SecureBoot

From The Apple Wiki

Introduction

With the advent of the T2 macOS gained the ability to verify the integrity of the OS as it is booted.

Verified Components

  • The T2 verifies MacEFI via img4 and feeds it to the Intel CPU via eSPI
  • MacEFI verifies the `boot.efi` component
    • If in Full Security mode it requires a im4m manifest that is specific to the T2 ECID
    • If in Medium Security mode it requires a im4m manifest that is specific to the T2 CPID