[ranty]

I'm sorry, but this is just plain wrong.

Let's take "since the key is physically burned in"... You don't need to burn it in, it could easily be stored in a few bytes of on-die sram. As for the assertion that a de-powered chip can't wipe itself? You can just go out and buy a self wiping chip ... you don't need to be either Apple or the NSA, just have a credit card.

[azonenberg]

If the key is kept across a battery replacement or repair procedure, then it's going to be hard-wired/fused into the chip. SRAM needs to be powered constantly to retain data.

Credit cards/smartcards include self-destructs that will erase the nonvolatile memory (flash) in certain cases if power is applied while a tamper signal is asserted. They cannot erase data while in the "off" state. One of the problems with fuse-based memory is that it's easier to dump off the silicon than, say, Flash.

Although I haven't decapped an A7 yet (as soon as I get my hands on one, rest assured I will) adding flash to an IC fab process is very expensive and adds somewhere around a dozen new masks, so OTP fuse memory (which doesn't need any new masks) is typically used instead of flash for on-die ID codes etc.

[ghshephard]

Just so I understand - this process of dumping the keys off the iPhone would typically something that the owner would notice? Is it feasible to take someone's phone, dump the silicon, and then return the phone to them?