Apple T2 Security Chip security certifications
Cryptographic module validation background
Apple actively engages in the provision of security assurance for Apple embedded software and hardware cryptographic modules for each major release of an operating system using FIPS 140-3 requirements.
Validation of conformance can be performed only against a final released version of a cryptographic module.
In 2020 the CMVP adopted the international standard ISO/IEC 19790 as the basis for U.S. Federal Information Processing Standard (FIPS) 140-3.
In addition to having an Intel CPU, most Mac computers since 2017 also have a separate Apple T2 Security Chip, which is an ARM-based system on chip (SoC). These Mac computers with a T2 chip use all five cryptographic modules for various on-device services.
Corecrypto User Module for Intel (used by macOS on Intel-based Mac computers)
Corecrypto Kernel Module for Intel (used by macOS on Intel-based Mac computers)
Corecrypto User Module for ARM (used by the T2 chip)
Corecrypto Kernel Module for ARM (used by the T2 chip)
Secure Key Store Cryptographic Module (used by the embedded Secure Enclave coprocessor in the T2 chip)
Note: The ARM-based modules used on the T2 chip are the same as those used on other ARM SoCs, such as the Apple A series, S series, and M series.
Cryptographic module validation status
The Cryptographic Module Validation Program (CMVP) maintains the validation status of cryptographic modules under three separate lists depending on their current status.
For more information, see Cryptographic module validation status information.
FIPS 140-3 certifications
Summary of current certification status
T2 corecrypto modules version 12 for user space, kernel space, and secure key store are undergoing laboratory testing. They are listed on the Implementation Under Test List and, when testing is complete, on the Modules in Process List.
T2 corecrypto modules version 11 for user space, kernel space, and secure key store have completed laboratory testing and have been recommended by the laboratory to the CMVP for validation. They are listed on the Modules in Process List.
The table below shows the Apple cryptographic modules that are currently being tested by a laboratory, that have been recommended by a laboratory for validation by the CMVP, or that have been validated and certified as conformant to FIPS 140-3 by the CMVP.
Dates | Certificates / Documents | Module info |
---|---|---|
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13.0 Operating system: sepOS for macOS 13 Ventura Environment: ARM, User, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13.0 Operating system: sepOS for macOS 13 Ventura Environment: ARM, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13.0 Operating system: sepOS for macOS 13 Ventura Environment: ARM, Secure Key Store, Hardware Type: Hardware (T2) Security Level: 2 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12.0 Operating system: sepOS for macOS 12 Monterey Environment: ARM, User, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12.0 Operating system: sepOS for macOS 12 Monterey Environment: ARM, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12.0 Operating system: sepOS for macOS 12 Monterey Environment: ARM, Secure Key Store, Hardware Type: Hardware (T2) Security Level: 2 |
Operating system release date: 2020 Validation dates: — | Certificates: 4391 Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: sepOS for macOS 11 Big Sur Environment: ARM, User, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: — | Certificates: 4392 Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: sepOS for macOS 11 Big Sur Environment: ARM, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: sepOS for macOS 11 Big Sur on Intel Environment: ARM, Secure Key Store, Hardware Type: Hardware (T2) Security Level: 2 |
FIPS 140-2 certifications
The table below shows the cryptographic modules that certified by the CMVP as conformant with FIPS 140-2.
Dates | Certificates / Documents | Module info |
---|---|---|
Operating system release date: 2019 Validation dates: 2021-03-23 | Certificates: 3856 Apple documents: | Title: Apple Corecrypto User Module v10.0 for ARM Operating system: sepOS for macOS 10.15 Catalina Type: Software Security Level: 1 |
Operating system release date: 2019 Validation dates: 2021-03-23 | Certificates: 3855 Apple documents: | Title: Apple Corecrypto Kernel Module v10.0 for ARM Operating system: sepOS for macOS 10.15 Catalina Type: Software Security Level: 1 |
Operating system release date: 2019 Validation dates: 2021-02-05 | Certificates: 3811 Apple documents: | Title: Apple Corecrypto Secure Key Store Cryptographic Module v10.0 Operating system: sepOS for macOS 10.15 Catalina Type: Hardware Security Level: 2 |
Operating system release date: 2018 Validation dates: 2019-04-23 | Certificates: 3438 Apple documents: | Title: Apple Corecrypto User Module v9.0 for ARM Operating system: sepOS for macOS 10.14 Mojave Type: Software Security Level: 1 |
Previous versions
These T2 processor versions previously had cryptographic module validations. Those more than 5 years old are listed by the CMVP with historical status:
2018 in corecrypto modules v9.0
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.