How to check if your Apple Silicon Mac is booting securely
13 comments
·August 24, 2025bduhan
Barbing
Interesting. They need that for lowest-possible latency? And it should be fairly safe?
arcticbull
Assuming they're USB devices they shouldn't be a reason to do this... Apple moved third-party drivers for USB devices and audio HAL extensions to user space, so there's some minor overhead choosing DriverKit over IOKit. Everything I've dug up says it's low single digit percentages. I wouldn't be developing USB drivers against IOKit anymore personally and I'd be looking to move over pretty aggressively before Apple drops the hammer.
Barbing
Useful, thank you! Looks like the author just enjoys helping fellow nerds. Nice
8ig8
Dr Howard Oakley. I think of him as an OG Mac guy.
userbinator
s/booting securely/running only the code Apple approves of/g
arcticbull
Not exactly, distribution conversation aside this is specific to kernel extensions. Apple's been moving drivers out of kernel space and into user space for several years [1]. There's a lot of good reasons for doing so, and not a lot of drawbacks. I'd consider this to be a strongly worded API deprecation notice.
bapak
You can run unverified code if you build it yourself. You can distribute unverified code by just paying $99/year to Apple. Not great, but still no need for specific code approval.
Gigachad
You can run whatever scripts you want without paying anything. Pretty sure the signing thing only applies to .app programs.
ostensible
`man csrutil`
I had to do this today for a Universal Audio Apollo audio interface. Glad it’s on a dedicated machine.
https://help.uaudio.com/hc/en-us/articles/360057137692-Apple...