Monday, December 5, 2022

Mac Cryptexes

Howard Oakley:

In practice, a cryptex is a sealed Disk Image containing its own file system, which is mounted at a randomly chosen location within the root file system during the boot process. Prior to mounting the cryptex, macOS verifies it matches its seal, thus hasn’t been tampered with.


A cryptex can contain a wide range of different contents, typically including command tools, system executables, libraries, man pages, apps and frameworks. Many of the system components that used to be stored on the Data volume are now loaded by Ventura in cryptexes, including Safari and all its supporting components, the JavaScriptCore framework, some AMD graphics drivers, and most importantly dyld shared caches (which had been a heavy burden for Big Sur updates).


Late in the preparation phase of a macOS update, changed cryptexes are installed by ‘ramrod’. These are referred to as Splat, the internal name for the cryptex subsystem. Unlike the rest of a macOS update, these don’t require the full ‘Update Brain’ needed to build a new System snapshot, nor should they require macOS to be rebooted.


Comments RSS · Twitter

Leave a Comment