Skip to content

Tagged: #amfi

Back to all articles
What happens when you launch an app on macOS
From double-click to first window: LaunchServices, launchd, posix_spawn, AMFI, dyld, the shared cache, sandbox profile installation, the runloop. Six subsystems in three seconds.
bsdlaunchddyldamfi
Code signing chain of trust: from binary to Apple's root
Every Mach-O on a Mac is signed; every signature chains to an Apple root cert. Here's what the kernel actually verifies, what notarization adds, and how the SEP roots it all.
securitycode-signingnotarizationamfi