Auditing:
Question: What will change/improve in proper way to offload audit information (log to SIEM systems) comparable to Apple > GitHub > swift-log idea, but build into OS auditing systems?
Answer:
File a Radar to request streaming of OpenBSM logs to syslog.
File another Radar to request macOS Catalina be upgraded with the latest version of OpenBSM, which supports exporting to plain text natively.
FileVault:
Question: In the WWDC Catalina beta, enabling FileVault with fdesetup includes a dialog window for user approval (see below). Is there a way to suppress this window from appearing?
Answer: Dialog window was added as ransomware protection. File a Radar to request an MDM option for suppressing dialog window.
Endpoint Security:
Question: Will the new EndpointSecurity framework be available for iOS/iPadOS?
Answer: No.
Kernel Extensions:
Question: Any timeline on when they will be fully deprecated?
Answer: Apple does not comment on future product releases.
Question: Beyond disabling SIP, are there other ways to selectively enable kexts/drivers/etc in Catalina to ensure that things like VMware tools work while developers switch to recommended solutions?
Answer: Use the spctl command line tool in Recovery or use the UAMDM-based whitelist option. This functionality works on Catalina like it does on Mojave.
Will whitelisting third-party kernel extensions continue to work on Catalina like it does on Mojave?
Answer: Yes, with the UAMDM kext whitelist profile option.
Notarization:
Question: Will app notarization information be used when side loading from „dylibs“ i.e. notarized dylib only (prevent simple dylib hijacking attempt) ?
Answer: Not sure what this question means, please clarify.
Question: If your Mac has UAMDM and is using the kernel extension whitelist profile to enable third party kernel extensions to load without user authorization, what circumstances will require whitelisted third-party kernel extension to be notarized?
Answer: With the UAMDM kext whitelist profile option, notarization of kexts is not necessary on Catalina.
Question: Does disabling SIP disable notarization requirements?
Answer: Yes.
Question: Is there a timeline for when, by default, unsigned code will no longer run on macOS?
Answer: Apple does not comment on future product releases.
Secure Token:
Question: Will Apple be documenting SecureToken (what is it? how it is obtained? what are the implications of it not being around?)?
Answer: File a documentation Radar requesting exactly which areas of documentation on Secure Token is needed.
Question: Any ability to manage securetokens using UAMDM? (Create accounts with securetoken, enable for FileVault)
Answer: Support is being worked on, file Radar for specific requested functionality.
Transparency Consent and Control
Question: What files are covered by the SystemPolicySysAdminFiles category for Privacy Preferences Policy Control profiles?
Answer:
/Library/DirectoryServices/PlugIns
/Library/Preferences/DirectoryService/DirectoryService.plist
/private/etc/passwd
/private/etc/master.passwd
/private/etc/auto_master
/private/etc/exports
/private/etc/crontab
/usr/lib/cron
/private/var/at
/private/etc/rc.
Current list is accessible via the following commands (with some digging and analysis):
strings /System/Library/Extensions/Sandbox.kext/Contents/MacOS/Sandbox
