← Back to context

Comment by GeekyBear

1 day ago

The firmware blobs (and the system files) for MacOS live on a read only partition that is digitally signed.

Then how was the Asahi team able to load their own firmware? I was concerned about that process--whatever it is--being something apple might lock down. If it's already likely locked down to Apple's satisfaction, that's good news.

  • Macs allow the machine owner to install (and boot) a completely unsigned OS on a different partition without having it affect security when you do boot MacOS.

    The Mac partitions are encrypted by default and the system partition is signed and read only.