How is FIDO secret material and resident keys stored/protected

[schaarsc]

File: [nitrokey3/faq.rst] https://docs.nitrokey.com/nitrokey3/faq.html

the page https://docs.nitrokey.com/nitrokey3/linux/reset.html mentions, that secret material can be erased as part of a factory reset.

But how is the secret material protected from eavesdropping? by secure element or other measures?

How are resident keys stored/protected?

Will an update of the FIDO part of the firmware keep the secret material and resident keys or will this equivalent to a factory reset?

[bordenc]

Further to this, the documentation should explain how to show and/or change resident key information using a tool like fido2-tools.