Apple Made Sudden Security Changes to its Chips in Fall 2020

by

Apple made unusual mid-production hardware changes to the A12, A13, and S5 processors in its devices in the fall of 2020 to update the Secure Storage Component, according to Apple Support documents.

a13 bionic mockup
According to an Apple Support page, spotted by Twitter user Andrew Pantyukhin, Apple changed the Secure Enclave in a number of products in the fall of 2020:

Note: A12, A13, S4, and S5 products first released in Fall 2020 have a 2nd-generation Secure Storage Component; while earlier products based on these SoCs have 1st-generation Secure Storage Component.

The Secure Enclave is a coprocessor that is used for data protection and authentication with Touch ID and Face ID. The purpose of the Secure Enclave is to handle keys and other information, such as biometrics, that are sensitive enough to not be handled by the Application Processor. This data is stored in a Secure Storage Component inside the Secure Enclave, which is the specific part that Apple changed last year.

The explanation in Apple's support document suggests, at minimum, that the eighth-generation entry-level iPad, Apple Watch SE, and HomePod mini have different Secure Enclaves compared to older devices with the same chip.

However, there are a number of discrepancies in Apple's support document. Despite Apple explaining that A13 products "first released in Fall 2020 have a 2nd-generation Secure Storage Component," there was no device with an A13 chip "first released in Fall 2020." The last device to be released with an A13 chip was the iPhone SE in February 2020.

If the change was, in fact, made to all newly-manufactured devices with these chips, the affected devices would include the iPhone XR, iPhone 11, ‌iPhone SE‌, and fifth-generation iPad mini, as well as the newly-released eighth-generation ‌iPad‌, ‌Apple Watch SE‌, and ‌HomePod mini‌.

a12 a13 s5 secure enclave change
To make matters more confusing, the table listing the multiple versions of the Secure Enclave's storage component in the feature summary omits the S4 chip with a second-generation Secure Storage Component, despite the rubric claiming that such a chip exists. The Apple Watch Series 4 was the only device to contain an S4 chip, and this device was discontinued in September 2019, long before the second-generation Secure Storage Component was implemented in the fall of 2020. It is possible that part of this lack of clarity relates to the fact that the A12 and S4 chips introduced the first-generation Secure Storage Component.

New devices containing the A14 or S6 chip, such as the iPhone 12, iPhone 12 Pro, fourth-generation iPad Air, and Apple Watch Series 6, also have the updated Secure Enclave.

Although the change took place in the fall of 2020, the support document detailing the alteration was published in February 2021. The full PDF version of Apple's Platform Security Guide reveals the difference between the first and second-generation Secure Storage Component:

The 2nd-generation Secure Storage Component adds counter lockboxes. Each counter lockbox stores a 128-bit salt, a 128-bit passcode verifier, an 8-bit counter, and an 8-bit maximum attempt value. Access to the counter lockboxes is through an encrypted and authenticated protocol.

Counter lockboxes hold the entropy needed to unlock passcode-protected user data. To access the user data, the paired Secure Enclave must derive the correct passcode entropy value from the user's passcode and the Secure Enclave's UID. The user's passcode can't be learned using unlock attempts sent from a source other than the paired Secure Enclave. If the passcode attempt limit is exceeded (for example, 10 attempts on iPhone), the passcode-protected data is erased completely by the Secure Storage Component.

This appears to be a countermeasure against password-cracking devices, such as GrayKey, which attempt to break into iPhones by guessing the passcode an infinite number of times, using exploits that allow for infinite incorrect password attempts.

The change appears to have been significant enough for Apple to justify an entire "second-generation" version of the Secure Enclave's storage. It is certainly unusual for Apple to change a component in its chips mid-way through production, but Apple likely deemed the security upgrade important enough to roll it out to all relevant new devices from the fall onwards, rather than just devices with the latest A14 and S6 chips.

Related Roundups: iPad mini, iPhone SE 2020, iPad, iPhone XR, iPhone 11, Apple Watch SE, HomePod mini
Tag: security
Buyer's Guide: iPad Mini (Buy Now), iPhone SE (Don't Buy), iPad (Buy Now), Apple Watch SE (Neutral), HomePod Mini (Buy Now)
Related Forums: iPad, iPhone, Apple Watch, HomePod, HomeKit, CarPlay, Home & Auto Technology

Top Rated Comments

mtneer Avatar
mtneer
23 weeks ago
I wonder if this was in response to a major hardware security breach? Does that mean that devices released before the patch are now vulnerable?
Score: 18 Votes (Like | Disagree)
Serban55 Avatar
Serban55
23 weeks ago
Thank you Apple
Score: 14 Votes (Like | Disagree)
mtneer Avatar
mtneer
23 weeks ago

everything old become vulnerable.
The article says that the cutoff is "Fall 2020".. that's 6 months ago. We aren't talking about age-old vintage devices here..
Score: 8 Votes (Like | Disagree)
Realityck Avatar
Realityck
23 weeks ago
I’m glad Apple is very proactive with hardware based security improvements.
Score: 6 Votes (Like | Disagree)
WoodpeckerBaby Avatar
WoodpeckerBaby
23 weeks ago

He’s too busy saving $0.05 per iPhone by not including the charger until the guise of “saving the planet!”.
It’s more like $5 per charger, which isn’t insignificant.
Score: 6 Votes (Like | Disagree)
Serban55 Avatar
Serban55
23 weeks ago

