Created
July 23, 2021 14:54
-
-
Save rtrouton/6b8cd64977132bcdf9606050bc4159d2 to your computer and use it in GitHub Desktop.
bputil -d showing full startup security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
username@computername ~ % sudo bputil -d | |
Password: | |
This utility is not meant for normal users or even sysadmins. | |
It provides unabstracted access to capabilities which are normally handled for the user automatically when changing the security policy through GUIs such as the Startup Security Utility in macOS Recovery. | |
It is possible to make your system security much weaker and therefore easier to compromise using this tool. | |
This tool is not to be used in production environments. | |
It is possible to render your system unbootable with this tool. | |
It should only be used to understand how the security of Apple Silicon Macs works. | |
Use at your own risk! | |
Current OS environment: | |
OS Type : macOS | |
Local Policy Nonce Hash (lpnh): 7E1ED4512B6DF2A284C6343E469C1F1459453E4898E770CF37A8F3B1D9C000E0DA0C5C5F0546AB70984BEC3A9870DD9E | |
Remote Policy Nonce Hash (rpnh): 88EB8429C516B53BBCA49EC7C0D58C3F27F2890D23E176264B2178EE2A865327CFD06ED94834EE6FF7D145FB39245B59 | |
Recovery OS Policy Nonce Hash (ronh): 6CF5EB6318AF551C5A23B8D3B2E4196AAA372B523E4F412C375CF6B39DCFED28F9B4E9881BF348886F9B9A14E918AA69 | |
Current local policy: | |
Signature Type : BAA | |
Unique Chip ID (ECID): 0xD793810C0291E | |
Board ID (BORD): 0x26 | |
Chip ID (CHIP): 0x8103 | |
Certificate Epoch (CEPO): 0x1 | |
Security Domain (SDOM): 0x1 | |
Production Status (CPRO): 1 | |
Security Mode (CSEC): 1 | |
OS Version (love): 21.1.268.5.8,0 | |
Volume Group UUID (vuid): 2D85CA09-A291-47CA-A68A-66CB2D3BDF70 | |
KEK Group UUID (kuid): AC09E9D5-36DC-10C9-4312-E6DAA3753224 | |
Local Policy Nonce Hash (lpnh): 7E1ED4512B6DF2A284C6343E469C1F1459453E4898E770CF37A8F3B1D9C000E0DA0C5C5F0546AB70984BEC3A9870DD9E | |
Remote Policy Nonce Hash (rpnh): 88EB8429C516B53BBCA49EC7C0D58C3F27F2890D23E176264B2178EE2A865327CFD06ED94834EE6FF7D145FB39245B59 | |
Next Stage Image4 Hash (nsih): 443560FD2BE056BC9527452729EEC1A1BB22BA2DA456B278624DEF822DE9F7A64F0303B64ED811405B4039475F8A623D | |
User Authorized Kext List Hash (auxp): absent | |
Auxiliary Kernel Cache Image4 Hash (auxi): absent | |
Kext Receipt Hash (auxr): absent | |
CustomKC or fuOS Image4 Hash (coih): absent | |
Security Mode: Full (smb0): absent | |
User-allowed MDM Control: Disabled (smb3): absent | |
DEP-allowed MDM Control: Disabled (smb4): absent | |
SIP Status: Enabled (sip0): absent | |
Signed System Volume Status: Enabled (sip1): absent | |
Kernel CTRR Status: Enabled (sip2): absent | |
Boot Args Filtering Status: Enabled (sip3): absent | |
3rd Party Kexts Status: Disabled (smb2): absent | |
username@computername ~ % |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment