Secure Enclave

From The iPhone Wiki
Jump to: navigation, search

The Secure Enclave is part of the A7 and newer chips used for Touch ID. Within the Secure Enclave, the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of the A7 Chip and the rest of iOS. The secure enclave itself is a flashable 4MB processor called the secure enclave processor (SEP) as documented in Apple Patent Application 20130308838. The technology used is essentially ARM's TrustZone/SecurCore.

The SEP is located in the devicetree under IODeviceTree:/arm-io/sep and manged by the AppleSEPManager driver as seen here


The SEP has its own OS called SEP OS and there exists a tool called seputil which is used to communicate with it.

Further References