the idea would be the signer device has a secure element in it. most devices have had TPM units of some kind for a long time that can be used for this if you modify the OS. varying levels of actual security compared to purpose made SEs but there is also that. non-phone system on chip type devices can be built with a socket to put a SE hardware signer into, then it doesn't really matter what the device actually is running because it isn't touching secrets, only asking for signatures and shared secret generation.