Secure Enclave


According to Apple; "Touch ID doesn't store any images of your fingerprint. Touch ID stores only a mathematical representation of your fingerprint.

Secure Enclave runs SEPOS (Secure Enclave'S Operating System which is in Firmware.[2]

It isn't possible for someone to reverse engineer your actual fingerprint image from this mathematical representation.

The chip in your device also includes an advanced security architecture called the Secure Enclave which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of the chip and the rest of iOS. Therefore, iOS and other apps never access your fingerprint data. fingerprint data is never stored on Apple servers, and it's never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can't be used to match against other fingerprint databases."[2]

Secure Enclave has Dedicated I/O lines to:

Secure Enclave uses AES to encrypt External RAM Segment encryption configured in bootrom

Secure Enclave may be considered a Roots of Trust

What is Secure Enclave?#

Our conclusion, based on this and other readings, is that the Secure Enclave is probably enforced by ARM's TrustZone technology. ARM's TrustZone is based on the Trusted Execution Environment or TEE and is considered a Secure Element by GlobalPlatform

From most perspectives, Secure Enclave is a Secure Element

More Information#

There might be more information for this subject on one of the following: