According to the "Keychain data protection" page on Apple Platform Security Guide, the availability of iCloud certificates and private key is "Always, nonmigratory". The data protection class of always available for keychain items would behave the same as NSFileProtectionNone, according to Apple. Does this mean that the iCloud private key is hypothetically exposed and can be compromised even in BFU state? What does "nonmigratory" mean in this case?