There's still too many situations in which I do end up having to enter my passcode.
Mask unlock isn't perfect, wet hands can throw off Touch ID, and once per day I believe they will just reset and as for the passcode anyway. It's also required for software updates and reboots.
I'm not asking for this to become the default, or even an option given in any setup wizard. Just allow me to set up my own end-to-end encryption recovery passphrase and let me remove all of my device passcodes, i.e. allow me to opt out of HSM-mediated key escrow.
Is your Apple ID password not a sort of "secondary passphrase" as you're wondering? You enter the Apple ID password to download the encrypted data and the low-entropy passcode to decrypt it.
Not really. The Apple ID password is a regular server-verified password and does not contribute to end-to-end encryption in the cryptographic sense. In other words, it gates access to the end-to-end encrypted data, but not the keys used to encrypt them.
If you trust Apple to never get hacked or hand over your data to any third party, that's perfectly fine, but that is not the scenario that end-to-end encryption is designed to address.
Mask unlock isn't perfect, wet hands can throw off Touch ID, and once per day I believe they will just reset and as for the passcode anyway. It's also required for software updates and reboots.
I'm not asking for this to become the default, or even an option given in any setup wizard. Just allow me to set up my own end-to-end encryption recovery passphrase and let me remove all of my device passcodes, i.e. allow me to opt out of HSM-mediated key escrow.