Signed System Volume

Signed System Volume (SSV, sometimes referred to as Sealed System Volume) is a security mitigation introduced in macOS 11 Big Sur, and later brought to iOS/iPadOS 15. It is the reason that jailbreaks are moving towards the rootless architecture.

When a version above or including these versions is installed on the device, the root hash image is also placed in the filesystem. When the device is booted, iBoot verifies that the contents of the system volume match this root hash. If it doesn't, then the device will refuse to boot and will need to be restored.

SSV does not apply to other APFS volumes. palera1n in rootful mode takes advantage of this by creating a new APFS volume ("fakefs"). Rootless uses the /private/preboot volume, as it works around some sandbox limitations imposed on binaries located in /private/var.

To get around SSV, a BootROM or iBoot exploit is needed. However, there have been userland solutions demonstrated, such as utilising bind mounts.

Restore bug
On A11 and below, an SSV-bricked device can be fixed with a restore. However, currently, breaking the SSV seal on A12 and above leaves the device in a bricked state - as it causes restored_external to panic when trying to restore or update. Fortunately, this was recently made aware to Apple and should hopefully be fixed soon.