Notes from Security lab (Thursday, June 25th, 2020)

Question: Are there changes to how Secure Token is granted on Intel Macs running Big Sur, as opposed to how Secure Token is granted now on Intel Macs running Catalina?

Answer: No change to how Secure Token is granted on Intel Macs on Big Sur, as compared to on Intel Macs running Catalina.


Question: Will there be differences in how Secure Token is granted on Macs running Big Sur on Apple Silicon?

Answer: No change to how Secure Token is granted on Apple Silicon Macs on Big Sur, as compared to on Intel Macs running Catalina.


Question: Will FileVault authenticated restarts work differently on Apple Silicon, as opposed to how they work now on Intel Macs? If yes, what are the differences?

Answer: Authenticated restart is now entirely handled by Secure Enclave on Apple Silicon, as opposed to the SMC chip on non-T2 Intel Macs and Secure Enclave / Effaceable Storage on T2 Macs. On Apple Silicon. the authrestart token is one-time and cannot be used multiple times.

fdesetup's behavior (including authrestart) should be consistent across both Intel Macs and Apple Silicon.



Question: In the Building an Endpoint Security app session, it was mentioned that the Endpoint Security framework is meant to be a replacement for OpenBSM audit trails. Is OpenBSM still present in Big Sur? If not, is there a built-in audit tool which replaces it?

Answer: OpenBSM is still in Big Sur, but is now deprecated.
Notes from Security lab (Thursday, June 25th, 2020)
 
 
Q