Gate is sample macOS app that contains a CryptoTokenKit (CTK) extension and demonstrates some new ways to work with tokens in macOS:
1. Insert and remove X.509 certificates into the keychain API without a physical smartcard insertion event. Applications can insert certificates into the keychain that are used for cryptographic operations with an embedded CryptoTokenKit extension.
2. Associate a certificate with a ECC private key created in the Secure Enclave on T2-enabled Macs.
3. Authenticate with built-in authentication (Login Window, Screen Saver, System Preferences locks, sudo, ssh, web) using an identity in the Secure Enclave.
https://bitbucket.org/twocanoes/gate-secure-enclave-token-management/src/master/README.md
Firmware Security 