← Back to context

Comment by zbentley

1 day ago

> The firmware loaded by XNU is not verified by the CM3. It will begin executing from its reset vector when signalled, no matter what is actually there. What if we just… used our own firmware?

Without taking away from the unutterably awesome achievement of writing custom firmware against a proprietary moving target, I worry about this one specifically. While Apple will hopefully continue the practice of not going out of their way to break third-party OSes, it doesn’t seem unlikely that they will introduce hardware signing for firmware blobs or the data they supply at runtime when programming the hardware; that’s a reasonable security concern for Apple to address. I hope this gamble pays off though!

The firmware blobs (and the system files) for MacOS live on a read only partition that is digitally signed.

  • Then how was the Asahi team able to load their own firmware? I was concerned about that process--whatever it is--being something apple might lock down. If it's already likely locked down to Apple's satisfaction, that's good news.

    • Macs allow the machine owner to install (and boot) a completely unsigned OS on a different partition without having it affect security when you do boot MacOS.

      The Mac partitions are encrypted by default and the system partition is signed and read only.