XPost: misc.phone.mobile.iphone   
   From: marianjones@helpfulpeople.com   
      
   Marian wrote:   
   > In fact, iOS still has a sealed, monolithic system image even today!   
   >  a. RSRs did not replace or eliminate the sealed system image.   
   >  b. They added a second layer on top of it.   
      
   The issue here is not download size but the update architecture of iOS.   
      
   The relevant point is how the system volume works and how Apple delivered   
   changes before iOS 16+ Rapid Security Responses (RSRs) existed.   
      
   The fact remains that iOS has always used, and still uses, a sealed and   
   signed system image for the main OS.   
      
   The system volume is treated as a single cryptographically sealed unit. Any   
   modification to any file on that sealed system volume requires Apple to   
   rebuild, re-sign, and re-publish the entire OS image. This is true even if   
   the logical change is extremely small. The seal covers the whole system   
   image, so changing one byte requires a new sealed image.   
      
   For every device class and every OS version, Apple publishes one full IPSW   
   image that represents that version. When Apple changes anything on the   
   sealed system volume, they must produce a new version (for example, 15.8.5   
   becomes 15.8.6). That new version corresponds to a new full system image.   
   Apple also publishes an OTA delta for bandwidth efficiency, but the delta   
   is not a patch to individual files. It is a binary diff that reconstructs   
   the complete new sealed system image on the device. The server-side   
   artifact is still a full OS image for that version.   
      
   This means that before RSRs, Apple had only one mechanism to deliver   
   changes to system-volume code, which is a full software update.   
      
   Even a one-line fix to a system framework required a new OS build, a new   
   seal, a new version number, and the full QA cycle associated with a   
   complete OS release.   
      
   As nospam and Tyrone and most people argued (who don't understand anythin   
   said above), of course any individual device might download only a small   
   delta, but the end result was always a fully rebuilt and fully sealed new   
   system image.   
      
   It's meaningless to the point how big the delta on any given device is!   
   Completely meaningless.   
      
   Speaking only about the delta is like focusing on how many pages were   
   reprinted while ignoring that the publisher still had to issue a whole new   
   edition of the book. The page count does not change the fact that it is a   
   new edition.   
      
   RSRs were introduced specifically to break this limitation.   
      
   Apple describes RSRs as a way to deliver security improvements between   
   regular software updates. RSRs apply to components like Safari, WebKit, and   
   other high-risk libraries without requiring the system volume to be   
   resealed. That distinction only makes sense because normal software updates   
   do reseal the system volume and therefore require a full OS rebuild. RSRs   
   are layered on top of the sealed system image and can be applied or removed   
   independently.   
      
   They do not replace the sealed system image; they supplement it.   
      
   Speaking only about the delta is like talking about how small the diff is   
   while ignoring that the system still has to rebuild the whole image from   
   scratch. The diff size is not the architecture.   
   --   
   As you know, I always respond to people in the same manner as they to me.   
   Helping others & learning from them is what this Usenet ng is all about.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)