Security certifications for SEP: Secure Key Store

This article contains references for key product certifications, cryptographic validations, and security guidance for the Secure Enclave Processor (SEP): Secure Key Store.

In addition to the general certificates listed here, other certificates may have been issued in order to demonstrate specific security requirements for some markets. 

Contact us at security-certifications@apple.com if you have any questions.

Secure Enclave Processor

The Secure Enclave Processor is a coprocessor fabricated within the system on chip (SoC). It uses encrypted memory and includes a hardware random-number generator. The Secure Enclave provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised. Communication between the Secure Enclave and the application processor is isolated to an interrupt-driven mailbox and shared memory data buffers.

The Secure Enclave Processor includes a dedicated Secure Enclave Boot ROM. Similar to the application processor Boot ROM, the Secure Enclave Boot ROM is immutable code that establishes the hardware root of trust for the Secure Enclave.

The Secure Enclave Processor runs a Secure Enclave OS based on an Apple-customized version of the L4 microkernel. This Secure Enclave OS is signed by Apple, verified by the Secure Enclave Boot ROM, and updated through a personalized software update process.

An example of some built-in services that utilize the hardware protected Secure Key Store:

  • Unlock of device or account (Password & Biometric)
  • Hardware Encryption / Data Protection / FileVault (Data-at-Rest)
  • Secure Boot (Firmware and OS Trust and Integrity)
  • Hardware control of camera (FaceTime)

The following documents can be useful in context with these certifications and validations:

For information on public certifications related to Apple Internet Services, see:

For information on public certifications related to Apple applications, see:

For information on public certifications related to Apple operating systems, see:

For information on public certifications related to hardware and associated firmware components, see:

Cryptographic module validations

All Apple FIPS 140-2/-3 Conformance Validation Certificates are on the CMVP web site. Apple actively engages in the validation of the CoreCrypto User and CoreCrypto Kernel modules for each major release of the operating systems. Validation can only be performed against a final module release version and formally submitted upon OS public release. Information about these validations are found on the relevant operating system page.

The Hardware Cryptographic Module — Apple SEP Secure Key Store Cryptographic Module — comes embedded in the Apple System-On-Chip (SoC) A for iPhone and iPad, S for the Apple Watch Series, and T for the T Security Chip found in Mac systems starting with iMac Pro introduced in 2017.

Apple will pursue FIPS 140-2/-3 Security Level 3 for the SEP Secure Key Store Cryptographic Module used by future operating system releases and devices. 

In 2019 Apple has validated the hardware module against the FIPS 140-2 Security Level 2 requirements and updated the module version identifier to v9.0 in order to synch with the versions of the corresponding CoreCrypto User and CoreCrypto Kernel modules validations. In 2019: iOS 12, tvOS 12, watchOS 5, and macOS Mojave 10.14.

In 2018, synchronized with the validation of the software cryptographic modules with the operating systems released in 2017: iOS 11, tvOS 11, watchOS 4, and macOS Sierra 10.13,  The SEP hardware cryptographic module identified as the Apple SEP Secure Key Store Cryptographic Module v1.0 was initially validated against FIPS 140-2 Security Level 1 requirements.

All Apple FIPS 140-2/-3 Conformance Validation Certificates are on the CMVP web site. Apple actively engages in the validation of the CoreCrypto User and CoreCrypto Kernel modules for each major release of an operating system. Validation of conformance can only be performed against a final module release version and formally submitted upon OS public release. 

The CMVP maintains the validation status of cryptographic modules under four separate lists depending on their current status. The modules may begin in the Implementation Under Test List and then proceed to the Modules in Process List. Once validated they appear on the validated cryptographic modules list, and after five years are moved to the "historical" list.

In 2020 the CMVP adopt the international standard, ISO/IEC 19790, as the basis for FIPS 140-3.

For more information about FIPS 140-2/-3 validations, see Apple Platform Security.

Corresponding Platform/OS CMVP Certificate Number Module Name Module Type SL Validation Date Documents
Please check the Implementation Under Test List and the Modules in Process List for modules currently being tested/validated.
iOS 12

tvOS12

watchOS 5

macOS Mojave 10.14
3523 Apple Secure Key Store Cryptographic Module v9.0
(sepOS)
HW 2 2019-09-10
OS 11

tvOS 11

watchOS 4

macOS High Sierra 10.13
3223 Apple Secure Key Store Cryptographic Module v1.0
(sepOS)
HW 1 2018-07-10

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: