No difference, because there is still a physical component ;) Where a normal SIM card is removable, with an eSIM the chip is soldered on the device. But there is still the same secure chip as in a removable SIM card really, it just takes a lot less space. Because it is soldered, it must be possible to remotely change the content of the SIM, for example to change your telco operator. How to do this securely and in a standard way is what eSIM is all about.
The technical name for a SIM card is UICC (Universal Integrated Circuit Card IIRC). eSIM is eUICC. The next step is iUICC, for an integrated on die function. There is no separate chip then, it's integrated in the modem SoC. But the way it is standardized (on-going) the iUICC must run in a secure enclave, with similar security level as current discrete SIM cards. So again, no real difference: a iUICC will behave as an eUICC one from an end user point of view. The operator do not want to reduce the security of their UICC.
It's not that simple. A profile is generated for a specific, unique eSIM chip. You cannot install nor use a profile on another eSIM. The target device is tracked. That gives some traceability and security.
Then there are two variants of eSIM, for M2M and for consumer devices.
With the consumer variant the profile is requested from the target device itself. So you must own the device to install a new profile, and also have the needed credentials. So this is more than inserting a physical SIM today, where you also need the device but there's no local credentials and no SIM/device mapping.
For M2M, the profile is explicitly pushed to a specific device, which is remotely managed.
Is there also some level of virtualization with eSIM, where the single chip allows for multiple SIM "profiles" (SIM-card-ISA VMs, basically) to run on one chip? Or are the manufacturers that claim that eSIM "allows" for multiple simultaneous operator accounts, just putting multiple eSIM chips in their devices?
Always remember, there's another computer inside your phone, the UICC computer, it contains software from the past, written by hardware people who've never heard of security, no one's looked at the code for bugs, and it controls your phone.
Yes and no. Yes, an eSIM can contain several profiles from different operators. But only one profile is active at a time.
There is typically a default bootstrap profile, to provide just enough connectivity to get started and choose your actual operator. And then this operator profile will be installed too. But the system is more generic, and could store more profiles. At least in theory, in practice there is a cost to generating a profile so this is only done if there is a real need.
The technical name for a SIM card is UICC (Universal Integrated Circuit Card IIRC). eSIM is eUICC. The next step is iUICC, for an integrated on die function. There is no separate chip then, it's integrated in the modem SoC. But the way it is standardized (on-going) the iUICC must run in a secure enclave, with similar security level as current discrete SIM cards. So again, no real difference: a iUICC will behave as an eUICC one from an end user point of view. The operator do not want to reduce the security of their UICC.