Secure Enclave

From The iPhone Wiki
Jump to: navigation, search

The Secure Enclave is part of the A7 and newer chips used for Touch ID. Within the Secure Enclave, the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of A7 Chip and as well as the rest of iOS. The secure enclave itself is a flashable 4MB processor called the secure enclave processor (SEP) as documented in Apple Patent Application 20130308838. The technology used is essentially ARM's TrustZone/SecurCore.

The SEP is located in the devicetree under IODeviceTree:/arm-io/sep and manged by the AppleSEPManager driver as seen here


The SEP has its own OS called SEP OS and there exists a tool called seputil which is used to communicate with it.

Further References