I wonder if this was in response to a major hardware security breach? Does that mean that devices released before the patch are now vulnerable?
everything old become vulnerable.
Score: 3 Votes (Like | Disagree)
Read All Comments

Top Stories

7

Apple Seeds RC Version of watchOS 7.4 to Developers

Tuesday April 20, 2021 11:05 am PDT by
Apple today seeded the RC version of an upcoming watchOS 7.4 update to developers for testing purposes, with the new beta coming two weeks release of the seventh beta and over two months after the launch of watchOS 7.3 with "Time to Walk" functionality, expanded ECG availability, and a new Unity watch face. To install the ‌watchOS 7.4 beta, developers need to download the proper...
Read Full Article6 comments
apple show time event banner

Apple Files M1 Macs in Bluetooth Database Alongside Mystery 'B2002' Product

Thursday February 11, 2021 8:49 am PST by
In late October, Apple filed an unspecified product in the Bluetooth SIG database with a "B2002" name, "Personal Computer" category, and "TBD" model number, and now the company has filed its trio of Macs with the M1 chip under the same entry. The latest MacBook Air, 13-inch MacBook Pro, and Mac mini with the M1 chip were added to the listing on February 10, 2021. While these additions to...
Read Full Article65 comments
applesupplierreport

Apple Implements Tougher Security Guidelines at Factories to Prevent Leaks

Wednesday March 24, 2021 6:38 am PDT by
Apple recently updated its security guidelines for its manufacturing partners, implementing tougher measures at factories to prevent leaks, according to an internal document obtained by The Information's Wayne Ma. Among the changes mentioned in the report: Apple's manufacturing partners can no longer collect biometric data such as fingerprints or facial scans of Apple employees who visit...
Read Full Article104 comments
Facebook Feature

Facebook for iOS and Android Gains Hardware Security Key Support

Thursday March 18, 2021 7:44 am PDT by
Facebook has announced that starting today, users on iOS and Android will have the ability to log into their account with a hardware security key, bringing a more than three-year-old feature for the desktop to mobile devices. Since 2017, Facebook has allowed users to use a hardware security key to access their accounts on desktops. Mobile users, however, have remained limited to protecting ...
Read Full Article28 comments
7

Apple Seeds Seventh Beta of watchOS 7.4 to Developers

Wednesday April 7, 2021 10:03 am PDT by
Apple today seeded the seventh beta of an upcoming watchOS 7.4 update to developers for testing purposes, with the new beta coming one week release of the sixth beta and over two months after the launch of watchOS 7.3 with "Time to Walk" functionality, expanded ECG availability, and a new Unity watch face. To install the ‌watchOS 7.4 beta, developers need to download the proper...
Read Full Article13 comments
face id scan

Apple Making Face ID Sensor Chip Smaller on Upcoming iPhones and iPads

Friday May 14, 2021 4:00 am PDT by
Apple is intending to use a significantly smaller Face ID sensor chip in iPhones and iPads from late this year onwards, according to DigiTimes. Apple has reportedly chosen to scale down the die size of the VCSEL chips used in Face ID's scanner. The move will help Apple cut production costs since more chips can be produced on one wafer, reducing total wafer output. The redesigned VCSEL...
Read Full Article43 comments
ios 15

iOS 15 Compatible With All iPhones That Run iOS 14

Monday June 7, 2021 11:58 am PDT by
Apple's new iOS 15 operating system is compatible with all of the iPhones that are able to run iOS 14, including the original iPhone SE, the iPhone 6s, and the iPhone 6s Plus. Apple's list of compatible devices confirms that ‌iOS 15 works with all of these iPhones: All iPhone 12 models All iPhone 11 models iPhone XS iPhone XS Max iPhone XR iPhone X iPhone 8 iPhone 8 ...
Read Full Article198 comments
homekit secure video package

HomeKit Secure Video Cameras Can Notify You When a Package Has Arrived Starting With iOS 15

Monday June 7, 2021 4:09 pm PDT by
Starting with iOS 15 and iPadOS 15, which will be publicly released in the fall, security cameras and video doorbells that support HomeKit Secure Video can now detect and notify you when a package has been delivered. HomeKit Secure Video, available on iOS 13.2 and later, leverages iCloud to securely stream and store video clips from compatible HomeKit-enabled indoor and outdoor cameras and...
Read Full Article55 comments
7

Apple Seeds Fifth Beta of watchOS 7.4 to Developers

Tuesday March 23, 2021 10:08 am PDT by
Apple today seeded the fifth beta of an upcoming watchOS 7.4 update to developers for testing purposes, with the new beta coming one week release of the fourth beta and over a month after the launch of watchOS 7.3 with "Time to Walk" functionality, expanded ECG availability, and a new Unity watch face. To install the ‌watchOS 7.4 beta, developers need to download the proper configuration...
Read Full Article23 comments
m2 feature

Apple Silicon M2 Chip Coming to Wave of New Macs

Monday May 24, 2021 2:27 am PDT by
Apple's more powerful "M2" chip is set to come to a wave of new Macs, bringing significant performance and efficiency improvements to a range of new models, according to recent reports. Bloomberg's Mark Gurman previously said that Apple is working on higher-end Apple silicon chips that are expected to "significantly outpace" the performance of the latest Macs that still contain Intel chips,...
Read Full Article