mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-22 21:01:34 -05:00
add kernel integrity protection
This commit is contained in:
parent
7c7388f760
commit
626bc7ff2b
@ -69,6 +69,8 @@ Apple also issues revocations for notarization tickets, which these are detected
|
||||
|
||||
[SIP](https://support.apple.com/guide/security/system-integrity-protection-secb7ea06b49/web) protects [system files](https://support.apple.com/en-us/102149) from being changed, even by the root user. Since it's protecting your base system files, you should **never** disable it even temporarily if you want the best security.
|
||||
|
||||
On Apple Silicon Macs, it's combined with [Kernel Integrity Protection](https://support.apple.com/guide/security/operating-system-integrity-sec8b776536b/web#sec41bf3cd61) to protect kernel memory from being exploited.
|
||||
|
||||
## Secure Boot
|
||||
|
||||
Mac computers ensure that only Apple-signed code runs from the lowest levels of the firmware to macOS itself. It accomplishes this with a [chain of trust](https://support.apple.com/guide/security/boot-process-secac71d5623/web) that starts with the Boot ROM burned into the Secure Enclave at the factory as the first step.
|
||||
|
Loading…
Reference in New Issue
Block a user