Do you have any sources for that? I ask because the article I linked specifically states that Apple was forced to discard the entire encryption system it uses elsewhere. It’s also hard to understand why a government would insist on this sort of data custody without the benefit of plaintext access.
The key generation routine for iCloud Keychain is shipped in iOS and tangled with your device passcode. Chinese iPhones have the same iOS builds as iPhones everywhere, so if some backdoor code was present to have them generate iCloud Keychain keys differently, someone would have found it.
Here’s what I think the article is trying to describe:
I think #2 is what the article characterizes as “discarding entire encryption system.” However, the encryption of iCloud Keychain isn’t dependent on HSMs in the same way the rest of iCloud data is.
As a result, E2E encrypted iCloud data for Chinese users is probably still safe in China. Given physical access and non-standard HSMs, non E2E encrypted data in iCloud probably is not.
It will be very interesting to track the consequences if and when iCloud moves more data into E2E encryption, since the majority of synced data is not: https://support.apple.com/en-us/HT202303
