But, you see, the users private key is simply not stored on the device. That was a glaring flaw in Samsungs vaunted Knox encryption system; the user key was stored in an easily locatable, unencrypted library in clear text! Apple instead uses a one-way mathematical representation of that private key stored instead in a randomized location in the Secure Enclave EPROM which is accessible only by the dedicated Encryption Engine Processor. This stored mathematical key representation, which even if you could find it, and had it in hand, being one-way, it cannot be used to reverse engineer the users private key.
When the user enters his private key, the Encryption Engine processor, using the same algorithm, regenerates that mathematical representation and compares its new version with the original version stored in the Secure Enclave EPROM. If they match, all is well, the device gets unlocked and the full 256bit AES key is constructed. If they dont, the user is given another chance to enter his private key, a counter is incremented, and the process is repeated.
Perhaps if Apple were to design its devices so they did have an assymetric unlock system based as you describe, then they could have a system where authorities could provide a device serial number and Apple could provide the unlocking asymmetric unlocking key, different from the users key. However, every single time such access has been available, especially when humans are in the mix, corruption allows the system to be compromised. Such back doors are not secure.
How secure is such a system when the holder of those keys is susceptible to blackmail, extortion, kidnapping, or bribery? How about the computer system that contains those data? Secure? Hackable? You bet that theyd be trying and likely succeeding. As one who lost money due to the Equifax breech, I wont hold my breath. Sorry, Security is not binary. It either is or it isnt.
The Knox implementation sounds ridiculously JV. The use of salted hashes has been around for quite some time. Nonetheless, having physical access to the phone gives the ability to programmatically drive the authentication process including the hashing stage. But as you mentioned, there are additional constraints...
Thanks for the heads-up on the Enclave chip and its self-destruct mechanism I suppose the only deterrent to a brute force attack on the users password.
Also agree regarding the human factors related to a factory backdoor. But theres really no way for us to know whether or not one exists.