[dm_mongodb]

i can imagine reasons why apple would want or need to be able to update secure enclave firmware without the correct pin entered first. #2-3 are highly speculative:

1) fear of a bug. just the right firmware bug and you have 100 million phones lose data, and perhaps bricked too. unlikely, but consider the cost. i would be worried about this if i were in charge of the iphone project and the secure enclave feature were newish. we can imagine pretty good solutions to this one though, with work and time.

2) out of 100+ countries where they sell phones, over time, some will give them a confidential court order saying they must retain this capability. if a foreign court order, they could refuse to comply, but then would have to exit that market -- infeasible if multiple countries. and a different 'version' for just those countries would be noticed over time by security researchers?

3) they might already have an order as such from the U.S., for foreign intelligence purposes. as mentioned a different international version if noticed is a PR disaster for apple. so the easiest way to comply is just do it that way for all phones.

perhaps they push back on the fbi request because that's the one they can talk about, yet it templates the whole issue.