Over here, it says that AirGap Vault relies on some "mobile specific features (eg. Secure Storage and Biometrics) to secure your mnemonic".

Now as far as I know, Linux doesn't have any of that by default. Windows & Mac don't have this stuff at all, so let's forget about them.

It should be fairly straightforward to make a workflow that can run AirGap Vault with the same security provided by the version for mobile devices. Only a few questions arise:

- How can we securely erase the working data while AirGap Wallet is exiting? Remember that filesystems don't overwrite files in-place so merely writing random data won't work. There must be some kind of package for this. Even better would be some program that makes a temporary, encrypted filesystem before AirGap starts - probably connected by FUSE or something. At least that way, the working directory is scrambled even if the system loses power.
- How to make it run inside a "network jail" where all networking is disabled or a particular process? I am thinking of something like "seccomp-bpf" that is also used in Bitcoin Core but again, there must already be some kind package for this.
- By the same vein, how can USB/direct peripheral access be disabled for that particular program?
- It is well-known that PCs do not have biometrics scanners, but given that these can simply be purchased separately, and that there are probably libraries that can enable this kind of thing to be done, that's not the least of the problems, but it would be nice if there was a way to require that a key with strong entropy was used for locking the vault, whether it's a fingerprint or some dice rolls (imagine if computer keyboards shipped with a random-number-generator screen with associated ARM processor and you could directly tap a hardware button to send random numbers to the program...)