- Edited
I'll set up some assumptions as a pointer to what I mean.
Let's say I saved my fingerprint to a place on a fingerprint-chip (entity_A) on the phones motherboard and its saved there in an encrypted way. Somewhere also is some kind of gatekeeper (entity_B) who guards the decryption keys for accessing the fingerprint.
Now I want to unlock my phone and therefore Graphene OS (entity_C) sends some signal to entity_B with the order to check if my finger on the display matches the fingerprint saved in entity_A. Then Entity_B says yes or no.
My last assumption is that I messed up something very bad and someone got remote access to my phone with all piveleges and software capabilties one could imagine.
So, now my question/s.
Is Graphene OS theoretically (on a compromissed phone!) able to access the saved (encrypted) fingerprint in entity_A, or are they physically separated?
Is Graphene OS theoretically (compromissed phone!) able to access the keys in entity_B?
It may also be different from hardware to hardware, I have a Pixel 8. I ideally would wish, that no physical connection between entity_A and entity_C is possible, so that it is technically not possible to remotly steal that kind of biometrical data.