Something I don't understand: why eSIM or iSIM have to be hardware, why can't it be pure software, some credentials stored on the storage of the phone?
That's why I think too. We have secure enclave and all that for anything cryptographically secure and isolated. Just interface with that for the keystore/signing and have everything in software.
A possible attack vector? Perhaps if something's not coded correctly... which can easily be fixed with software update.
I'm sure there's more into this of course, but that should be the general motivation.
