[Hackbraten]

What’s wrong with resetting the counter when unlocked successfully?

[manicdee]

What about unintentional passcode attempts such as a phone in a pocket getting butt-dialled?

[Dylan16807]

The interface should be designed so that you can't butt-dial more than a couple attempts.

But if that does happen then the system of timeouts will prevent you from using up all the attempts.

None of that gets in the way of resetting the counter only when the user succeeds.

[MiroF]

The difficulty (in my view) comes from ensuring that I can't just clone/replicate the state of the device from when I had more tries left and then try again.

[brokenmachine]

As I understand it, you can't clone the secure enclave chip because it doesn't expose the key or its code externally.

The only way would be to physically decap the chip which would most probably destroy it.