Keys in the Secure Enclave never leave the device (or the SE for that matter) and cannot be extracted even physically.
replyNewer devices support Remote Key Provisioning (RKP), so you still can't export keys but you can import them. (Physical attacks are still possible, just very difficult)
reply