The relevant (and final) question is if any practical physical attack on the stored secrets is part of the threat model. When the Titan Fido key from google was found to allow physical key extraction via a side channel attack on the NXP chip, it was treated as a vulnerability because their threat model was supposed to prevent any extraction, independent of the required efforts. Would the same be true for Nitrokeys? This is especially relevant for the secrets used for encryption like PGP keys or the Fido2 HMAC-secret extension that can be used for disk encryption (see systemd-cryptsetup). Would Nitrokeys provide the same protection as e.g. OpenPGP cards? And is the Fido key material (e.g. hmac-secret) equally protected from extraction then the PGP/SSH data? (once the firmware is out of beta)