How it checks whether your Mac’s firmware and security protection are current, and screens for major security issues.
SSV
Without firmlinks, the System and Data volumes couldn’t have been separated, and Secure Boot couldn’t have worked.
If it’s so easy to uninstall a troublesome RSR, why can’t we simply roll back to a previous version of macOS, like we did in High Sierra?
As macOS doesn’t have a dashboard to warn you of dangerous security settings, it’s worth checking them. Here’s what to look for, and how to correct them.
Since November 2020, every T2 and Apple silicon Mac that has booted Big Sur or later in Full Security mode has check the integrity of its 9 GB SSV.
With the sealed system and Cryptexes, macOS updates are less likely to cause problems. As RSRs are easy to uninstall, it’s simple to test whether they’re the cause.
Here’s an APFS (Encrypted) volume that isn’t encrypted, and an unencrypted volume with FileVault active. Something must be wrong.
Details of the three standard Cryptexes in Ventura 13.3, when they can be loaded in the boot process, and where they fit in with Rapid Security Responses.
macOS has changed fundamentally. So has troubleshooting it. Secure Boot, the SSV, and Gatekeeper checks bring changes in strategy.
Once, you could run diskutil to ‘fix’ broken permissions in your Home folder, then it was replaced by repairHomePermissions in Recovery. Apple no longer documents this, but it’s still there. Should you use it?
The Eclectic Light Company 