Apple Secure Enclave
Discussions center on Apple's Secure Enclave hardware component, its role in protecting encryption keys from extraction by Apple, the OS, or authorities, and debates about its security effectiveness against backdoors or warrants.
Activity Over Time
Top Contributors
Keywords
Sample Comments
The keys are stored only in the Secure Enclave. Encryption and decryption are handled outside the standard CPU and OS. This is hardware-level protection, not just some flag on a cloud account to be flipped. The only way for Apple to break this system is to break it for everyone, since anything else would risk bleed over or insufficient compliance.
Isn't that the entire point of the secure enclave[1]?https://support.apple.com/guide/security/secure-enclave-sec5...
This document has more information on the Secure Enclave.https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Apple has Secure Enclave. Who knows what that's doing.
The hardware will not allow this, at least not without modifications. The encryption keys are not exportable from the Secure Enclave, not even to Apple's own servers.
Could this be possible on iOS devices, which also have a secure enclave?
Wouldn't Apple (or the manufacturer) know the key of the security enclave?
Not sure if 100% applies to the iPhone in question, but the secure enclave was designed to prevent this sort of thing. Here's an intro to it:https://www.mikeash.com/pyblog/friday-qa-2016-02-19-what-is-...
Some devices e.g. Apple have a Secure Enclave that is not user accessible, that's what I'm referring to, I'm not suggesting that they are stored on a server.
Yep: https://developer.apple.com/documentation/security/certifica...