Secure intent and connections to the Secure Enclave
Secure intent provides a way to confirm a user’s intent without any interaction with the operating system or Application Processor. The connection is a physical link—from a physical button to the Secure Enclave—that’s available in the following:
All iPhone models starting with iPhone X or later
All iPad models starting with iPad Air (4th generation) or later
All Mac computers with Apple silicon
All Apple Watch models starting with Apple Watch series 1 or later
Apple Vision Pro
With this link, users can confirm their intent to complete an operation in a way designed such that even software running with root privileges or in the kernel can’t spoof.
This feature is used to confirm user intent during Apple Pay transactions and when finalizing pairing Magic Keyboard with Touch ID to a Mac with Apple silicon. A double-press on the following buttons—when prompted by the user interface—signals confirmation of user intent:
The top button on Apple Vision Pro (for Optic ID)
The side button on an iPhone or iPad (for Face ID)
A fingerprint scan (for devices with Touch ID)
A similar mechanism—based on the Secure Enclave and T2 firmware—is supported on MacBook models with the Apple T2 Security Chip and no Touch Bar.