How do you know the root enclave key isn't retained somewhere before it is written? You're still trusting Apple.

Key extraction is difficult but not impossible.