to bring that level of security back without requiring a dedicated display or taking away people's beloved function keys.

They should have done half height function keys and kept the Touch Bar. Best of both worlds.

The article mentions the display controller runs an Apple OS so I could see there being a secure way for an exclave to call into it for the onscreen indicators.

I would expect that to mean they're not included in screenshots so I'm curious now whether that's true for the iPhone 16.