I think it’s possible to run code in the secure enclave so the keys would never leave it, just sign things and return them signed. It’s likely how FaceID etc works.
They were saying there isn't a public API for it (if I'm remembering correctly).
reply