well, that's why touch id/face id are a secure enclave and have largely replaced passwords.
but philosophically there's no reason the digitizer can't be a secure enclave too, and sign a message authenticating that it's really the digitizer that you think it is. unless you can force it to leak the secret or you can break RSA, it's as secure as any other cryptosystem.
remote attestation does work and I don't really get why people continue to assert that it doesn't. root-of-trust and remote attestation are solved problems, and detecting component swapouts (and other "hostile component" attacks) are one of the primary use-cases for these systems.
but philosophically there's no reason the digitizer can't be a secure enclave too, and sign a message authenticating that it's really the digitizer that you think it is. unless you can force it to leak the secret or you can break RSA, it's as secure as any other cryptosystem.
remote attestation does work and I don't really get why people continue to assert that it doesn't. root-of-trust and remote attestation are solved problems, and detecting component swapouts (and other "hostile component" attacks) are one of the primary use-cases for these systems.