App signatures are about more than just the certificate. That provides a chain of trust going back to Apple, and supports integrity checks and entitlements.
integrity
There have been changes to the way that macOS 12 checks executable code when asked to run it. Summarised in a diagram.
For many users, it’s essential to be able to check the integrity of the data which are in a backup. This feature has changed when backing up to APFS.
What are checksums, CRCs and hashes? What is required for a hash to be cryptographic, and how any of these affect your Mac? Some answers and explanations.
How can you check the integrity of important files you have stored in iCloud, or in a Time Machine backup, such as those made by Big Sur to APFS?
How macOS checks executable code before it’s loaded and run, in macOS 10.15 and 11.0. Covering integrity checks using hashes, and validity of the signing certificate, on Intel and ARM.
The command tool member of the Dintch suite for tagging files with their SHA256 digest, to keep a watch on their integrity.
They now run on macOS from El Capitan to Big Sur, on Intel and Apple Silicon Macs.
How to check whether the files in a Time Machine backup are intact and uncorrupted. Only what do you do with the results?
Selecting a RAID level to preserve file integrity can be confusing. Here’s a guide, complete with the ifs and buts.
The Eclectic Light Company 