iPhones and Macs with Touch ID or Face ID use a separate processor to handle your biometric information. It’s called the Secure Enclave, it’s basically an entire computer unto itself, and it offers a variety of security features.
The Secure Enclave boots separately from the rest of your device. It runs its own microkernel, which is not directly accessible by your operating system or any programs running on your device. There’s 4MB of flashable storage, which is used exclusively to store 256-bit elliptic curve private keys. These keys are unique to your device, and are never synced to the cloud or even directly seen by your device’s primary operating system. Instead, the system asks the Secure Enclave to decrypt information using the keys.
Why Does The Secure Enclave Exist?
The Secure Enclave makes it very difficult for hackers to decrypt sensitive information without physical access to your device. Because the Secure Enclave is a separate system, and because your primary operating system never actually sees the decryption keys, it’s incredibly difficult to decrypt your data without proper authorization.
It’s worth noting that your biometric information itself is not stored on the Secure Enclave; 4MB isn’t enough storage space for all that data. Instead, the Enclave stores encryption keys used to lock down that biometric data.
Third party programs can also create and store keys in the enclave to lock down data but the apps never have access to the keys themselves. Instead, apps make requests for the Secure Enclave to encrypt and decrypt data. This means any information encrypted using the Enclave is incredibly difficult to decrypt on any other device.
To quote Apple’s documentation for developers:
When you store a private key in the Secure Enclave, you never actually handle the key, making it difficult for the key to become compromised. Instead, you instruct the Secure Enclave to create the key, securely store it, and perform operations with it. You receive only the output of these operations, such as encrypted data or a cryptographic signature verification outcome.
It’s also worth noting that the Secure Enclave cannot import keys from other devices: it’s designed exclusively to create and use keys locally. This makes it very difficult to decrypt information on any device but the one on which it was created.
Wait, Wasn’t The Secure Enclave Hacked?
The Secure Enclave is an elaborate setup, and makes life very difficult for hackers. But there’s no such thing as perfect security, and it’s reasonable to assume someone will compromise all of this eventually.
In the summer of 2017, enthusiastic hackers revealed that they’d managed to decrypt the firmware of the Secure Enclave, potentially giving them insight into how the enclave works. We’re sure Apple would prefer this leak hadn’t happened, but it’s worth noting that hackers have not yet found a way to retrieve the encryption keys stored on the enclave: they’ve only decrypted the firmware itself.
Clean Out the Enclave Before Selling Your Mac
Keys in the Secure Enclave on your iPhone are wiped when you perform a factory reset. In theory they should also be cleared out when you reinstall macOS, but Apple recommends you clear the Secure Enclave on your Mac if you used anything but the official macOS installer.