{"id":29831,"date":"2020-08-19T16:59:24","date_gmt":"2020-08-19T20:59:24","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=29831"},"modified":"2021-06-29T15:37:01","modified_gmt":"2021-06-29T19:37:01","slug":"apple-silicon-macs-to-require-signed-code","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/08\/19\/apple-silicon-macs-to-require-signed-code\/","title":{"rendered":"Apple Silicon Macs to Require Signed Code"},"content":{"rendered":"

Apple<\/a>:<\/p>\n

\n

New in macOS 11 on Apple silicon Mac computers, and starting in the next macOS Big Sur 11 beta, the operating system will enforce that any executable must be signed with a valid signature before it’s allowed to run. There isn’t a specific identity requirement for this signature: a simple ad-hoc signature issued locally is sufficient, which includes signatures which are now generated automatically by the linker. This new behavior doesn’t change the long-established policy that our users and developers can run arbitrary code on their Macs, and is designed to simplify the execution policies on Apple silicon Mac computers and enable the system to better detect code modifications.<\/p>\n

This new policy doesn’t apply to translated x86 binaries running under Rosetta, nor does it apply to macOS 11 running on Intel platforms.<\/p>\n<\/blockquote>\n

For Mail plug-ins, this is the third time signed code has become a requirement, with other times in between where it was forbidden.<\/p>\n\n

Update (2020-08-24): See also: Hacker News<\/a>, Reddit<\/a>.<\/p>\n\n

Tyler Hall<\/a>:<\/p>\n

\n

I wish they’d tell us specifically what attack vectors they’re protecting us from. Just a simple, real-world justification for why this is needed would go a long way towards assuaging our fears. Instead, it’s just “Trust us.”<\/p>\n<\/blockquote>\n\n

I’ve been trying to figure out<\/a> the benefits, and as far I can tell they only apply in very narrow circumstances. However, unless I’m missing something, the cost of requiring signed code is also very low.<\/p>\n\n

Howard Oakley<\/a>:<\/p>\n

\n

Unlike developer signing and notarization, this isn’t intended to prevent any modifications being made to executable code. Malicious software could always re-sign modified code using another signature, although in doing so it would lose access to resources which were tied to the original signing identity, of course. But it’s intended to significantly reduce the surface area of attacks.<\/p>\n<\/blockquote>\n\n

Previously:<\/p>\n