de0u It's not directly possible due to authenticated encryption. They'd need to extract the key for that from the main SoC which is not accessible to the OS, etc. and at that point they would be using expensive equipment in a lab. It's more realistic to have fancy equipment for tampering with memory which is extremely complex and growing in complexity. Trying to MITM the encrypted connection between the SoC secure core and secure element doesn't really make sense. It's not worth the trouble and doesn't really accomplish anything for an attacker able to exploit the OS, which should be far easier than that.
Duress PIN/password is an OS feature so it can be bypassed by exploiting the OS. If it was supported by the secure element, then it would require a secure element exploit or the secure element could perform an erase when an authentication token derived from the duress PIN/password is passed. Each Weaver slot would need both the valid authentication token and a duress authentication token, where the valid ones gets back the Weaver token, and invalid one triggers throttling and the duress one triggers an erase. This cannot be implemented by GrapheneOS since we do not make the secure element firmware. It's a theoretical feature which is unlikely to be implemented by any OEM even if we make a good proposal for it. We'd need to have our own device with our own secure element where we build and sign the firmware for it to make those kinds of features.