diff --git a/internal/macse/README.md b/internal/macse/README.md
new file mode 100644
index 0000000..b954244
--- /dev/null
+++ b/internal/macse/README.md
@@ -0,0 +1,17 @@
+# secure enclave
+
+```
+akrotiri:~/dev/secret/internal/macse$ CGO_ENABLED=1 go test ./...
+--- FAIL: TestEnclaveKeyEncryption (0.04s)
+    enclave_test.go:16: Failed to create enclave key: failed to create enclave key: error code -34018
+--- FAIL: TestEnclaveKeyPersistence (0.01s)
+    enclave_test.go:52: Failed to create enclave key: failed to create enclave key: error code -34018
+```
+
+This works with temporary keys.  When you try to use persistent keys, you
+get the above error, because to persist keys in the SE you must have the
+appropriate entitlements from Apple, which is only possible with an Apple
+Developer Program paid membership (which requires doxxing yourself, and
+paying them).
+
+So this is a dead end for now.