They keep it in a non-reachable area that cannot be modified by anything you can load into RAM. You assume that there are only ROMs available which are readable by the A5 and A6. Inside the A5 and A6 there is a specialized processor Crypto Engine, the predecessor to the A7's and later processor's Secure Enclave.
Every iOS device has a dedicated AES 256 crypto engine built into the DMA path between the FLash storage and main system memory, making le encryption highly effcient. Along with the AES engine, SHA-1 is implemented in hardware, further reducing cryptographic operation overhead.The device's unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused into the application processor during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed using them. The UID is unique to each device and is not recorded by Apple or any of its suppliers. The GID is common to all processors in a class of devices (for example, all devices using the Apple A5 chip), and is used as an additional level of protection when delivering system software during installation and restore. Burning these keys into the silicon prevents them from being tampered with or bypassed, and guarantees that they can be accessed only by the AES engine.
The UID allows data to be cryptographically tied to a particular device. For example, the key hierarchy protecting the file system includes the UID, so if the memory chips are physically moved from one device to another, the files are inaccessible. The UID is not related to any other identifier on the device.
Apart from the UID and GID, all other cryptographic keys are created by the system's random number generator (RNG) using an algorithm based on Yarrow. System entropy is gathered from interrupt timing during boot, and additionally from internal sensors once the device has booted.
Securely erasing saved keys is just as important as generating them. It's especially challenging to do so on Flash storage, where wear-leveling might mean multiple copies of data need to be erased. To address this issue, iOS devices include a feature dedicated to secure data erasure called Effaceable Storage. This feature accesses the underlying storage technology (for example, NAND) to directly address and erase a small number of blocks at a very low level.
This citation comes from the archived data that Ray76 posted earlier for the antique iPhones.
Although the Crypto Engine is inside the A5 and A6, it is walled off from all other processor functions and inaccessible to them, including blocking the A5 and A6 from reading the UID.
You might notice how little difference there is between this May 2012 description and the Secure Enclave description in the September 2015 White Paper. That is because the basic security principles did not change much, just got better and far more secure by divorcing them completely from the actual processor.
The main difference was moving the log-in and count routines from the Secure iBoot System to the Secure Element Processor and putting it all inside a totally unreachable silicon sub-processor system. Instead of a tell me TWICE check linked chip system, they went to a tell me THRICE linked system, where all three chips have to be present and untampered with for the boot to continue.
I don't think this matters much when you are modifying the firmware.