This should come in handy.
Apple has silently made changes to its A12, A13, and S5 system-on-chips to alter the Secure Enclave in Fall 2020, to include a second-generation model of the Secure Enclave.
The changes were apparently part of an update and were noted as updates to the Apple Platform Security pages spotted by Andrew Pantyukhin on Twitter. A PDF version of the guide includes a table showing the feature summaries of the Secure Enclave, with changes that occurred in fall 2020. The Secure Enclave is used to store highly sensitive details relating to security, such as Face ID or Touch ID data, instead of handing off that work to the application processor.
Per AppleInsider:
An illustration from Apple of the Secure Enclave’s role in iPhone security
In the table, the A12, A14, and S5 SoCs all have two lines instead of one, covering “Apple devices released before Fall 2020” and after that time. For all three pre-Fall 2020 lines, Apple lists the SoCs as having “Secure Storage Component Gen 1,” while the later versions have “Secure Storage Component gen 2.”
Based on the wording of the text, it seems that the change in the Secure Enclave only affects product lines released from fall 2020 onward, while existing devices using the chips continued to use the earlier variant. While it is feasible for Apple to apply the change to existing products using those chips beyond fall 2020, it seems unlikely for Apple to make such a change without first announcing it.
It appears that the iPad, HomePod Mini, and Apple Watch SE are the only devices featuring older chip designs that have updated the Secure Enclave.
Newer chips which were introduced during the fall of 2020, namely the A14 and S6 processors, all feature second-generation Secure Enclave systems. A-series chips from the A8 to A11, the S3, and the T2 are all listed as having “EEPROM” for their secure storage component.
The sole exception to these processors is the S4, which is found in the Apple Watch Series 4, and uses “Secure Storage Component get 1” without any changes to bring it to “get 2.” It’s thought that Apple may have discontinued the Apple Watch Series 4, and the no other products use the S4 processor.
In terms of what is actually different in the second-generation Secure Enclave, Apple describes it as including “counter lockboxes,” which stores a 128-bit salt, a 128-bit passcode verifier, an 8-bit counter, and an 8-bit maximum attempt value. It is likely this was introduced as a countermeasure for hardware such as GrayShift’s GrayKey or services offered by Cellebrite to unlock and extract files from iOS devices.
Back in August 2020, a group of security researchers revealed a vulnerability in the Secure Enclave processor that attacked a memory controller, allowing attackers to alter how memory was used.
Stay tuned for additional details as they become available.
Via AppleInsider, support.apple.com, @pandrewhk and MacRumors