Secure Kernel Extension Loading in macOS High Sierra

0x00 Background Reference: Technical Note TN2459: Secure Kernel Extension Loading In macOS High Sierra, Apple introduced Secure Kernel Extension Loading (aka Kext User Consent) feature to require user confirmation before loading a signed kext. Note that this restriction only apply to valid signed kexts. Unsigned kexts would be taken care… Read moreSecure Kernel Extension Loading in macOS High Sierra

Usage of csrutil and Standalone OS X 10.9 Recovery HD Backup

09/18 Update:  Begin with 10.11.1, the Apple Internal flag won’t allowed to be set. This Apple Internal status provided by csrutil tool shall always be “Disabled” even if you set this bit in your csr-active-config. 08/19 Update: An updated csrutil tool has been released with the DP7 of 10.11 El… Read moreUsage of csrutil and Standalone OS X 10.9 Recovery HD Backup

Kext to check SIP/Rootless status on El Capitan

About SIP/Rootless:  SIP/Rooless Internal in El Capitan In order to check the status of all security mechanisms provided by SIP/Rootless, a tiny little kext was built. WARNING: This kext is for testing purpose ONLY. Download: SIPCheck.command.zip Requirements: 1. OS X 10.11 for the SIP status check; bootargs flags check would be… Read moreKext to check SIP/Rootless status on El Capitan

SIP/Rootless Internal in El Capitan and later

As many people already found out, the next OS X El Capitan introduced a new mechanism of system security policy called “Rootless”, which officially named “System Integrity Protection” (SIP). According to the security session in WWDC2015, the rootless is a complete infrastructure built for the OS X security and it contains three… Read moreSIP/Rootless Internal in El Capitan and later

OS X下实现Ramdisk – 高级篇

之前已经在Mac OS X下使用脚本实现了Ramdisk: 在Mac OS X上利用脚本实现RAM Disk 其中提到了在用户注销时自动打包dmg镜像对整个ramdisk进行数据备份的方法. 该方法配合asr restore命令可以非常方便地实现备份与恢复. 并且在数台机子上测试均能正常工作. 然而近日, 在研究如何将桌面以及Finder中碍眼的Ramdisk磁盘图标隐藏时, 发现了一些纠结的问题: