This new behavior doesn’t change the long-established policy that our users and developers can run arbitrary code on their Macs, and is designed to simplify the execution policies on Apple silicon Mac computers and enable the system to better detect code modifications. There isn’t a specific identity requirement for this signature: a simple ad-hoc signature issued locally is sufficient, which includes signatures which are now generated automatically by the linker. “New in macOS 11 on Apple silicon Mac computers, and starting in the next macOS Big Sur 11 beta, the operating system will enforce that any executable must be signed with a valid signature before it’s allowed to run. This is announced in the developer release notes for Universal Apps beta 4: That future version is Big Sur, when running native code on Apple Silicon. And in a future version of macOS, unsigned code will not run by default anymore.”
And further, if a bundle signature has become broken at runtime, it’s very difficult to differentiate malicious tampering from mundane tampering when modifies itself at runtime. And this means that if an app has no signature, it’s impossible to detect tampering. In session 701 of WWDC 2019, Apple’s Garrett Jacobson warned: “the security of the platform has become increasingly reliant on the validity of code signatures. Jeff Johnson has recently looked at this in detail, and I commend his account to anyone considering this.
Delivering unsigned code over the Internet can make it harder for others to run, of course: chances are that it will attract a quarantine flag when it arrives on their Mac, which will make it awkward to get through Gatekeeper in more recent versions of macOS, but experienced users should be able to take that in their stride. Apple hinted that this change was coming over a year ago, and has now warned developers that it’s happening.Ĭurrently, if you create executable code to run on an Intel Mac, it doesn’t require any form of signature, and that isn’t intended to change for the time being. Although it will be a while before anyone other than select developers are writing code for Apple Silicon Macs, Apple has just revealed one important change which affects everyone who intends creating executable code to run on them: when Big Sur is asked to run ARM code, it requires it to be properly signed.
0 kommentar(er)
