iCloud Keychain recovery uses HSM clusters, SRP protocol, and a hard 10-attempt limit before permanent escrow record destruction.
Key Takeaways
HSM clusters sit behind iCloud and encrypt escrow records; admin access cards have been destroyed, making firmware changes impossible without triggering key deletion.
Recovery requires iCloud account password plus SMS 2FA plus iCloud security code verified via SRP, meaning Apple never sees the code itself.
Each HSM cluster member independently checks attempt counts; majority consensus required to unwrap the escrow record.
After 10 failed attempts the HSM cluster permanently destroys the escrow record, trading recoverability for brute-force protection.
Firmware alterations or private key access attempts trigger automatic key deletion and notify affected keychain owners.