What are two functions of Secure Enclave?

TheSecure Enclaveis a coprocessor built into Apple silicon and T2-equipped devices, designed to handle sensitive security functions. Apple Learning emphasizes two primary roles: (1)secure key generation and storage for data at rest encryption(D), ensuring FileVault and other storage encryption keys remain isolated from the main processor, and (2)biometric data processing(E) for Touch ID and Face ID. The Secure Enclave isolates and protects this biometric data, never exposing it to iOS, iPadOS, or macOS directly. It does not encrypt mail or internet traffic (handled by TLS/SSL), nor does it secure MDM communications or APNs notifications. Tokens for Recovery Lock and bypass codes are tied to MDM workflows but not directly managed by Secure Enclave. Its primary function is cryptographic and biometric security.