Hacker News new | past | comments | ask | show | jobs | submit login

What are protected binaries? This is something I've not heard of OSX having.

As far as I know, as long as all the hardware is stuff OSX has drivers for (and you generate a DSDT to describe that hardware) then you don't need any special "authorization." You just put in the OSX installer USB/DVD and it works.

It's mentioned on the page 0x0 linked to — http://en.wikipedia.org/wiki/Apple%E2%80%93Intel_architectur...

> A Mac OS X system which is missing this extension, or a system where the extension has determined it's not running on Apple hardware, will be missing this decryption capability, and as a result will not be able to run the Apple-restricted binaries Dock, Finder, loginwindow, SystemUIServer, mds, ATSServer, backupd, fontd, translate, or translated.

OSX does have 'protected binaries', which refers to binaries that use encrypted pages[1] that require decryption via an anti-piracy kernel extension (Don't Steal Mac OS.kext). This extension can check that you're running on Apple hardware by checking with the System Management Controller(SMC), which is Mac-specific[2].

In the old days (10.4), hackintosh systems would patch the protected binaries to remove the page encryption/decryption. Over time kernel extensions were developed to replace the functionality of Don't Steal Mac OS.kext (dsmos.kext or AppleDecrypt.kext) without the hardware checks.

The reason you no longer need either of these extensions is because a kernel extension called FakeSMC.kext was developed, which emulates as much of the functionality of the SMC as possible. This includes thermal and fan monitoring as well as the decryption key storage.

In a modern hackintosh setup, you make use of EFI emulation (inc. DSDT support) included in the bootloader (a boot-132 derivative, most likely Chameleon) and the pre-boot loading of emulator kernel extensions like FakeSMC.kext.

[1]: http://www.osxbook.com/book/bonus/chapter7/binaryprotection/ [2]: http://osxbook.com/book/bonus/chapter7/tpmdrmmyth/

Certain apps, such as the Finder and the SystemUIServer, are encrypted and this kernel extension will only decrypt the executable pages if it considers your Mac to be genuine (consulting the TPM, I believe).

The TPM was used briefly at the beginning of the Intel mac days, but hasn't been used since. The decryption is now done through dsmos.kext in software.


Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact