Ah, good catch. In the BFU state the device is fully encrypted, so maybe that indicates that they can’t access encrypted data inside the device without brute forcing the decryption key (which may not be possible). In comparison, AFU should have lower barriers to data access.
(This is why GrapheneOS has a setting that lets you auto reboot after a set amount of time without unlocking the device.)
Ah, good catch. In the BFU state the device is fully encrypted, so maybe that indicates that they can’t access encrypted data inside the device without brute forcing the decryption key (which may not be possible). In comparison, AFU should have lower barriers to data access.
(This is why GrapheneOS has a setting that lets you auto reboot after a set amount of time without unlocking the device.)