Yes. The idea is that the private key can never ever leave the device, not even for “authorized” replication. If it could, then Apple could be coerced to extract it.

Of course the new threat vector is that you can spin up a new fake cluster and have the device upload to it.