[olliej]

I mean yes, the firmware guards the encryption keys, if the firmware is corrupt then access to the key is corrupt.

If the key could be recovered with a corrupt firmware, then the SEP would be open to an attack to extract the keys by forcing firmware corruption and then using that as a path to compromising the device.

[rasz]

I mean I own the hardware. I should be able to backup the key.

[olliej]

you back up the data - the security model for an HSM (e.g. the T2) is that secrets cannot be extracted. Once the key can be extracted it then that security model is broken.