Data is unrecoverable on macbooks with secure boot if T2 firmware gets corrupted
vimeo.comI mean yes, the firmware guards the encryption keys, if the firmware is corrupt then access to the key is corrupt.
If the key could be recovered with a corrupt firmware, then the SEP would be open to an attack to extract the keys by forcing firmware corruption and then using that as a path to compromising the device.
I mean I own the hardware. I should be able to backup the key.
you back up the data - the security model for an HSM (e.g. the T2) is that secrets cannot be extracted. Once the key can be extracted it then that security model is broken.