Comment by traceroute66

> The exported key you can keep in a safe for disaster recovery.

No. Your "disaster recovery" should be either a second device with a Secure Enclave, or a Yubikey.

Making it exportable from the Secure Enclave defeats the whole purpose.