[redwall_hp]

>they don't accept TouchID on first login after a restart

That's because the hash of the print is stored on an encrypted volume of some kind, which requires your regular password to decrypt after a cold boot. Once the hash is in memory, the fingerprint can be used instead.

[kosmopolska]

I'm not sure I'm following what you're saying a 100%, but based on this [1] i don't think the fingerprint hash is ever in memory. The TouchID camera sends the fingerprint hash directly to the secure enclave, where it is compared to the one saved there, and then the secure enclave sends a yes or no to memory, at least that's my interpretation

1. http://support.apple.com/kb/HT5949?viewlocale=en_US&locale=e...

[whafro]

I believe he meant "once the [password] hash is in memory"

[mikeash]

Is it because of that, or is it implemented that way because they wanted to ensure that TouchID couldn't be accepted after a fresh restart? I think you may have the causality backwards, since they could have easily stored things in such a way that your fingerprint worked after a fresh reboot if they wanted to.