Introduction
With the advent of the T2 macOS gained the ability to verify the integrity of the OS as it is booted.
Verified Components
- The T2 verifies MacEFI via img4 and feeds it to the Intel CPU via eSPI
- MacEFI verifies the `boot.efi` component
- If in Full Security mode it requires a im4m manifest that is specific to the T2 ECID
- If in Medium Security mode it requires a im4m manifest that is specific to the T2 CPID