Store Passcode using KeyStore. Properly call KeyStore to generate keystream "A" using input passcode. Then if Bio is not enabled, Provide "A" as decryption key and along with TX message to sign TX or show recovery phrase. If Bio is enabled, then you need chain these key together. When for example fingerprint get changed or disabled, then the chain is broken and recovery phrase is needed to re-enable accessing to private key/master phrase.
Store Passcode using KeyStore. Properly call KeyStore to generate keystream "A" using input passcode. Then if Bio is not enabled, Provide "A" as decryption key and along with TX message to sign TX or show recovery phrase. If Bio is enabled, then you need chain these key together. When for example fingerprint get changed or disabled, then the chain is broken and recovery phrase is needed to re-enable accessing to private key/master phrase.