An important new feature in macOS security architecture was added by Apple on High sierrabut silently. Revealed by Howard Oakley on his blog from tweets (now excluded) from a company engineer, this is a validation of firmware, that is, the software responsible for providing control of your Mac hardware to the operating system.
Since using Intel processors to build all of its Macs, Apple has adhered to the UEFI specification, which is also currently used by conventional Windows PC makers. One of the novelties raised by UEFI over the years has been a model of firmware, used in operating systems to ensure the security of a computer against attacks based on the replacement of its components (whether hardware or not) by a third party in place of the computer manufacturer.
Introduced in Windows 8 under huge criticism (especially from the Linux community, which has stuck with it in private distributions), this model is now part of macOS. However, it still works quietly under a new Terminal command, eficheck, which runs automatically once a week on all High Sierra Macs.
When executed, this command will read the firmware from your Mac and validate it in Apple's own database, which is responsible for storing data and digital signatures of those known as valid is a valid disconnection from the internet; therefore, this database relies on macOS security updates to be updated. In everyday life, ordinary users will not see any results from this analysis; however, if the command encounters a problem, the above dialog will be displayed.
The purpose of this analysis is to enable, in the event of a failure, to sample the hardware information from the affected computer for analysis by Apple (other than using user data in this process). According to Xeno Kovah, responsible for tweets revealed the existence of eficheck, the initial idea to analyze the commitment of the firmware computers affected by viruses and common threats; however, more sophisticated implementations of Chrome OS and Windows already allow you to perform full operating system restore operations of your computers to the last known valid state when a validation failure is identified. firmware.
According to Kovah, the dialog window is displayed only once and now reminds the user of choice in sending discrepancies of subsequent readings. On conventional Macs this should rarely appear, but if you are a happy owner of a Hackintosh Made with that well-assembled PC, get ready to take this a step further by migrating to macOS High Sierra as well as whatever comes next, based on it.
By the way, iOS has a much more sophisticated component integrity validation mechanism for iPhones and iPads, a few years ago one of the most advanced of its kind on the market, including. The nearly 70 (!) Pages (PDF) document on Apple mobile platform security has very interesting sections in this area, and is a good reference from where we can see some security enhancements that could go to Macs in the future.