Currently information regarding firmware-based Secure Boot is not covered however all Apple Secure Boot options are detailed below. Not all of these verifications are required to boot, but they're all possible for those who want maximum security. im4m), to ensure that a compromised hard drive from a different machine with the same Secure Boot model cannot be used in your computer.īoot.efi will verify the kernelcache to ensure it has not been tampered withĪpfs.kext and AppleImage4 ensure your System Volume's snapshot has not been tampered with(Only applicable with Big Sur+) For non-zero ApECID, OpenCore will additionally verify the ECID value, written in the boot.efi manifest (e.g.4m) to ensure that boot.efi was signed by Apple and can be used by this Secure Boot model. OpenCore will verify the boot.efi manifest (e.g. To best understand Apple Secure Boot, lets take a look at how the boot process works in Macs vs OpenCore in regards to security:Īs we can see, there's several layers of trust incorporated into Apple Secure Boot:
