[JoachimS]

Yes. And your application will get a per device unique primary secret when loaded, which the application then can use for whatever it needs. (Including not using it all all.)

TOTP, FIDO2, PIV, simple touch triggered challenge/response... or something completely different. If it can fit in around 100 kByte RAM when compiled for RV32IMC and not be too computationally expensive, it could be a Tillitis app.

Just to give you some indication, the Ed25519 signer operation in the SSH authentication we showed on stage today takes ~ one second to perform the signing. And we have several ways to improve that we know already.