←back to thread

522 points moonsword | 1 comments | | HN request time: 0.208s | source
Show context
thrdbndndn ◴[] No.42168908[source]
Two questions:

1. surely unconditionally rebooting locked iPhones every 3 days would cause issues in certain legit use cases?

2. If I read the article correctly, it reboots to re-enter "Before First Unlock" state for security. Why can't it just go into this state without rebooting?

Bonus question: my Android phone would ask for my passcode (can't unlock with fingerprint or face) if it thinks it might be left unattended (a few hours without moving etc.), just like after rebooting. Is it different from "Before First Unlock" state? (I understand Android's "Before First Unlock" state could be fundamentally different from iPhone's to begin with).

replies(7): >>42168981 #>>42169169 #>>42169203 #>>42169266 #>>42169304 #>>42170569 #>>42171458 #
diggan ◴[] No.42169169[source]
> it reboots to re-enter "Before First Unlock" state for security. Why can't it just go into this state without rebooting?

I think the reason is to make sure anything from RAM is wiped completely clean. Things like the password should be stored in the Secure Enclave (which encryption keys stored in RAM are derived from) but a reboot would wipe that too + any other sensitive data that might be still in memory.

As an extra bonus, I suppose iOS does integrity checks on boot too, so could be a way to trigger that also. Seems to me like a reboot is a "better safe than sorry" approach which isn't that bad approach.

replies(1): >>42170129 #
gizmo686 ◴[] No.42170129[source]
Reboots don't typically wipe RAM. Although wiping ram is relatively easy if you are early enough in the boot process (or late enough in the shutdown process).
replies(3): >>42171294 #>>42171332 #>>42173620 #
1. bayindirh ◴[] No.42171294[source]
With ASLR and tons of activity happening during the boot process, it's almost guaranteed that you'll damage the keys you need. Plus, we don't know how shutdown processes are done. It might be wiping the keys clean before resetting the processor.