What is Apple's Secure Enclave and how does it protect iPhone and Mac?

iPhones and Macs have a Touch ID or Face ID that uses its own processor to handle users' biometric information. It's called the Secure Enclave, it's basically a complete computer and it offers a wide range of security features.

Secure Enclave starts separately from the rest of the device. It runs its own small kernel, the operating system or programs running on the device cannot access this section directly. It has 4MB of flash memory, used exclusively for storing elliptic 256-bit personal keys. These keys are unique to your device and are never synced to the cloud or even the device's main operating system cannot be seen directly. Instead, the system requires Secure Enclave to decrypt the information using the keys.

Why does Secure Enclave exist?

What is Apple's Secure Enclave and how does it protect iPhone and Mac? Picture 1

Secure Enclave makes it difficult for many hackers to decrypt sensitive information without accessing your device. Because Secure Enclave is a separate system and the main operating system never sees these decryption keys, it is difficult to decrypt the data without proper access.

Please note, biometric information is not stored on the Secure Enclave; 4MB is not enough storage space for all that data. Instead, Enclave stores the encryption keys used to lock that biometric data.

Third-party programs can also create and store keys in the Enclave to lock data, but applications never have access to those keys. Instead, applications that require Secure Enclave encrypt and decrypt data. This means any information encrypted with the Enclave is extremely difficult to decode on any other device.

Below is a reference to Apple documentation for developers:

When storing a private key in Secure Enclave, the user instructs Secure Enclave to create a key, securely store it, and perform operations with it. You only receive the output of these operations, such as encrypted data or cryptographic signature verification results.

Secure Enclave cannot import keys from other devices: it is specifically designed to create and use keys on your phone or computer. This makes it difficult to decode the information on any device.

Secure Enclave hacked?

Secure Enclave is complicated and makes it hard for hackers to access the device using this system. But nothing is absolutely safe. In the summer of 2017, hackers revealed that they had decrypted the Secure Enclave firmware, understanding how the Enclave works. However, it is worth noting that hackers have yet to find a way to retrieve the encryption keys stored in the Enclave: they only decrypt the software.

Delete the Enclave before selling a Mac

What is Apple's Secure Enclave and how does it protect iPhone and Mac? Picture 2

The keys in the Secure Enclave on iPhone will be deleted when performing a factory reset. In theory, it will also be deleted when reinstalling MacOS, but Apple advises users to delete Secure Enclave on a Mac if they use anything except the official macOS installer.

See more:

  1. Secure iPhone after jailbreak
  2. 6 secure ways on iPhone
  3. Security "security" for iPhone. How many methods do you know?
4 ★ | 4 Vote

May be interested

  • The security 'standalone' for iPhone. How many methods do you know?The security 'standalone' for iPhone.  How many methods do you know?
    although apple has always wanted to make the iphone the most secure device in the world, however, you still cannot be 100% sure that the iphone you own will be safe. the best thing you can do to reduce the risk of attack is to increase the security of your iphone. please refer to the security methods below.
  • Review F-Secure Sense routers: Effective, affordable protectionReview F-Secure Sense routers: Effective, affordable protection
    f-secure sense is a wireless router capable of blocking access to malicious websites and other threats, blocking trackers, as well as including firewalls to protect all connected devices from attacks.
  • The safest and most secure way to encrypt dataThe safest and most secure way to encrypt data
    the safest and most secure way to encrypt data. in addition to the positive aspects, the internet also contains risks such as information leakage, theft, data destruction and to protect against such attacks, we must use data encryption methods to protect protect data against internet risks.
  • Things to note when eating applesThings to note when eating apples
    the current abuse of preservatives, how to eat apples is really good for health
  • Secure folders with Secure Folders softwareSecure folders with Secure Folders software
    protect folders, applications on your computer to help you manage your computer better and prevent others from viewing important folders. secure folders is free software with a simple interface, easy to use and compatible with all versions of windows.
  • Secure web tunnel settingSecure web tunnel setting
    there are many ways to protect your data in case you need to access public wi-fi networks
  • Instructions for accessing anonymous Web on iPhone browserInstructions for accessing anonymous Web on iPhone browser
    ways to access anonymous web right on your iphone to help you secure secure web access history to avoid seeing outsiders.
  • Zero Browser download and experience - secure browser on iOS, freeZero Browser download and experience - secure browser on iOS, free
    zero browser is a full-featured security browser to protect your iphone or ipad device when online.
  • 6 secure ways on iPhone6 secure ways on iPhone
    just like on a computer, any iphone user wants his device to be 'invulnerable' but in case you have to share your device with other users, the following way will help you. set up security features to make sure all data on iphone is safe.
  • How to protect spreadsheets in ExcelHow to protect spreadsheets in Excel
    instructions on how to protect spreadsheets in excel. protecting spreadsheets is an essential need of many users, thanks to this feature who makes spreadsheets can secure their data. to protect a spreadsheet, follow these steps: step 1: right-click v