Write Ecc key or Rsa key to kmu

The problem is not, that the key is in memory, but that anyone with access to the device, could install firmware on it, that does exactly the same, to extract the private key. Granted, you would need a lot of information about the device, but that is why I see it as security by obscurity.

I assumed, that you consider the KMU to address that usage of keys by other firmware.

If so, then the other firmware can not access the symmetric key of the KMU, which is required to use the asymmetric key,

That is the point. I can put aes-keys in the kmu, where I can use them for en-/decryption without ever being able to read the key out myself, so there is no risk of the key ever becoming known. This is not the case for ECC. I will need it in software, so there is no way to have it not readable with this crypto cell. So there will always be a way to extract it, which is what I was trying to avoid. I can only make it hard to do.

So, it's not about someone may misuse the "keys", it's more, that someone gets access to it and misuse it in a larger scale.