From dcbcf80ac4ad4a7c3a85771fc053b8c06c631d41 Mon Sep 17 00:00:00 2001
From: kimg45 <138676274+kimg45@users.noreply.github.com>
Date: Fri, 16 Aug 2024 06:31:46 -0500
Subject: [PATCH] add security policy

---
 content/posts/macos/macOS Security Overview.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/posts/macos/macOS Security Overview.md b/content/posts/macos/macOS Security Overview.md
index ceaff24..fc178f9 100644
--- a/content/posts/macos/macOS Security Overview.md	
+++ b/content/posts/macos/macOS Security Overview.md	
@@ -93,6 +93,8 @@ On Apple Silicon Macs, it's combined with [Kernel Integrity Protection](https://
 
 Mac computers ensure that only Apple-signed code runs from the lowest levels of the firmware to macOS itself. It accomplishes this with a [chain of trust](https://support.apple.com/guide/security/boot-process-secac71d5623/web) that starts with the Boot ROM burned into the Secure Enclave at the factory as the first step.
 
+Macs let you reduce your boot security by setting a [security policy](https://support.apple.com/guide/security/startup-disk-security-policy-control-sec7d92dc49f/web). It's best to leave it set to Full Security.
+
 A unique feature of Mac computers is that you can set a different [security policy](https://support.apple.com/guide/security/startup-disk-security-policy-control-sec7d92dc49f/web) for different installs, so you could have your main macOS with Full Security set and also an Asahi Linux install set to Permissive Security and it won't affect the security of your macOS. Avoid lowering the security policy below Full Security for any operating system you require to be secure, even temporarily.
 
 ## DMA Protection