Glossary
Sealed System Volume (SSV)
The cryptographically sealed read-only volume holding `/System` on macOS 11+. Apple signs a Merkle root of every file; modifying anything breaks the seal.
Since macOS 11 (Big Sur), the system volume isn't just mounted read-only — it's cryptographically sealed. Every file's content is hashed, those hashes roll up through a Merkle tree, and the root of that tree is signed by Apple. At boot, the loader verifies the seal before mounting; if a single byte under /System has changed, the system won't boot it.
This is the load-time half of System Integrity Protection. SIP started as a runtime restriction (csrutil); the Sealed System Volume makes it a cryptographic guarantee that "the system that booted is exactly the system Apple shipped."
The trick that keeps it usable is the firmlink — an APFS-specific mechanism that joins the sealed read-only system volume and a writable Data volume into one logical filesystem at boot. You see /Users/... and /Library/... even though they live on a different volume from /System and /usr.
See also: APFS.