[Dylan16807]

Is it? Have nonvolatile storage inside the chip, and increment+verify the attempt counter before checking if the supplied PIN is correct. What do you need beyond that?

[Jamwinner]

How do you know when to reset the counter? You dont want invalid attempts incrementing forever...there is your chink in the armor.

[Hackbraten]

What’s wrong with resetting the counter when unlocked successfully?

[manicdee]

What about unintentional passcode attempts such as a phone in a pocket getting butt-dialled?

[Dylan16807]

The interface should be designed so that you can't butt-dial more than a couple attempts.

But if that does happen then the system of timeouts will prevent you from using up all the attempts.

None of that gets in the way of resetting the counter only when the user succeeds.

[MiroF]

The difficulty (in my view) comes from ensuring that I can't just clone/replicate the state of the device from when I had more tries left and then try again.

[brokenmachine]

As I understand it, you can't clone the secure enclave chip because it doesn't expose the key or its code externally.

The only way would be to physically decap the chip which would most probably destroy it.