iPhones and Macs with Touch ID or Face ID use a separate processor to handle your biometric information. It’s called the Secure Enclave, it’s basically an entire computer unto itself, and it offers a variety of security features.
The Secure Enclave boots separately from the rest of your device.
It runs its own microkernel, which is not directly accessible by your operating system or any programs running on your device. There’s 4MB of flashable storage, which is used exclusively to store 256-bit elliptic curve private keys. These keys are unique to your device, and are never synced to the cloud or even directly seen by your device’s primary operating system. Instead, the system asks the Secure Enclave to decrypt information using the keys.Why Does The Secure Enclave Exist?
The Secure Enclave makes it very difficult for hackers to decrypt sensitive information without physical access to your device. Because the Secure Enclave is a separate system, and because your primary operating system never actually sees the decryption keys, it’s incredibly difficult to decrypt your data without proper authorization.
It’s worth noting that your biometric information itself is not stored on the Secure Enclave; 4MB isn’t enough storage space for all that data. Instead, the Enclave stores encryption keys used to lock down that biometric data.
…
The post What Is Apple’s “Secure Enclave”, And How Does It Protect My iPhone or Mac? appeared first on FeedBox.