[tlrobinson]

I don't know if Apple has any specific capability as part of the firmware verification, but even if they didn't they could just put something like this early in the boot process:

    if (unique_device_id != SAN_BERNARDINO_DEVICE_ID) {
        halt();
    }

If this code must be signed to execute then it can't be modified to work on another device without Apple signing it again.

This assumes there's a unique device ID that is known to the FBI and can't be tampered with. Maybe the serial number or IMEI?

[pfooti]

Fixed that for you:

    if (unique_device_id != SAN_BERNARDINO_DEVICE_ID) {
        goto fail
    }

[KMag]

My understanding is that phone thieves routinely change the IMEI by desoldering and replacing a chip. If this weren't the case, I think it would be fairly easy for detectives to call up the person currently in possession of any given stolen iPhone.

[tlrobinson]

Maybe ECID then? https://www.theiphonewiki.com/wiki/ECID

[theoh]

It looks like there's something called a UDID which is a SHA-1 hash of a bunch of identifying information. So, difficult to fake even if you can twiddle the source values or swap in new chips.

https://www.theiphonewiki.com/wiki/UDID

[openasocket]

Except they have the shooter's phone, which has the identifying information which results in the correct UDID. To get the same UDID on another phone they just need to change the source values to the same values as in the shooter's phone. The fact that it's a cryptographic hash doesn't really help here, assuming they can change all the source values at will.