> Signature verification alone may confirm that a release is from Apple, but it doesn't confirm that the release hasn't been superseded due to security issues. (Or marketing, if you're conspiracy-minded.)
But fuse sets will. Thus is how downgrade attacks are generally protected against in high integrity consumer electronics.
That way your device continues to work when you reboot and Comcast is down again.
I'm sure the T2 doesn't verify the OS against the network at boot time, but rather when you're installing the OS update. Once it's been installed, it's trusted.
The trivial proof here is if it did anything else, ignoring an OS update would brick your device, which is obviously not desired behavior.
> I'm sure the T2 doesn't verify the OS against the network at boot time, but rather when you're installing the OS update. Once it's been installed, it's trusted.
This is correct. Network is only needed for re-install on the high security setting. When already installed, the only verification is to ensure signatures are valid, similar to how iOS devices function (You cannot re-flash/downgrade to an older OS, but if you have an older OS installed, the device will not prevent you from booting).
But fuse sets will. Thus is how downgrade attacks are generally protected against in high integrity consumer electronics.
That way your device continues to work when you reboot and Comcast is down again.