SecureBoot

From The iPhone Wiki
Revision as of 00:36, 29 August 2020 by Rickmark (talk | contribs) (Created page with "== Introduction == With the advent of the T2 macOS gained the ability to verify the integrity of the OS as it is booted. === Verified Components == * The T2 verifi...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

With the advent of the T2 macOS gained the ability to verify the integrity of the OS as it is booted.

= Verified Components

  • The T2 verifies MacEFI via img4 and feeds it to the Intel CPU via eSPI
  • MacEFI verifies the `boot.efi` component
    • If in Full Security mode it requires a im4m manifest that is specific to the T2 ECID
    • If in Medium Security mode it requires a im4m manifest that is specific to the T2 CPID