CyBrian Posted August 4, 2017 Share Posted August 4, 2017 So I’m sure this is the wrong place to post this — I’m using a real Mac (just with some non-Apple hardware), I have a valid ID for signing packages, and it seems to be more of a development related thing in general, but I don’t know where else to put this. Anyway, it doesn’t feel great to disable System Integrity Protection for good just because I’m using an ExpressCard USB 3 adapter on my MacBook Pro, or even just for kexts, so I was wondering if this is just the wrong approach entirely: SIP and GateKeeper work by verifying the code signature of a bundle. If the code signature is signed or cross-signed by Apple and otherwise is valid (or if there is no signature), the system doesn’t {censored}. If the signature is there, but isn’t signed by Apple it {censored} but not very loudly. And if there is an invalid signature, the system {censored} VERY loudly. So my thought is that instead of whitelisting or disabling signature verification, why can’t I whitelist my own certificate and sign things I install? This is how I sideload open source apps to my iOS device, but it works because a developer can sideload apps they sign. But can’t I add a different key to the valid list? Where is it? Surely someone else thought of this a while ago, so why isn’t it a thing? Link to comment https://www.insanelymac.com/forum/topic/325916-is-it-possible-to-add-another-public-key-to-sip-or-an-exception/ Share on other sites More sharing options...
Recommended Posts