Hacker News new | past | comments | ask | show | jobs | submit login

That .kext is also responsible for verifying some sort of signature in a hardware chip only present on genuine macs. See http://en.wikipedia.org/wiki/Apple%E2%80%93Intel_architectur...

This used to be the case, but no longer is; Apple stopped using the TPM in Intel macs shortly after they launched[1] and have not brought it back since.

DSMOS.kext has another function, however; it is involved in Apple's binary protection scheme[2] for certain OSX binaries. Essentially, OSX ships with certain important binaries (such as loginwindow, SystemUIServer, Finder, and Dock) that have certain vm pages encrypted. Decrypting these pages for use requires DSMOS.kext.

[1]: http://osxbook.com/book/bonus/chapter10/tpm/ [2]: http://www.osxbook.com/book/bonus/chapter7/binaryprotection/

Yes, and before it will perform the decryption, it needs the correct "SmcDeviceKey", so I think my point still stands :)

Yea, they eschew the DRM-only TPM part to store the keys in the SMC, which does a whole host of things and doesn't protect the keys. I suppose you were sufficiently vague ;)

There's just an outstanding myth that Macs still use TPM...

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact