PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-01-09 05:31:33 -05:00
Code

add data at rest info

Browse Source
This commit is contained in:
kimg45 2024-08-15 04:04:32 -05:00 committed by GitHub
parent c9068fd90c
commit 9a598b348d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/macos/macOS Security Overview.md
View File

@ -15,6 +15,8 @@ FileVault works with two encryption keys: the volume key and the class key. The
All encryption keys are handled by the Secure Enclave and are never exposed to the CPU.
Your Mac is at its most secure when it's fully off and the data is at rest. Depending on your threat model, it might behoove you to turn your Mac off completely whenever you're not using it.
## App Sandbox
The [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox/protecting_user_data_with_app_sandbox) is a feature that limits the access an app has to the rest of your system. Developers enable it when they sign their app, so it's not possible for you to enable it or modify the entitlements since they are defined in the signature.