Ten years ago, a firmware worm that could have inserted malware into Mac boot flash storage was demonstrated, and shortly afterwards many Macs were found to be running outdated firmware. We’ve come a long way since.
Secure Boot
How to check secure boot, SIP, Gatekeeper/XProtect, its SSV, FileVault, macOS and its firmware, and XProtect Remediator scans.
How to check your Mac is booting in Full Security, and how to read its log to verify all the key steps involved in that process.
Systematic and thorough account of the structure and function of bootable external disks and dual-boot systems from High Sierra to Sequoia, and how to diagnose their problems.
Working with external bootable disks: how to create and add them, ownership and LocalPolicy, how that can be changed, and what happens with errors and failure.
Recommendations for the ‘standard’ user for security and privacy protection from startup to shutdown. A broad overview of all key systems and how they fit together.
How Intel Macs without a T2 chip boot, and how Secure Boot works in those with T2 or Apple silicon chips. How the latter can still enjoy Secure Boot when starting up from an external disk.
Explains the three different settings, including Permissive Security, why you might need to reduce security, and how to do so using Startup Security Utility.
Sometimes Apple silicon Macs refuse to boot from a bootable system. How to use bputil to check LocalPolicy and work out what’s gone wrong.
Secure Boot and its 5 stages, the SSV, support for external bootable disks, the SEP, Recovery, and lightweight virtualisation.
The Eclectic Light Company 