In the BFU state, notification previews, contact information for incoming calls, and other user-specific data is locked because it’s not decrypted. These things would also change the user experience dramatically, so that’s why Apple doesn’t do it.

There's a good discussion of how this is implemented cryptographically https://www.youtube.com/watch?v=BLGFriOKz6U

> what technical hurdles are stopping Apple from making a locked phone as secure as a rebooted phone

I think the hurdles are not technical, but based around user experience.