This is stated elsewhere in this thread, but if this is the case then Apple should allow users to unpair their parts and allow them to be reused. Gouging users by forcing them to buy a new part that they already have because their current one is "unverified" despite working perfectly can only be interpreted as greed.

The intent of the restrictions does not change the repairability, hence as far as the repairability score is concerned, that intent should not matter for the resulting score.

These restrictions also reduce pwnage. Zero trust has to be end-to-end, software and hardware.

If an actor with that sort of capability has physical access to your device for long enough to replace a part in it with a custom one, you are pwned pretty much no matter what you do at that point. They could just as well stick in a keylogger for touch inputs and know all your passwords.

well, that's why touch id/face id are a secure enclave and have largely replaced passwords.

but philosophically there's no reason the digitizer can't be a secure enclave too, and sign a message authenticating that it's really the digitizer that you think it is. unless you can force it to leak the secret or you can break RSA, it's as secure as any other cryptosystem.

remote attestation does work and I don't really get why people continue to assert that it doesn't. root-of-trust and remote attestation are solved problems, and detecting component swapouts (and other "hostile component" attacks) are one of the primary use-cases for these systems.

Is there a single documented case of someone's phone being hacked because of a replaced hardware component like a screen? That sounds like fantasy land to me.

Maybe the NSA can do it? But I suspect they could more easily hack phones in software.

I also want a real case of this happening, right now even for high profile targets they just use software attacks.

As far as I can tell, Apple has never made that claim.