usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-04 17:23:16 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

added a note about T2/Apple Silicon

Browse Source
This commit is contained in:
Bob Gendler
2021-06-30 09:37:33 -04:00
parent 2d121bbe66
commit ee0494b4e0
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/os/os_secure_boot_verify.yaml
View File

@@ -5,7 +5,7 @@ discussion: |
Full security is the default Secure Boot setting in macOS. During startup, when Secure Boot is set to full security, the Mac will verify the integrity of the operating system before allowing the operating system to boot.
Note: This will only return a proper result on a T2 Mac
Note: This will only return a proper result on a T2 or Apple Silicon Macs.
check: |
/usr/libexec/mdmclient QuerySecurityInfo | /usr/bin/grep -c "SecureBootLevel = full"
result:

8
rules/os/os_secure_enclave.yaml
View File

@@ -6,10 +6,14 @@ discussion: |
Macs with Apple Silicon or T2 processors provide protected storage for cryptographic keys via the secure enclave.
link:https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1[]
Note: This will only return a proper result on a T2 or Apple Silicon Macs.
check: |
The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
/usr/sbin/ioreg -w 0 -c AppleSEPManager | /usr/bin/grep -q 'AppleSEPManager'; /bin/echo $?
result:
integer: 0
fix: |
The technology inherently meets this requirement. No fix is required.
The hardware does not support the requirement.
references:
cce:
- N/A