Changeset 97188 in vbox for trunk/src/VBox/HostDrivers/Support/darwin

Timestamp:

Oct 18, 2022 7:42:50 AM (3 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

154163

Message:

Support/SUPR3HardenedEntitlementsVM.plist,VMM/NEMR3Native-darwin: Remove the Catalina workaround, as it turns out setting the com.apple.security.cs.allow-unsigned-executable-memory and com.apple.security.cs.disable-executable-page-protection entitlements are enough to make it work, bugref:9044

File:

• trunk/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist (modified) (1 diff)

trunk/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist

@@ -4 +4 @@
 <dict>
     <!-- <key>com.apple.security.cs.allow-jit</key>                          <true/> -->
-    <!-- <key>com.apple.security.cs.allow-unsigned-executable-memory</key>   <true/> -->
-    <!-- <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> -->
+    <!--
+      The following two entitlements are required for using AppleHV on Catalina.
+      The first entitlement allows us to have unsigned executable memory in the guests
+      address space like the BIOS code (and essentially all the guests address space which
+      is mapped as RWX).
+      The second entitlement is required in order to map guest memory as RWX into the
+      guests address space.
+      These entitlements are not required starting with BigSur+ where Apple has clearly
+      changed something in their entitlement scheme without properly documenting it.
+    -->
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>   <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key> <true/>
     <!-- For audio input -->
     <key>com.apple.security.device.audio-input</key>                    <true/>