An Apple Support document has revealed that Apple made a very rare change to the production of its A12 and S5 processors last fall. According to the company, Apple upgraded the Secure Enclave in those processors to a second-generation version of the Storage component during the fall of 2020.
For those unfamiliar, the Secure Enclave is a security coprocessor included with almost every Apple device to provide an extra layer of security. All data stored on iPhone, iPad, Mac, Apple Watch, and other Apple devices is encrypted with random private keys, which are only accessible by the Secure Enclave. The Secure Enclave is also responsible for storing the keys that manage sensitive data such as passwords, Apple Pay, and Touch ID/Face ID.
Apple’s specific change here refers to the Secure Storage Component, which is where that data is stored within Apple’s Secure Enclave.
The change in question was first spotted by Andrew Pantyukhin on Twitter. The support document cited appears to have been last updated in February, but the change has flown under the radar until now. Apple says:
This seemingly means that the following products are equipped with the second-generation Secure Enclave, despite not featuring the newest A14 and S6 processors:
Note: A12, A13, S4, and S5 products first released in Fall 2020 have a 2nd-generation Secure Storage Component; while earlier products based on these SoCs have 1st-generation Secure Storage Component.
- HomePod mini – S5 processor and 2nd-generation Secure Storage Component
- Apple Watch SE – S5 processor and 2nd-generation Secure Storage Component
- iPad (8th generation) – A12 processor and 2nd-generation Secure Storage Component
There are a few issues with Apple’s wording on this support document, though. For instance there was no device with the A13 processor inside that was “first released in Fall 2020.” There was also no device with the S4 processor that was “first released in Fall 2020.” In fact, the Apple Watch Series 4 was the only device to feature the S4 processor, and it was discontinued before the Secure Storage Component was upgraded to the second-generation.
Apple’s support document implies that products released before Fall 2020 with these chips, even if they are still being sold by Apple, still use the first-generation Secure Storage Component. This includes the iPhone XR and iPad mini 5, both powered by the A12, and the iPhone SE and iPhone 11, powered by the A13.
Devices first released in Fall 2020 or later are equipped with a 2nd-generation Secure Storage Component. The 2nd-generation Secure Storage Component adds counter lockboxes. Each counter lockbox stores a 128-bit salt, a 128-bit passcode verifier, an 8-bit counter, and an 8-bit maximum attempt value. Access to the counter lockboxes is through an encrypted and authenticated protocol.
It does not appear that Apple has shifted those products to the new Secure Storage Component, even if they are newly-manufactured. It’s also unclear how many units of those devices Apple is still manufacturing, versus selling supply that it had already made.
Apple’s support document here is rather confusing, but what does make sense is that the HomePod mini, Apple Watch SE, and iPad 8, despite their using older Apple processors, still get the latest Secure Enclave technology.