Security certifications for the Apple T2 Security Chip
Cryptographic module validation background
Apple actively engages in the validation of Apple embedded software and hardware modules for each major release of an operating system. Validation of conformance can only be performed against a final module release version; the validation is formally submitted upon the public release of the operating system.
In 2020 the CMVP adopted the international standard ISO/IEC 19790 as the basis for U.S. Federal Information Processing Standard (FIPS) 140-3.
In addition to having an Intel CPU, most Mac computers since 2017 also have a separate Apple T2 Security Chip, which is an Apple silicon-based system on chip (SoC). These Mac computers use all five cryptographic modules for various on-device services.
Corecrypto user module for Intel (used by macOS)
Corecrypto kernel module for Intel (used by macOS)
Corecrypto user module for ARM (used by the T2 chip)
Corecrypto kernel module for ARM (used by the T2 chip)
Secure Key Store Cryptographic Module (used by the embedded Secure Enclave coprocessor in the T2 chip)
Note: The Apple silicon-based modules running on the T2 chip are the same as those running on other Apple silicon, such as the Apple A series, S series, and M series.
Cryptographic module validation status
The Cryptographic Module Validation Program (CMVP) maintains the validation status of cryptographic modules under four separate lists depending on their current status:
To be listed on the CMVP Implementation Under Test List, the laboratory must be contracted with Apple to provide testing.
After the testing has been completed by the laboratory, the lab has recommended validation by the CMVP, and the CMVP fees have been paid, the module is then added to the Modules in Process (MIP) List. The MIP List tracks the progress of the CMVP validation efforts in four phases:
Review Pending: Waiting for CMVP resource to be assigned.
In Review: CMVP resources are performing their validation activities.
Coordination: The lab and the CMVP are resolving any issues found.
Finalization: The activities and formalities related to issuing the certificate.
After validation by the CMVP, the modules are awarded a certificate of conformance and added to the validated cryptographic modules list.
After 5 years or if the module certificate is revoked for some reason, the modules are moved to the “historical” list.
In 2020, the CMVP adopted the international standard ISO/IEC 19790 as the basis for FIPS 140-3.
FIPS 140-3 certifications
The table below shows the 2020 cryptographic modules that are currently being tested by the laboratory for conformance with FIPS 140-3.
Dates | Certificates / Documents | Operating systems / Module info |
|---|---|---|
OS release date: 2020 Validation dates: — | Certificates: — Documents: — | Operating systems: iOS 14, macOS 11 Big Sur, tvOS 14, watchOS 7 Name: Apple Corecrypto Module v11.1 Environment: Apple silicon, User, Software Type: Software Security level: 1 |
OS release date: 2020 Validation dates: — | Certificates: — Documents: — | Operating systems: iOS 14, macOS 11 Big Sur, tvOS 14, watchOS 7 Name: Apple Corecrypto Module v11.1 Environment: Apple silicon, Kernel, Software Type: Software Security level: 1 |
OS release date: 2020 Validation dates: — | Certificates: — Documents: — | Operating systems: iOS 14, macOS 11 Big Sur, tvOS 14, watchOS 7 Name: Apple Corecrypto Module v11.1 Environment: Apple silicon, Secure key store, Hardware, Overall Security Level 2 Type: Hardware Security level: 2 |
See a complete list of cryptographic modules at the NIST Computer Security Resource Center. You can see a list of modules currently being tested at the same website.
FIPS 140-2 certifications
The table below shows the cryptographic modules that are currently being tested and have been tested by the laboratory for conformance with FIPS 140-2.
Apple T2 Security Chip (2019) user space, kernel space, and secure key store have completed laboratory testing and have been recommended by the laboratory to the CMVP for validation. They are listed on the Modules in Process List.
Dates | Certificates / Documents | Operating systems / Module info |
|---|---|---|
OS release date: 2019 Validation dates: — | Certificates: — Documents: — | Operating systems: iOS 13, iPadOS 13, macOS 10.15 Catalina, tvOS 13, watchOS 6 Name: Apple Corecrypto Kernel Module v10.0 for ARM Type: Software Security level: 1 |
OS release date: 2019 Validation dates: — | Certificates: — Documents: — | Operating systems: iOS 13, iPadOS 13, macOS 10.15 Catalina, tvOS 13, watchOS 6 Name: Apple Corecrypto User Module v10.0 for ARM Type: Software Security level: 1 |
OS release date: 2019 Validation dates: — | Certificates: — Documents: — | Operating systems: iOS 13, iPadOS 13, macOS 10.15 Catalina, tvOS 13, watchOS 6 Name: Apple Corecrypto Secure key store Cryptographic Module v10.0 Type: Hardware Security level: 2 |
OS release date: 2018 Validation dates: 2019-04-23 | Certificates: 3438 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating systems: iOS 12, macOS 10.14 Mojave, tvOS 12, watchOS 5 Name: Apple Corecrypto User Module v9.0 for ARM Type: Software Security level: 1 |
OS release date: 2018 Validation dates: 2019-04-11 | Certificates: 3433 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating systems: iOS 12, macOS 10.14 Mojave, tvOS 12, watchOS 5 Name: Apple Corecrypto Kernel Module v9.0 for ARM Type: Software Security level: 1 |
OS release date: 2018 Validation dates: 2019-09-10 | Certificates: 3523 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating systems: iOS 12, macOS 10.14 Mojave, tvOS 12, watchOS 5 Name: Apple Secure key store Cryptographic Module v9.0 Type: Hardware Security level: 2 |
OS release date: 2017 Validation dates: 2018-03-09, 2018-05-22, 2018-07-06 | Certificates: 3148 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating systems: iOS 11, macOS 10.13 High Sierra, tvOS 11, watchOS 4 Name: Apple Corecrypto User Module v8.0 for ARM Type: Software Security level: 1 |
OS release date: 2017 Validation dates: 2018-03-09, 2018-05-17, 2018-07-03 | Certificates: 3147 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating systems: iOS 11, macOS 10.13 High Sierra, tvOS 11, watchOS 4 Name: Apple Corecrypto Kernel Module v8.0 for ARM Type: Software Security level: 1 |
OS release date: 2017 Validation dates: 2018-07-10 | Certificates: 3223 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating systems: iOS 11, macOS 10.13 High Sierra, tvOS 11, watchOS 4 Name: Apple Secure key store Cryptographic Module v1.0 Type: Hardware Security level: 1 |
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.