rtrouton/gist:54e947fd764fb78d739d0ceb53c7fc7d Secret

## gistfile1.txt
username@computername ~ % sudo bputil -d
Password:

This utility is not meant for normal users or even sysadmins.
It provides unabstracted access to capabilities which are normally handled for the user automatically when changing the security policy through GUIs such as the Startup Security Utility in macOS Recovery.
It is possible to make your system security much weaker and therefore easier to compromise using this tool.
This tool is not to be used in production environments.
It is possible to render your system unbootable with this tool.
It should only be used to understand how the security of Apple Silicon Macs works.
Use at your own risk!

Current OS environment:
OS Type                                       : macOS
Local Policy Nonce Hash                 (lpnh): 987619CF88732BB0FB0CCC476302DFE84EB1C1F7B92E8CBEC4B124D9F76B3DBACD8787E5DEBB8A3F70576639CE74F727
Remote Policy Nonce Hash                (rpnh): 88EB8429C516B53BBCA49EC7C0D58C3F27F2890D23E176264B2178EE2A865327CFD06ED94834EE6FF7D145FB39245B59
Recovery OS Policy Nonce Hash           (ronh): 6CF5EB6318AF551C5A23B8D3B2E4196AAA372B523E4F412C375CF6B39DCFED28F9B4E9881BF348886F9B9A14E918AA69

Current local policy:
Signature Type                                : BAA
Unique Chip ID                          (ECID): 0xD793810C0291E
Board ID                                (BORD): 0x26
Chip ID                                 (CHIP): 0x8103
Certificate Epoch                       (CEPO): 0x1
Security Domain                         (SDOM): 0x1
Production Status                       (CPRO): 1
Security Mode                           (CSEC): 1
OS Version                              (love): 21.1.284.5.5,0
Volume Group UUID                       (vuid): 2D85CA09-A291-47CA-A68A-66CB2D3BDF70
KEK Group UUID                          (kuid): AC09E9D5-36DC-10C9-4312-E6DAA3753224
Local Policy Nonce Hash                 (lpnh): 987619CF88732BB0FB0CCC476302DFE84EB1C1F7B92E8CBEC4B124D9F76B3DBACD8787E5DEBB8A3F70576639CE74F727
Remote Policy Nonce Hash                (rpnh): 88EB8429C516B53BBCA49EC7C0D58C3F27F2890D23E176264B2178EE2A865327CFD06ED94834EE6FF7D145FB39245B59
Next Stage Image4 Hash                  (nsih): 1FAC4F6723D591DD6FAEC1DDB7D84C0AB28782096F8F2570EDA1F3CC41DECBE883A59BC4C3C962484E283F4E11549CB6
User Authorized Kext List Hash          (auxp): absent
Auxiliary Kernel Cache Image4 Hash      (auxi): absent
Kext Receipt Hash                       (auxr): absent
CustomKC or fuOS Image4 Hash            (coih): absent
Security Mode:               Reduced    (smb0): 1
User-allowed MDM Control:    Enabled    (smb3): 1
DEP-allowed MDM Control:     Disabled   (smb4): absent
SIP Status:                  Enabled    (sip0): absent
Signed System Volume Status: Enabled    (sip1): absent
Kernel CTRR Status:          Enabled    (sip2): absent
Boot Args Filtering Status:  Enabled    (sip3): absent
3rd Party Kexts Status:      Enabled    (smb2): 1
username@computername ~ %
	username@computername ~ % sudo bputil -d
	Password:

	This utility is not meant for normal users or even sysadmins.
	It provides unabstracted access to capabilities which are normally handled for the user automatically when changing the security policy through GUIs such as the Startup Security Utility in macOS Recovery.
	It is possible to make your system security much weaker and therefore easier to compromise using this tool.
	This tool is not to be used in production environments.
	It is possible to render your system unbootable with this tool.
	It should only be used to understand how the security of Apple Silicon Macs works.
	Use at your own risk!

	Current OS environment:
	OS Type : macOS
	Local Policy Nonce Hash (lpnh): 987619CF88732BB0FB0CCC476302DFE84EB1C1F7B92E8CBEC4B124D9F76B3DBACD8787E5DEBB8A3F70576639CE74F727
	Remote Policy Nonce Hash (rpnh): 88EB8429C516B53BBCA49EC7C0D58C3F27F2890D23E176264B2178EE2A865327CFD06ED94834EE6FF7D145FB39245B59
	Recovery OS Policy Nonce Hash (ronh): 6CF5EB6318AF551C5A23B8D3B2E4196AAA372B523E4F412C375CF6B39DCFED28F9B4E9881BF348886F9B9A14E918AA69

	Current local policy:
	Signature Type : BAA
	Unique Chip ID (ECID): 0xD793810C0291E
	Board ID (BORD): 0x26
	Chip ID (CHIP): 0x8103
	Certificate Epoch (CEPO): 0x1
	Security Domain (SDOM): 0x1
	Production Status (CPRO): 1
	Security Mode (CSEC): 1
	OS Version (love): 21.1.284.5.5,0
	Volume Group UUID (vuid): 2D85CA09-A291-47CA-A68A-66CB2D3BDF70
	KEK Group UUID (kuid): AC09E9D5-36DC-10C9-4312-E6DAA3753224
	Local Policy Nonce Hash (lpnh): 987619CF88732BB0FB0CCC476302DFE84EB1C1F7B92E8CBEC4B124D9F76B3DBACD8787E5DEBB8A3F70576639CE74F727
	Remote Policy Nonce Hash (rpnh): 88EB8429C516B53BBCA49EC7C0D58C3F27F2890D23E176264B2178EE2A865327CFD06ED94834EE6FF7D145FB39245B59
	Next Stage Image4 Hash (nsih): 1FAC4F6723D591DD6FAEC1DDB7D84C0AB28782096F8F2570EDA1F3CC41DECBE883A59BC4C3C962484E283F4E11549CB6
	User Authorized Kext List Hash (auxp): absent
	Auxiliary Kernel Cache Image4 Hash (auxi): absent
	Kext Receipt Hash (auxr): absent
	CustomKC or fuOS Image4 Hash (coih): absent
	Security Mode: Reduced (smb0): 1
	User-allowed MDM Control: Enabled (smb3): 1
	DEP-allowed MDM Control: Disabled (smb4): absent
	SIP Status: Enabled (sip0): absent
	Signed System Volume Status: Enabled (sip1): absent
	Kernel CTRR Status: Enabled (sip2): absent
	Boot Args Filtering Status: Enabled (sip3): absent
	3rd Party Kexts Status: Enabled (smb2): 1
	username@computername ~ %