1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-01-09 05:31:33 -05:00

add DMA info

This commit is contained in:
kimg45 2024-08-09 23:05:00 -05:00 committed by GitHub
parent 9b83ec0465
commit fafeab0ac4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -66,4 +66,8 @@ Apple also issues revocations for notarization tickets, these are detected with
Mac computers ensure that only Apple-signed code runs from the lowest levels of the firmware to macOS itself. It accomplishes this with a [chain of trust](https://support.apple.com/guide/security/boot-process-secac71d5623/web) that starts with the Boot ROM burned into the Secure Enclave at the factory as the first step.
A unique feature of Mac computers is that you can set a different LocalPolicy for different installs, so you could have your main macOS with Full Security set and also an Asahi Linux install set to Permissive Security and it won't affect the security of your macOS.
A unique feature of Mac computers is that you can set a different LocalPolicy for different installs, so you could have your main macOS with Full Security set and also an Asahi Linux install set to Permissive Security and it won't affect the security of your macOS.
## DMA Protection
Mac computers have an [IOMMU](https://support.apple.com/guide/security/direct-memory-access-protections-seca4960c2b5/1/web/1) so that each DMA agent, including PCIe and Thunderbolt ports, can only access memory explicitly mapped for their use.