DigiNews

Summary

The article explains how iCloud Keychain escrow uses hardware security modules (HSMs) behind the Secure Remote Password protocol to protect escrow records. It describes the recovery flow that requires authentication via iCloud credentials, an SMS challenge, and a majority verification of the HSM cluster, with a limit of 10 attempts before data is locked or destroyed, and outlines enforcement and reenrollment implications.