>As far as I understand the boot process, Apple has largely fixed a lot of the "before first unlock" type attacks with their secure enclave. They fixed that rather well after the battle with the FBI, and seem to have continued hardening and improving that process (hence my recommendation for the latest generation or two of device - there are changes in the boot security flows every now and then, and I assume they matter, at some point).
It's worth pointing out that even the latest iPhones are vulnerable after first unlock (AFU), which means if your phone gets seized and you don't have time to turn it off, they can get a full dump of your phone.
And this is a good reason to keep your smartphone turned off regularly.
I really don't have a great answer. I'm aware Graphene offers some substantial benefits too, but it's also somewhat harder for a non-technical user to use. Unfortunately, when the attacker has unlimited physical access, a device can and will fall, given time and resources.
It's worth pointing out that even the latest iPhones are vulnerable after first unlock (AFU), which means if your phone gets seized and you don't have time to turn it off, they can get a full dump of your phone.
https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...