The chip establishes an authenticated, encrypted channel for faceID sensor information.
The goal is to prevent someone from silently replacing the camera module with a new device that is no longer capturing local/live data.
Since the ability to replace the camera is audited though, I would assume that this does lock out replacements of the FaceID module by unauthorized third parties, _unless_ there is also a process to do so via a full hardware/storage reset.
Moving the existing chip is trivial but also an effective enough measure against easy repairs.