Some of the critical encryption keys are stored in the main A6 processor and incredibly difficult to extract, which is why you can't launch offline brute-force attacks - however those keys are read-only and initialized at device manufacturing time. All the volatile data is in the external flash chip. I'm not even sure if the Secure Enclave has its own flash on newer devices that have one.