Secure software requires a foundation of security built into hardware. That’s why Apple® devices—running iOS®, iPadOS®, macOS®, tvOS®, or watchOS®—have security capabilities designed into silicon.
These include custom CPU capabilities that power system security features and silicon dedicated to security functions. The most critical component is the Secure Enclave coprocessor in modern iOS, iPadOS, watchOS, and tvOS devices and in all Mac computers with the Apple T2 Security Chip. The Secure Enclave provides the foundation for encrypting data at rest, secure boot in macOS, and biometrics.
All modern iPhone®, iPad®, and Mac® computers with a T2 chip include a dedicated AES hardware engine to power line-speed encryption as files are written or read. This ensures that Data Protection and FileVault protect users’ files without exposing long-lived encryption keys to the CPU or operating system.
Secure boot of Apple devices ensures that the lowest levels of software aren’t tampered with and that only trusted operating system software from Apple loads at startup. In iOS and iPadOS devices, security begins in immutable code called the Boot ROM, which is laid down during chip fabrication and known as the hardware root of trust. On Mac® computers with a T2 chip, trust for secure boot begins with the Secure Enclave itself.
The Secure Enclave enables Touch ID and Face ID in Apple devices to provide secure authentication while keeping user biometric data private and secure. This enables users to enjoy the security of longer and more complex passcodes and passwords with, in many situations, the convenience of quickly authenticating.
Back to Apple for Business's Index
Apple, the Apple logo, iPad, iPhone, Mac, iPadOS, tvOS, watchOS and macOS are trademarks of Apple Inc., registered in the U.S. and other countries. IOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license.