The HSM/TEE is a dedicated component isolated from the main application process. It has the capability to create and store secure cryptographic keys, which are inaccessible to anyone, including the users themselves. The HSM/TEE will utilize these keys to sign transactions only after receiving the user’s consent through face or fingerprint biometric authentication.
In Apple devices the HSM is called a Secure Enclave, whereas in Android device it is usually called a Secure Element (powered by the Titan M2 chip)