[justinsaccount]

"The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security," an Apple spokesperson told TechCrunch.

"Apple confirms iOS kernel code left unencrypted intentionally"

Which is it, cache (of what?) or code?

[JonathonW]

Cache of code. OS X and iOS maintain a cache containing the kernel and prelinked kernel extensions as a performance optimization-- this allows the system to avoid scanning the actual directory containing kernel extensions at boot.

See: http://osxbook.com/book/bonus/misc/optimizations/#TWO and https://developer.apple.com/library/mac/documentation/Darwin...

[jevinskie]

The spokesperson is talking out of their ass regarding performance. The kernel is decrypted by iBoot once at boot, using the hardware AES engine. It remains decrypted until the device is shutdown/rebooted. Decompressing and decrypting the kernel takes less than a second at boot.

Also, TechCrunch fails to note that the kernelcache keys for most 32-bit kernels (and all iOS versions) are publicly available. Private individuals have dumped the keys for 64-bit kernels but they are not available publicly. Even without the keys, any jailbreak allows for dumping of the kernel. However, a kernel dump is missing very helpful MachO headers (handy for kloading) and, for 64-bit kernels, the EL3 TrustZone Watchtower module aka Kernel Patch Protection.

[ghshephard]

Down further in the thread, BillinghamJ is seeing their iPhone 6S Plus boot in 5 seconds with iOS 10, as opposed to the 25 seconds for my iPhone 6S.

How certain are you that it's only 1 second of processing that's been removed - that's a HUGE increase in speed, that I haven't seen written up anywhere else.

Anybody else with iOS 10 on their phone able to confirm the new 5 second boot time?

[jevinskie]

I'm very nearly certain because I benchmarked decrypting the iOS 10 beta kernel using the code at [0]. The kernelcache is about 13 MB compressed and takes about 60 milliseconds to decrypt. Previous iOS versions encrypted the compressed kernelcache so benchmarking decryption of the compressed kernelcache should be correct. Unless Apple was doing something very stupid, kernelcache decryption should never have been much of a bottleneck in the first place. It is nice to see that they have found other ways to improve the boot time.

[0]: https://gist.github.com/jevinskie/40df60e3e9d76ad05304be9bd5...

[culturestate]

> The spokesperson is talking out of their ass regarding performance.

I'm fairly certain that this statement was vetted by Craig Federighi himself or, at minimum, a high-level engineering manager.

[ghshephard]

Both statements could be true - I wouldn't be too surprised to see Apple stretch the truth; yes, it's true, performance on a 25 second boot (my iphone 6s) from cold was improved to 24 seconds. Doesn't really move the needle, but still true, to some degree. A second here, and a second there - starts to add up though, particularly on boot up, for those of us who end up doing that multiple times a day.

Also, in general, any time you can remove code from a system, that isn't contributing in any meaningful way, is just a good thing to do - both from reducing attack surfaces, as well as general reduction in code size, and the advantages that come along with that.

[BillinghamJ]

iOS 10 running on my iPhone 6S Plus is currently booting in about 5 seconds. Not sure how though...

Also that's when I hold down the home and lock buttons, in order to force-reboot. Perhaps now that doesn't fully reboot the phone.

[jevinskie]

I was curious so I benchmarked "decrypting" kernelcache.release.n66 on an iPhone 6S and it took about 60 milliseconds to decrypt. It wasn't encrypted in the first place so the decryption results in garbage, but it should be a valid benchmark. The quick boot time with iOS 10 sure is nice, but it isn't because the kernel isn't encrypted.

https://gist.github.com/jevinskie/40df60e3e9d76ad05304be9bd5...

[ghshephard]

Have you tried powering down (Hold down Lock Button). And then Powering up?

[StudyAnimal]

Or the guy in the marketing department that "knows about the techy stuff".

[chillaxtian]

thanks for the confirmation.