Codesigning everything and combatting malicious code
jmr at macports.org
Thu Mar 24 18:24:25 UTC 2022
On 2022-3-23 08:19 , Ryan Schmidt wrote:
> On Mar 21, 2022, at 23:02, Joshua Root wrote:
> Are we sure that ad-hoc codesigning is enough to pacify GateKeeper? Since all binaries must be codesigned on Apple Silicon, does that mean that GateKeeper never has anything to complain about on Apple Silicon systems?
No. As I said before, an ad-hoc signature does nothing to improve
security, and the designers of GateKeeper are aware of that. Having a
signature from someone you've never heard of doesn't help in deciding
whether to trust the signed item.
I think what it does do is prevent repeated authorisation prompts for
the same program, as long as GateKeeper can see that its signature has
not changed since last time the user said to trust it, and is still valid.
More information about the macports-dev