alt Hacker NewsWhat sucks is that you can't disable SIP without _also_ disabling disk encryption ("FileVault"), because Apple changed from full disk encryption to only encrypting user data, and relying on SIP and crypto hashes to protect the system partition. Therefore, you can't "safely" disable SIP, as you'd be able to boot into recovery mode and perform an evil maid attack.
This is really irritating, both that:
- I can't "accept the risk" and force disk encryption anyway. This may be technically possible if you bludgeon the OS enough, but it's definitely not something the built in CLI tooling supports.
- I can't use the old full disk encryption mode. Presumably, this code does or did still exist somewhere, but isn't supported because it's not used in any supported configuration.
So you're left with the option of having no disk encryption on your laptop, or having SIP.
EDIT: I'm thinking of SSV, not SIP per se. But when it comes to disabling the built-in launchd services like Spotlight, you have to disable SSV to do so, and that requires disabling FileVault.
Replies
I know the writing has been on the wall for a while but as a former fanboy, I just didn't see it. When SIP was released, it was my first "ah ha" wake-up call that Apple is no longer building software for me. Ten years later, it's still getting worse. This idea that the owner of the computer is not the ultimate authority over what is running on that computer is slowly seeping its way into macOS and with every release it seems to get worse. That and the ecosystem of apps that abandon you if you're running N minus 3 or earlier macOS.
I'm finally starting to de-Applify my home computing and slowly removing my and my family's dependence on the Apple ecosystem. Replacing an old Mac Mini here, replacing an old MacBook there. It's been a long time coming, but I'm out.
I'm not even mentioning Tahoe which is a disaster but doesn't bother me because I don't have a single machine that can run anything past Ventura anyway.
You appear to be confusing System Integrity Protection with the Signed System Volume. FileVault works fine with SIP disabled. But you can't disable SSV without disabling FileVault.
As far as I know, recovery mode doesn't let you do anything without either successfully authenticating or wiping the entire disk. An evil maid could theoretically compromise recovery mode at the login screen (with a USB device or something) but if they were able to do that, they could probably disable SSV themselves even if you hadn't done so. Therefore, disabling SSV shouldn't create additional risk involving recovery mode.
If the evil maid could boot macOS from an external disk, on the other hand, that would definitely be a problem. I think you need to authenticate in order to boot from an external disk for the first time (cf. [1]) but I'm not sure how this works.
[1] https://eclecticlight.co/2023/03/15/ownership-of-apple-silic...
Edit: Actually I guess an attacker trying to disable SSV themselves (via exploit of recovery mode) wouldn’t have the machine owner key needed to sign the new LocalPolicy. But could they reset it and still keep the data somehow? I don’t know.