Security Fusings

From The iPhone Wiki
Jump to: navigation, search

A common misconception is that iDevices enforce certain flags in their bootloaders when certain "fuses" are "blown".

Processor Security

Processor security flags are enforced by pulling several pins on the BGA low or high depending on the state of security needed. The same is done for board configuration. For example, the device security state is set to 0000 by removing all resistors. This is the PVT configuration.

Board Identifiers

Board identifiers are enforced by pulling several pins on the BGA low or high depending on the state of security needed. For example, the device configuration N94AP is set by pulling the pins to set the board ID: "0b1000" or 0x8. This measure saves costs by allowing Apple to reuse the same processor die with a specified ECID, but they can change the motherboard if necessary.

"Fuses"

These so-called "fuses" are actually fixed resistors on the motherboard, however, if authorized to do so, a Production fused device can have the same privileges as a Development fused device by "demoting" the Application Processor.