Signed System Volume

Signed System Volume (SSV, sometimes referred to as Sealed System Volume) is a security mitigation introduced in macOS 11 Big Sur, and later brought to iOS/iPadOS 15. As a result of this mitigation, most jailbreaks are moving towards the rootless architecture.

When a version above or including these versions is installed on the device, the root hash image is also placed in the filesystem. When the device is booted, iBoot verifies that the contents of the system volume match this root hash. If it doesn't, then the device will refuse to boot and will need to be restored.

Furthermore, trying to mount the system volume and/or writing to it on an already-booted system will result in a kernel panic - which would then cause the device to have to be restored as it would no longer boot.

SSV does not apply to other APFS volumes. palera1n in rootful mode takes advantage of this by creating a new APFS volume ("fakefs"). Rootless uses the /private/preboot volume, as it works around some sandbox limitations imposed on binaries located in /private/var.

To completely bypass SSV, a BootROM or iBoot exploit is needed (or an exploit that can gain code execution before the kernel starts) - and would have to be untethered for bypassing SSV to even be a viable solution. However, there have been userland solutions demonstrated, such as utilising bind mounts to apply files and directories on top of the existing system volume, which remains untouched.

Restore bug
On A11 and below, an SSV-bricked device can be fixed with a restore. However, currently, breaking the SSV seal on A12 and above leaves the device in a bricked state - as it causes restored_external to panic when trying to restore or update. Fortunately, this was recently made aware to Apple and should hopefully be fixed soon.