A dedicated RISC-V NPU running at 160 MHz executes 512 MAC/cycle inside a CC EAL-6+ secure enclave. Firmware is signed at the foundry; boot-loader verifies the signature before every wake-up. Runtime decryption keys are stored in e-Fuses blown after provisioning—no JTAG, no debug interface, no firmware update port. Raw biometric vectors are hashed with a 256-bit device-unique key; only the hash leaves the enclave (for pendant-to-pendant authentication), making reconstruction of the original signal cryptographically infeasible.