The main problem with eSIM is that they are still little HSM modules controlled by the carrier. This results in most of the problems that people are complaining about in this thread.
1. You can't swap the SIM yourself because the HSM is designed not to reveal the secrets.
2. You can't provision offline because the carrier needs to encrypt the payload to the target HSM. In theory I guess if the target phone was known it could be provisioned once and uploaded repeated (for fast eSIM swapping between different SIMs in the same device). But there may also be some form of replay protection.
What I would like to see is that the eSIM is just a config file with connection info and credentials. Then the device itself is in charge of connecting, sharing and whatever else. The user is in control and can transfer or swap as they see fit.
The downside would be that this data is easier to steal if it isn't in a TPM but no one said that you couldn't put it into a TPM. It is just user choice now. For example the keys could be uploaded to the TPM much like today. Or it could be encrypted with a TPM key and stored on the device (this would allow easily changing eSIMs or transferring between devices). You could even do things like escrow a copy to a trusted backup location so that you can restore the eSIM to a new phone if you lose or break the old phone. (Although you may need to revoke the old creds if they are at-risk of being stolen from the old device.)
The carrier should be a dumb pipe. I don't like how much control they have over my hardware.
Hardware Security Module. Basically an embedded device that stores cryptographic keys and performs cryptographic operations (like encrypting/decrypting/signing).
EDIT: HN is throttling me for responding too quickly so I'm responding to the comment below this. eSIM uses UICC hardware, not unlike a cryptographic smartcard (think PIV or OpenPGP smartcards). It's built upon the same kind of cards as physical UICC (SIM) cards are. You have a CPU, some memory, and the ability to store applets usually written in java. Where eSIM/eUICC is different is it is an implementation of downloadable SIM profiles. The standard does allow for, and there are physical removable eSIM's made. The phone controls profiles on them using apdu commands at the low-leve: https://en.wikipedia.org/wiki/Smart_card_application_protoco... . Check my prior comments on the matter.
A small, purpose built chip. The GSM Association refers to it variously depending on audience. For example on their landing page for eSIMs they refer to it as a Secure Element: https://www.gsma.com/esim/
You can get from that page to their technical standards which go into much more detail about hardware for eSIMs.
Look, seriously, you didn't answer the question. An eSIM consists of software. To say that eSIM is UICC is like saying that KDE is a Lenovo ThinkPad.
eSIMs are not HSMs and the GP shouldn't be muddying the waters. SIM cards aren't HSMs. They run apps! Smart Cards aren't HSMs. They have cryptographic functions, but they aren't HSMs!
An HSM is a very specific, physical hardware-based cryptographic device. You'll know it when you see it, and they're designed, labeled, and sold as HSMs with a price to match. No mobile provider is going to let you download no HSM for no $40. Crazy talk.
SIM cards can function like HSMs. Even in the niche security product market, the difference between a $20000 HSM and a $1000 HSM is that the former is filled with epoxy.
1. You can't swap the SIM yourself because the HSM is designed not to reveal the secrets.
2. You can't provision offline because the carrier needs to encrypt the payload to the target HSM. In theory I guess if the target phone was known it could be provisioned once and uploaded repeated (for fast eSIM swapping between different SIMs in the same device). But there may also be some form of replay protection.
What I would like to see is that the eSIM is just a config file with connection info and credentials. Then the device itself is in charge of connecting, sharing and whatever else. The user is in control and can transfer or swap as they see fit.
The downside would be that this data is easier to steal if it isn't in a TPM but no one said that you couldn't put it into a TPM. It is just user choice now. For example the keys could be uploaded to the TPM much like today. Or it could be encrypted with a TPM key and stored on the device (this would allow easily changing eSIMs or transferring between devices). You could even do things like escrow a copy to a trusted backup location so that you can restore the eSIM to a new phone if you lose or break the old phone. (Although you may need to revoke the old creds if they are at-risk of being stolen from the old device.)
The carrier should be a dumb pipe. I don't like how much control they have over my hardware.