Why does iOS require passcode after reboot?

Why does iOS require a passcode (not Touch ID or Face ID) after reboot? Is passcode more secure?


Short Answer

It has to do with how the security subsystem in iOS works.


Long Answer

User's biometric data is securely stored in a mathematical form in special hardware called Secure Enclave on iOS device. This data is not readable and never leaves the device. The Touch ID/Face ID subsystem do not have access to it.

When the device is locked, the Data Protection keys which are held in Secure Enclave are wrapped with a key that's given to the Touch ID or Face ID subsystem inside the Secure Enclave. When an unlock is attempted, if the device detects a successful match, it provides the key for unwrapping the Data Protection keys, and the device is unlocked.

But, when the device restarts, the keys required for Touch ID or Face ID to unlock the device are lost; they're discarded by the Secure Enclave.

Hence the device passcode is required to authentication the user.


To get a better sense of the iOS security design, you can refer to the iOS Security Guide, which is updated by Apple after major updates to iOS. The contents in the answer are derived from iOS Security Guide for iOS 12.3 released in May 2019.