An iPhone requests the user’s password upon restart, this would be referred to as “first unlock”. The reward is for an exploit that takes place against a _locked device_ but only after it has been unlocked once first. As in, an exploit that applies to the Lock Screen when the device was previously unlocked at least once. It is likely easier to trick a locked system into unlocking after it has already been unlocked the first time, due to password storage, credentialed background processes, and so on.

I believe by “first unlock” they mean a login/unlock right after a reboot. So - turn on device, do first unlock, then lock again. Might be wrong, but afaik the very first unlock after a reboot is bit different then subsequent unlocks (I guess cached memory etc)

Yup. it's exactly this. After first unlock, data is decrypted and loaded into memory. You shouldn't be able to extract it though, without unlocking the device.

Ahhh I see. Thank you! There goes my dream of the 5000 dollars. ;)

„Locked device after first unlock“ => the device is locked but was unlocked at least once after boot. I guess this loads some keys from the tpm into ram. Using Face ID for example requires an initial unlock via the users pin

First unlock means the user entered the PIN to go through the second level of encryption (after Secure Enclave device-level protections of flash).

Without first PIN, most functions don't work because the writable flash areas storing third party apps and user data are still encrypted.

This is also why you have to enter your PIN on reset rather than a biometric; it is far more established to derive a symmetric key from a password than from biometric data.

They mean that the device is in a state where it’s locked after having been unlocked at least once after booting.

That first unlock after booting decrypts a bunch of things.