[superuser2]

It sounds like since the UID is fused it cannot be erased; it's probably the GID that's erased, and it sounds like the GID is known to Apple.

[savoytruffle]

None of the local passwords within passwords are known to Apple. They say.

The FBI is hoping they do know something secret.

In most cases it would be easier to subpoena online accounts, but of course Apple says iMessage is also unreadable for different reasons.

[X-Istence]

but fuses can be blown. Simply by blowing one of the fuses the key will change. Even a single bit change means it's useless to authorities.

[tlrobinson]

The fuses are only "blown" (i.e. the UID is burned into the chip) at manufacturing time, not when the device is erased.

When a device is first set up (or wiped) a random key is created and encrypted by the Secure Enclave with a key derived from the user's passcode and the device's UID. Since only that particular device's Secure Enclave has access to the UID the user's passcode can't be brute forced by any other computer, which enables the Secure Enclave to enforce policies like the passcode attempt delay and incorrect passcode attempt. If the device needs to be wiped the random key is simply erased by the Secure Enclave.

(Also, if you only changed 1 bit that would mean you only had to try 2 possible keys...)

[superuser2]

Thanks, that's what I was missing.