The last I looked, you could run mobile device management (MDM) software on iPhones that gave the central controller quite a lot of power over the device. Perhaps China requires such software on all iPhones sold in China?
The Central Controller, and evening the main data processor on Apple iOS devices cannot access the Secure Enclave. That area can only be reached by a dedicated Encryption Engine Processor. Its my understanding, that the iPhones sold in China have crippled security on them due to Chinese government laws. This is handled in software. From what Ive heard, all data on mobile devices in China are required to be backed up daily (if not more frequently) to their cloud servers which are all owned by the Chinese government. If it goes on your phone, it goes on the cloud server.
You may recall the hoopla when Apple was accused of moving iCloud to China and turning the Encryption keys over to the Chinese government? That was when the Chinese government passed these new laws. Apple kept the iCloud encryption keys in their Chinese offices, but the iCloud user data had to be moved to Chinese servers or Apple iCloud users moved to non-iCloud servers. Apple chose to keep serving their customers, but they had to change the iCloud backup software. They do, also, have to honor the Chinese search warrants. Apple still maintain possession of the iCloud China encryption keys.
Ostensibly, those backed up data are only available to the government via legal search warrants (wink, wink), but in China, police and courts work together. Warrants are very easy to obtain. Therefore searching devices is really unnecessary. The data is on the cloud servers. There is no expectation of privacy in China. Again, from what I hear, businesses who want confidential communication in China, they use a system of trusted messenger runners, no phone messages at all. Routine business is ok on the phones, but . . .