I think you’re missing my point. If the data in the phone is encrypted at rest, then there is NO exploit possible, by any means, that doesn’t involve first having the key necessary to decrypt the data at rest. (Well minor asterisk to that, you could always wipe the data at rest and fully reset the phone.) This attack doesn’t just bypass the activation lock, it appears to show the contents of the phone. This means, effectively, the data is not encrypted at rest, or that the means to decrypt it at rest can be obtained without any input from the user, which means, in essence, the encryption is a sham.
On my Android phone… it starts to boot, and it cannot continue until I provide my user key… which is used to unlock the key for the data at rest. I presume, without great knowledge of the intricacies, that there is a boot partition which is unencrypted, but merely contains the boot logo and enough code to collect the necessary password, and then subsequently load the next step out of the encrypted storage.