Of course we have signing in general, but my understanding was that inserting the PIN was introduced after the terrorism case so that Apple could not be compelled to hack someone’s phone ever again. Requiring user input for this sort of installation has seemed to be a core part of their security posture.

Of course, having phones be updated before users use them is also super important. So maybe what’s going on here is something that only works when a phone hasn’t been associated to a user yet.