Nope. On newer devices the key is derived from a random key fused into the SE during manufacturing, a key fused into the ARM CPU, and a key randomly generated on-device during setup (derived from accelerometer, gyro, and altitude data) and stored in the SE. The SE's JTAG interface is disabled in production firmware and it won't accept new firmware without the passcode.
You can't swap the SE or CPU around, nor can you run the attempts on a different device.
Can't you? Seems like the kind of problem you can point an electron microscope at, and perhaps some very high precision laser cutting. In any case, I imagine if you are willing to spend resources on it, you could read the on-chip memory somehow and start cryptoanalysing that.
Against a sufficiently capable adversary, tamper-resistance is never infalible, but good crypto can be.
> Against a sufficiently capable adversary, tamper-
> resistance is never infalible, but good crypto can be.
Nonsense, it all comes back to "sufficiently capable", every time.
To a sufficiently capable adversary, _all_ crypto is just "mere security by obscurity".
"Oh, mwa-haha, they obscured their password amongst these millions of possible combinations, thinking it gave them security - how quaint. Thankfully I'm sufficiently capable.", she'll say.
You can't swap the SE or CPU around, nor can you run the attempts on a different device.