iPhone System Restore - what does this actually mean

Discussion in 'iOS 12' started by Amatell4685, Apr 27, 2019.

  1. Amatell4685 macrumors newbie

    Feb 8, 2019
    Online Apple claim that a system restore via iTunes “erases” the solid state disk on your phone and installs a “new” and current and up to date version of iOS on your iPhone.

    My question is: when they say erase - does this mean “properly” erase (Overwrite the contents of each memory location to say 0s), before then reformatting, and then putting on a new (new to your device) iOS image (and not merely your existing iOS, just “reset”)?

    Or does it simply “reformat in the sense of writing a new file system with old data still (technically) present, or some variation of the above?

    It’s just, if I wanted to “erase” or “wipe” a hard disk, I would use software to write 1’s and 0’s to each memory location on the disk (to truly erase all contents), before then reformatting and reestablishing a fresh file system and installing a fresh os image (ie not leave the existing os image intact - just “reset to factory settings” and in fact remaining the same original software program).

    Can I ask how Apple’s “restore” process relates to this?

    Many thanks
  2. NoBoMac macrumors 68020

    Jul 1, 2014
    It's all in here:


    Basically, once you turn on a passcode for the device, storage gets encrypted, encryption key is stored in Secure Enclave, encrypted to your passcode. Each file is encrypted with a unique encrypted encryption key. Reset a phone, Secure Enclave gets wiped of all old encryption keys and all new encryption keys are generated, and storage is re-encrypted with a new key once passcode is set.
  3. Amatell4685 thread starter macrumors newbie

    Feb 8, 2019
    I see, so that basically means if I were hoping to wipe the device utterly and install a new copy of the iOS - the technique I described essentially doesn’t do this. Downloading a new iOS would not achieve this?
  4. Puonti macrumors 6502a

    Mar 14, 2011
    My understanding is that a fresh iOS install used the same method, so no.
  5. chabig macrumors 603

    Sep 6, 2002
    There is no benefit to overwriting 1s and 0s to each storage location. So because it is unnecessary, it’s not done. Just install the new OS and you’re good to go.
    --- Post Merged, Apr 27, 2019 ---
    You would not need to do that if the drive is encrypted. Once the key is gone, all that remains is random garbage data.
  6. NoBoMac macrumors 68020

    Jul 1, 2014

    To quote the linked document:

  7. Amatell4685 thread starter macrumors newbie

    Feb 8, 2019
    I see, it’s just the problem I was hoping to overcome was not the removal of my own user data - but the elimination of a version of iOS which I suspect may have been bugged with some spyware. My fear was I may have a (disguised) jail broken iOS, or some other form of modified iOS, in which the spyware may either be:

    -somehow a part of a modified os, and thus in an area untouched by a restore (and thus left in tact), if the restore were merely updating iOS 12.1 to 12.2. I assume the encrypted region would not cover the os image, or anything in kernel space?

    - or in having kernel access, may be stored in a location untouched by the remodel of just user data,

    - or, even more troublingly, in a location that iOS restore would not be able to erase - (I know it is possible for malware to remain in portions of a disk even after attempts to wipe the contents in some instances of sophisticated malware)

    Thus essentially what I was hoping to achieve was the true erasure of the existing iOS, as well as the spyware - wherever it was located - as part of the os image or stored elsewhere on the disk.

    Essentially I do not know whether going into the apple shop and asking them to wipe the iPhone and install the latest iOS (12.2 rather than 12.1), would have been of any help in this regard?
  8. chabig macrumors 603

    Sep 6, 2002
    There is no encrypted region. Every single bit in storage is encrypted. Also, kernel space doesn’t refer to an area on an SSD or hard disk, it refers to RAM that belongs to the kernel and is not reachable by non kernel processes.
  9. Mr_Brightside_@ macrumors 68030


    Sep 23, 2005
    Performing your own (DFU) restore will be the same as what the Apple shop does.
  10. Amatell4685 thread starter macrumors newbie

    Feb 8, 2019
    Many thanks.

    Ah, I know it refers to an area of RAM, I just thought perhaps there might be some kind of secondary storage analogous scenario I wasn’t aware of, or some form of partitioning that may separate “os” areas from “user” areas that the restore process would distinguish between. I feared it may not be as complete and total an erasure because of something (like) that.

    It’s just I woke up with a colossal headache so (very lazily) I slung the “kernel space” notion in there as a sort of stab in the direction I was hoping to prompt discussion about (in case something along those lines came up). My apologies for asking a question, yet being so sloppy as to assemble it like that. Not feeling 100% today.

Share This Page

9 April 27, 2019