![]() It’s basically System Integrity Protection taken to the next level. This is completely separate from all user data, and nothing – other than Apple signed code, such as updates – can overwrite operating system files. In one partition is a dedicated, “read-only” system volume containing the OS itself. In macOS Catalina, Apple have introduced a new filesystem partitioning architecture. Let’s all hope this new technology that Apple is giving us with one hand is as powerful as the one it’s taking away with the other! 2. For anyone currently relying on kexts to deliver services, you still have a reasonably decent period of grace in which to start moving away and learning about the new EndpointSecurity and SystemExtensions frameworks. Without the need for kernel extensions, these providers will now be able to deliver their apps through the Mac App Store.ĭeprecating kernel extensions is a big change, but likely a good one in the long run and more painful to developers than enterprise, unless you are running your own custom built kernel extensions. This new API will help cloud storage providers to transition away from kernel extensions and still integrate their services into the Finder. Related to the deprecation of kexts is the new FileProvider API for cloud storage providers (Google, Dropbox, OneDrive, BoxDrive and so on). One important change that takes effect immediately and which may impact enterprise workflows, particularly for fleets under MDM or managed profiles, is that while kernel extensions remain functional on macOS Catalina, installing any new kexts will now require a restart. ![]() Similarly, uninstalling should be more convenient, as simply moving an app to the Trash deactivates the system extension, assuming the trashed app is the last or only copy on board. This has the advantage that no installer or package will be necessary as the system extension is itself inside the host bundle. Importantly, in parallel with the way Apple changed Safari Extensions last year, system extensions must be part of a host application – standalone system extensions will not be allowed. The idea is to provide developers with similar functionality while running the code entirely in user space rather than directly in the kernel. The new technologies Apple have introduced in Catalina include system extensions. That means developers will still be able to use kexts in 10.15, but new technologies are being provided to encourage the transition to a kextless future, most likely starting in 10.16. Starting with macOS 10.15 Catalina, security vendors are being asked to move to the new EndpointSecurity and SystemExtensions frameworks and away from kernel extensions, which are now formally deprecated. In this post, we round up what’s been announced so far and explain how it could affect you. 10.15 sees some major developments that will affect both the enterprise and developers of security solutions. ![]() Given the security issues that have arisen over the last couple of releases – from jaw-dropping bugs to repeated bypasses of built-in Mac security tools – it’s no surprise that Catalina has received plenty of attention from Apple engineers on the security front. As expected, WWDC 2019 kicked off this week with major announcements about the next version of Apple’s desktop operating system, macOS 10.15 Catalina.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |