Fingerprint scanner module with hardware salt and data extraction resistance?

All the biometric things I saw as finished smarthome products don’t look trustworthy or securely designed.

I want to put it together myself.
I need a fingerprint module tho, I can’t make those. But I wouldn’t want just any garbage product. I look for something with security guarantees similar to the fingerprint-scanner+secure enclave combinations in modern Pixel and Iphone.

• The device is hardened against secret extraction.
• The device is sealed in a way that nothing can be added without noticing. Like a tamper contact that wipes the data encryption secret when triggered.
• The fingerprint is never saved in a way, that a fingerprint can be reconstructed from it.
• The fingerprint is never saved in a way, that the data derived from a fingerprint on one device also works on another device.
• The device has finger liveness detection so that I can’t authenticate to it using a CNC carved carrot.

What’s the threat model here? Someone ripping the fingerprint scanner off the wall and doing forensics on it?

Fundamentally, most of these are inherently “security by obscurity” type “guarantees” which are incompatible with you putting this together yourself. It’s unknown to what extent they even hold on the devices you mention. Why don’t you consider the reader entirely untrusted and simply network it to a server containing the actual secrets you are trying to protect. The reader then only sends fingerprints over the network but does not hold your actual secrets.