The signing key is (ideally) not even known by Apple, but instead held in a security appliance that can be unlocked with a threshold quorum of pass phrases.
It might not even be in the US. I know that the code signing action of Microsoft Windows was done (and perhaps is still done) in Peurto Rico, for tax reasons.
Definitely. My point is that it's not an unheard of practice. Stick your signing keys in a different jurisdiction and . . .
. . . well, I suppose the courts could always compel a roomful of key holders to enter their codes. But it's much harder if some physical presence is required (do they handcuff you, fly you to the Caymans and force you to enter your key? Do they try to recover the hardware in question -- that could be made arbitrarily difficult).
I should add: Bonus points for making your passphrase "On advice of counsel, I respectfully assert my fifth amendment right to remain silent and decline to answer." And that "dot" on the end is important :-)
Also, trap biometrics: Use a fingerprint or two as a duress code. Have an retina scanner, but only some of the participants should use it. Use that sensor for some folks, another one for others. "Sure, you can have my fingerprints! Hmmm... it was working last week, why does it say '30 day lockout' now?"
It might not even be in the US. I know that the code signing action of Microsoft Windows was done (and perhaps is still done) in Peurto Rico, for tax reasons.