Secure Kernel Extension Loading in macOS High Sierra

0x00 Background Reference: Technical Note TN2459: Secure Kernel Extension Loading In macOS High Sierra, Apple introduced Secure Kernel Extension Loading (aka Kext User Consent) feature to require user confirmation before loading a signed kext. Note that this restriction only apply to valid signed kexts. Unsigned kexts would be taken care… Read moreSecure Kernel Extension Loading in macOS High Sierra

Usage of csrutil and Standalone OS X 10.9 Recovery HD Backup

09/18 Update:  Begin with 10.11.1, the Apple Internal flag won’t allowed to be set. This Apple Internal status provided by csrutil tool shall always be “Disabled” even if you set this bit in your csr-active-config. 08/19 Update: An updated csrutil tool has been released with the DP7 of 10.11 El… Read moreUsage of csrutil and Standalone OS X 10.9 Recovery HD Backup

Kext to check SIP/Rootless status on El Capitan

About SIP/Rootless:  SIP/Rooless Internal in El Capitan In order to check the status of all security mechanisms provided by SIP/Rootless, a tiny little kext was built. WARNING: This kext is for testing purpose ONLY. Download: SIPCheck.command.zip Requirements: 1. OS X 10.11 for the SIP status check; bootargs flags check would be… Read moreKext to check SIP/Rootless status on El Capitan

SIP/Rootless Internal in El Capitan and later

As many people already found out, the next OS X El Capitan introduced a new mechanism of system security policy called “Rootless”, which officially named “System Integrity Protection” (SIP). According to the security session in WWDC2015, the rootless is a complete infrastructure built for the OS X security and it contains three… Read moreSIP/Rootless Internal in El Capitan and later