[iOS] Architecture of iOS Operating System
3 min readJun 1, 2023
1. Introduction to iOS
- Apple’s mobile operating system
- Based on Darwin, an open source Unix operating system developed by Apple
- Since supported models differ depending on the iOS version, be aware and prepare your device.
2. iOS application structure
1) Rescue
- With a hierarchical structure, apps do not communicate directly with the hardware.
- Communicates with hardware through defined system interfaces
- Cocoa Touch: Provides infrastructure for all applications (mainly responsible for app interfaces)
- Media Layer: A library that displays graphics, audio and video
- Core Services: Provides other services of the system to the application (network, location), and provides essential functions of the app.
- Core OS: Libraries used to run tasks on the rest of the upper layer.
3. The iOS Security Model
- Security at the hardware level
1) Main function
- Layer security architecture down to hardware, operating system, and application levels
- Application Sandbox
- Encryption right at the hardware/firmware level
- Data protection through encryption
- code signing
2) iOS Secure Boot Chain
- Provides security in the boot process using a secure boot chain mechanism
- Due to possible infection at boot level
- Verification of forgery through inspection at each stage
- iOS can only run on verified Apple devices
3) Detailed process of secure boot chain
1. Boot ROM
- It is in its infancy and cannot be updated or changed.
- Verification that the LLB is correctly signed by including the Apple root certificate
- Enter DFU (Factory Reset?) mode if LLB is not verified / Jailbreak is wrong
2. Low Level Bootloader
- Steps executed after the LLB signature is valid at the Boot ROM stage
- Code close to updatable/hardware
- Validate firmware signature before loading iBoot
- If iBoot is not verified, enter Recovery (keep files + upgrade/reinstall) mode
3. iBoot
- Run if iBoot signature is valid at LLB level
- Verify signature before starting kernel / enter recovery mode if failed
4. Sandboxes and code signing
1) Sandbox
- Sandbox is an iOS access control technique that runs in the kernel.
- The purpose of preventing damage to the system and user’s data in case of app corruption
- Preventing applications from accessing other unrelated data, separating privileges (if jailbroken makes them vulnerable)
- If the app is damaged, it can affect and damage important systems, so it is secured using a sandbox.
2) App Code Signing
- Implementing a DRM system so that only code signed by Apple runs
- Unsigned apps from the App Store cannot be installed (app installation runs code signing checks at runtime)
- Perform app code signing using Xcode
- You must purchase an Apple Signing Certificate to release your app on the Apple Store!
5. iOS lifecycle
- Not running
- Inactive
- Active
- Runs in the foreground and receives events
- Background
- Execute code without user interaction
- Suspended
- Exists in memory in background state, but does not execute code