How exactly does the secure enclave work?

Raw JSON

{
  "kind": 1,
  "id": "38fd0985ad9179bba1486bcfcd09686e42d4c449095226738e41cc3b3ad04921",
  "pubkey": "12ee03d11684a125dd87be879c28190415be3f3b1eca6b4ed743bd74ffd880e6",
  "created_at": 1779785486,
  "tags": [
    [
      "alt",
      "A short note: How exactly does the secure enclave work?\n\nAs a Ca..."
    ],
    [
      "e",
      "6d4a183264c201198e7d3e4f3f3323257295ceafbf22395082a81672e3032d41",
      "wss://nos.lol/",
      "root",
      "e3fc673fc5f99cc554d0ff47756795647d25cb6e6658f912d114ae6429d35d35"
    ],
    [
      "p",
      "e3fc673fc5f99cc554d0ff47756795647d25cb6e6658f912d114ae6429d35d35",
      "wss://relay.primal.net/"
    ],
    [
      "client",
      "Amethyst"
    ]
  ],
  "content": "How exactly does the secure enclave work?\n\nAs a Cashu user, I can see that the blinded messages are signed by a key that is controlled by the provider of the enclave?\n\nSo the mint operator, and the mint code, doesn't directly have access to private key material?\n\nAnd I can check with the enclave provider to see their keys, and verify for myself that the keys in the keyset are derived from that enclave's key?\n\nAnd so the trust transfers to the operator of the enclave (and the manufacturer of certain hardware), not the mint operator?",
  "sig": "34c6f85494ffc72b0984f70a151358836ebc2ad7afdb18ef29663d36518b18edf50ddb1c4a861fb4e5280171f96f206b0875c958902e143658d2c548c6b7873e"
}