> even if you install something open source you're still trusting the hardware

Not for the encryption. That's done in software. A seized linux laptop with an encrypted partition using a strong key is effectively snoop proof by the definition we're using here.

It's true that hardware could have other attack vectors: a key logger to intercept the pass phrase would be an obvious one. But again, that's just my point: Apple is in no privileged position here. If they get compelled to backdoor the iPhone then no amount of security architecture along the lines you posit is going to help us, because they can just be compelled to defeat it.

> Not for the encryption. That's done in software. A seized linux laptop with an encrypted partition using a strong key is effectively snoop proof by the definition we're using here.

You can't run the software without hardware, so it has to be trusted. Don't misunderstand me, this is obviously considerably more far fetched than the Apple attacking their own software/hardware combo. However, assuming (a big assumption) that we trust what Apple are telling us at the moment, a seized iphone with a strong password would currently be just as snoop proof. In fact, this includes the phone that has spawned this conversion.

They can be compelled to defeat their own security if you're accepting continued updates to your phone. Under the security architecture I've (loosely) described they can't attack it without the user accepting an update. Of course, you're totally correct in practice because you're most likely just going to have to trust Apple updates as they come out.