Secure Enclave Processor security certifications
Secure Enclave certification background
Apple actively engages in the provision of security assurance of the cryptographic modules for the corecrypto User, corecrypto Kernel and the Secure Key Store cryptographic modules for each major release of an operating system using FIPS 140-3 requirements.
Validation of conformance can be performed only against a final released version of a cryptographic module.
The Hardware Cryptographic Module—Apple SEP Secure Key Store Cryptographic Module—comes embedded in the Apple SOC that’s in the following products: the Apple A series for iPhone and iPad, the M series for iPad and Mac computers with Apple silicon, the S series for the Apple Watch, and the T series security chip found in Mac Intel-based computers, starting with the iMac Pro introduced in 2017.
In 2018, Apple synced with the validation of the software cryptographic modules with the operating systems released in 2017: iOS 11, macOS 10.13, tvOS 11, and watchOS 4. The SEP hardware cryptographic module identified as the Apple SEP Secure Key Store Cryptographic Module v1.0 was initially validated against FIPS 140-2 Security Level 1 requirements.
In 2019, Apple validated the hardware module against the FIPS 140-2 Security Level 2 requirements and updated the module version identifier to v9.0 to sync with the versions of the corresponding corecrypto User and corecrypto Kernel module validations. In 2019, this included iOS 12, macOS 10.14, tvOS 12, and watchOS 5.
Since 2020, Apple has been testing validations for conformance with FIPS 140-3, along with additional assurance for Security Level 3 of the physical security requirements for the M family, the A family SoCs A13 or later, and the S family SoCs S6 or later.
Cryptographic module validation status
The Cryptographic Module Validation Program (CMVP) maintains the validation status of cryptographic modules under three separate lists depending on their current status.
For more information, see Cryptographic module validation status information.
FIPS 140-3 certifications
Summary of current certification status
Secure Key Stores associated with 2022 operating system releases are undergoing laboratory testing. They are listed on the Modules in Process List and, when testing is complete, on the validated cryptographic modules list.
Secure Key Stores associated with 2021 operating system releases are undergoing laboratory testing. They are listed on the Modules in Process List and, when testing is complete, on the validated cryptographic modules list.
Secure Key Stores associated with 2020 operating system releases have completed laboratory testing and have been recommended by the laboratory to the CMVP for validation. They are listed on the Modules in Process List.
The table below shows the Apple cryptographic modules that are currently being tested by a laboratory, that have been recommended by a laboratory for validation by the CMVP, or that have been validated and certified as conformant to FIPS 140-3 by the CMVP.
Dates | Certificates / Documents | Module info |
---|---|---|
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13 Operating system: sepOS distributed with iOS 16, iPadOS 16, macOS 13 Ventura, and tvOS 16 Environment: ARM/Apple silicon, Secure Key Store, Hardware (A13-A16, M1, M1 Pro, M1 Max, M1 Ultra, M2 M2 Pro, M2 Max) Type: Hardware Overall Security Level: 2 Physical Security Level: 3 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13 Operating system: sepOS distributed with iOS 16, iPadOS 16, macOS 13 Ventura, tvOS 16, and watchOS 9 Environment: ARM, Secure Key Store, Hardware A9-A12, T2, S4-S8) Type: Hardware Overall Security Level: 2 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12 Operating system: sepOS distributed with iOS 15, iPadOS 15, macOS 12 Monterey, tvOS 15, and watchOS 8 Environment: ARM/Apple silicon, Secure Key Store, Hardware (A13-A15, M1, M1 Pro, M1 Max) Type: Hardware Overall Security Level: 2 Physical Security Level: 3 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12 Operating system: sepOS distributed with iOS 15, iPadOS 15, macOS 12 Monterey, tvOS 15, and watchOS 8 Environment: Apple silicon, Secure Key Store, Hardware Type: Hardware (A9-A15, T2, S3-S7) Overall Security Level: 2 |
Operating system release date: 2020 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: sepOS distributed with iOS 14, iPadOS 14, macOS 11 Big Sur, tvOS 14, and watchOS 7 Environment: ARM/Apple silicon, Secure Key Store, Hardware Type: Hardware (A13, A14, M1) Overall Security Level: 2 Physical Security Level: 3 |
Operating system release date: 2020 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: sepOS distributed with iOS 14, iPadOS 14, macOS 11 Big Sur, tvOS 14, and watchOS 7 Environment: ARM, Secure Key Store, Hardware Type: Hardware (A9-A12, T2, M1, S3-S6) Overall Security Level: 2 |
FIPS 140-2 certifications
The table below shows the cryptographic modules that have been tested by the laboratory for conformance with FIPS 140-2.
Dates | Certificates / Documents | Module info |
---|---|---|
Operating system release date: 2019 Validation dates: 2021-02-05 | Certificates: 3811 Apple documents: | Title: Apple Secure Key Store Cryptographic Module v10.0 Operating system: sepOS for macOS 10.15 Catalina Type: Hardware Security Level: 2 |
Previous versions
These Secure Enclave processor versions previously had cryptographic module validations. Those more than 5 years old are listed by the CMVP with historical status:
2018 in SEP (corecrypto modules v9.0) - FIPS 140-2
2017 in SEP (corecrypto modules v8.0) - FIPS 140-2
Common Criteria (CC) certifications
Apple actively engages in Common Criteria evaluations where suitable Protection Profiles cover the security functionality of Apple technology.
Common Criteria (CC) certification status
The U.S. scheme, operated by the National Information Assurance Project (NIAP), maintains a list of Products in Evaluation; this list includes products that are currently undergoing evaluation in the United States with a NIAP-approved Common Criteria Testing Laboratory (CCTL) and that have completed an Evaluation Kickoff Meeting (or equivalent) in which CCEVS management officially accepts the product into evaluation.
For more information, see Common Criteria (CC) certification status information.
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.