

iOS Security [pdf] - IBM
http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf

======
comex
This is new (emphasis added):

\--

To recover a keychain, the user must authenticate with their iCloud account
and password and respond to an SMS sent to their registered phone number. Once
this is done, the user must enter their iCloud Security Code. The HSM cluster
verifies that the user knows their iCloud Security Code using Secure Remote
Password protocol (SRP); the code itself is not sent to Apple. Each member of
the cluster independently verifies that the user has not exceeded the maximum
number of attempts that are allowed to retrieve their record, as discussed
below. If a majority agree, the cluster unwraps the escrow record and sends it
to the user’s device.

Next, the device uses the iCloud Security Code to unwrap the random key used
to encrypt the user’s keychain. With that key, the keychain—retrieved from
iCloud key value storage—is decrypted and restored onto the device. Only 10
attempts to authen- ticate and retrieve an escrow record are allowed. After
several failed attempts, the record is locked and the user must call Apple
Support to be granted more attempts. After the 10th failed attempt, the HSM
cluster destroys the escrow record and the keychain is lost forever. This
provides protection against a brute-force attempt to retrieve the record, at
the expense of sacrificing the keychain data in response.

These policies are coded in the HSM firmware. _The administrative access cards
that permit the firmware to be changed have been destroyed._ Any attempt to
alter the firmware or access the private key will cause the HSM cluster to
delete the private key. Should this occur, the owners of all keychains
protected by the cluster will receive a message informing them that their
escrow record has been lost. They can then choose to re-enroll.

