Each device has a unique 256-bit AES key called the "UID", and a programmable "device group ID" called the "GID".
The UID is "fused" and the GID "compiled" into the Application Processor and Secure Enclave during manufacturing, but no software or firmware can access them. The firmware can only see results of encryption and decryption, and the keys are accessible only to the AES engine's silicon. They are not available via JTAG or other debugging interfaces.
On some later chips the Secure Enclave generates the UID itself.
Apart from the UID and GID, the Secure Enclave can also generate new keys using a RNG. See also: Krypton.
(see page 12)
Passcodes are "entangled" with the device's UID, so brute-force attempts must be done using the Secure Enclave (or with an electron microscope?).
Each attempt has an iteration count calibrated for 80ms, which would mean an average of ~11 hours to brute force a 6-digit pin.
iOS also has longer delays for multiple attempts; 1 minute after 5 attempts, 5 minutes after 6, 15 minutes from 7-8, and 1 hour for each attempt after 9. The paper later mentions that devices with the Secure Enclave will enforce the longer delays, including after reboots, but this doesn't seem to to be the case for GrayKey.
(see page 15)
GrayKey claims to crack an iPhone (with 4-digit pincode?) in around ~2 hours, but more than 3 days for 6-digit pincodes. Which might work out to ~1s per guess?.
If you use a alphanumeric passcode, or a custom numeric code, you likely don't have to worry about these unlockers.
A random 10-digit pin will take an average of 12 years 6 months to crack.
 6-digit pin, 80ms/guess: 1e6 * 80 / 1000 / 60 / 60 / 2 = 11h 7m
 4-digit pin, 1s/guess: 1e4 * 1000 / 1000 / 60 / 60 / 2 = 1h 23m
 6-digit pin, 1s/guess: 1e6 * 1000 / 1000 / 60 / 60 / 2 = 5d 18h 53m
 10-digit pin, 80ms/guess: 1e10 * 80 / 1000 / 60 / 60 / 24 / 365 / 2 = 12Y 8M 6d