Skip to content

Subsystem · Signing, sandbox, SIP, SEP

Security

Code signing, sandbox profiles, System Integrity Protection, TCC, the Sealed System Volume, and the Secure Enclave — the layered policies that keep an Apple device trustworthy.

macOS security stackSix layered enforcement systems — code signing, AMFI, entitlements, sandbox, SIP, TCC — that together decide what a process can do on a Mac. The Secure Enclave sits to the side as the root of trust for keys.Launch a binaryexec(2)Code signingpage hashes intact?denyAMFIallowed to load?denyEntitlementswhat's granted?denySandboxpolicy says yes?denySIPkernel says yes?denyTCCuser consentall pass · process runsTRUST ANCHORSecure Enclave (SEP)Separate ARM core · own OS (SEPOS) · holds device UID, biometric secrets, FileVault key, attestation keysDevice UIDfused at manufactureTouch ID / Face IDbiometric secretsFileVault keywrapped by user pwApple Pay · App Attest · DeviceCheckattestation keyssignature trust roots in the SEPReading the diagramEach layer can refuse independently. A binary that survives all of them runs.A hole in any one layer is usually plugged by the next — defence in depth.TCC is the only layer the user sees — the others are invisible until something is refused.AppleMobileFileIntegrity.kext · Sandbox.kext · /System/Library/Sandbox/Profiles · TCC.db · csrutil
Security: structure at a glance.

Articles in this series

Six interlocking layers — code signing, AMFI, entitlements, sandbox profiles, SIP, TCC, and the SEP — that together decide what code is allowed to do on a Mac.
Inside the macOS sandbox — a Scheme-derived policy language, a compiler in libsandbox, and a kernel evaluator that runs on every controlled syscall.
Every Mach-O on a Mac is signed; every signature chains to an Apple root cert. Here's what the kernel actually verifies, what notarization adds, and how the SEP roots it all.
A separate ARM core, its own OS, a hardware mailbox. Here's how the main CPU talks to the SEP, what operations cross the boundary, and why kernel exploits don't compromise FileVault.
The gauntlet every newly-downloaded app passes through — quarantine xattr, signature check, notarization check, user prompt. Where each decision is made and how to debug it.