From 3390c8027b98a0111212be14003dc215496a5724 Mon Sep 17 00:00:00 2001 From: kimg45 <138676274+kimg45@users.noreply.github.com> Date: Mon, 26 Aug 2024 05:00:13 -0500 Subject: [PATCH] add full security caveat --- content/posts/macos/macOS Security Overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/macos/macOS Security Overview.md b/content/posts/macos/macOS Security Overview.md index b30fe94..dfe8987 100644 --- a/content/posts/macos/macOS Security Overview.md +++ b/content/posts/macos/macOS Security Overview.md @@ -91,7 +91,7 @@ On Apple Silicon Macs, it's combined with [Kernel Integrity Protection](https:// ## Secure Boot -Mac computers ensure that only Apple-signed code runs from the lowest levels of the firmware to macOS itself. It accomplishes this with a [chain of trust](https://support.apple.com/guide/security/boot-process-secac71d5623/web) that starts with the Boot ROM burned into the Secure Enclave at the factory as the first step. +Mac computers ensure that only Apple-signed code runs from the lowest levels of the firmware to macOS itself (assuming Full Security is enabled). It accomplishes this with a [chain of trust](https://support.apple.com/guide/security/boot-process-secac71d5623/web) that starts with the Boot ROM burned into the Secure Enclave at the factory as the first step. Macs let you reduce your boot security by setting a [security policy](https://support.apple.com/guide/security/startup-disk-security-policy-control-sec7d92dc49f/web). It's best to leave it set to Full Security.