Intellectual2 The OS stores a high entropy random value as the Weaver token on the secure element (Titan M on Pixels) and uses it as another input for key derivation. The Weaver token is stored alongside a Weaver key derived by the OS from the password token. In order to retrieve the Weaver token, the secure element requires the correct Weaver key. A secure internal timer is used to implement hardware-based delays for each attempt at key derivation. It quickly ramps up to 1 day delays before the next attempt. Weaver also provides reliable wiping of data since the secure element can reliably wipe a Weaver slot. Deleting a profile will wipe the corresponding Weaver slot and a factory reset of the device wipes all of the Weaver slots. The secure element also provides insider attack resistance preventing firmware updates before authenticating with the owner profile.
Standard delays for encryption key derivation enforced by the secure element:
0 to 4 failed attempts: no delay
5 failed attempts: 30 second delay
6 to 9 failed attempts: no delay
10 to 29 failed attempts: 30 second delay
30 to 139 failed attempts: 30 × 2⌊(n - 30) ÷ 10⌋ where n is the number of failed attempts. This means the delay doubles after every 10 attempts. There's a 30 second delay after 30 failed attempts, 60s after 40, 120s after 50, 240s after 60, 480s after 70, 960s after 80, 1920s after 90, 3840s after 100, 7680s after 110, 15360s after 120 and 30720s after 130
140 or more failed attempts: 86400 second delay (1 day)
Using random 6 digit PIN with secure encryption provided via the secure element throttling (1 attempt / day after it ramps up) makes it fairly convenient to not use fingerprint unlock.
Users setting a random 6 digit PIN or a typical passphrase on other Android devices don't have secure credential-based encryption.
That's one example of an important hardware security feature, which depends on the phone having a secure element, and hopefully a high quality one.
On any other Android phone, they can trivially brute force a random 6 digit PIN after they've gained control of the application processor / OS even if they can't bypass the hardware-bound key derivation provided by the SoC. A normal CPU doesn't defend against physical attacks.
Sources: GrapheneOS Documentation and Official Twitter Account