I know. I conflated HSM and Secure Enclave incorrectly.
I agree Apple does well in the security arena, but they should do more to prevent software updates without erasing the device if the security key is not available.
Also, the article stated this:
“In short: Apple has designed a key vault that even they can’t be forced to open. Only customers can get their own keys.”
That was the part I was arguing with. Apple can get the keys if they were compelled to.
If Apple has access to the data, the government can compel them to turn it over. The whole point of this setup is that Apple doesn't have access to the data, because they can't get the keys, and they can't reconfigure the HSM to give it to them.
Now yes, they could in theory change iOS and push out an update to everyone that breaks the security model. But the government¹ can't compel them to do that. The government cannot compel them to materially change their product and break one of the major advertised features of the device.
¹I'm assuming US government here. The rules would be different in China, but I guess China knows that even they can't compel Apple to break the security model of the device in this way, Apple would rather leave China than do it.
I agree Apple does well in the security arena, but they should do more to prevent software updates without erasing the device if the security key is not available.