Comments on Should you trust a third-party bootloader to run newer MacOS versions?

Be civil and read the entire article first. This is not a support forum. Comments from new contributors are moderated. English only.

Leave a comment

Required. Optional. E.g. your homepage, Twitter. or Email required unless anonymous. Not published or shared. Reuse to be recognized as the same commenter.
Plain-text only. Begin lines with a > character to quote.

Bobby

A bit odd to be allowed to EFI Boot OpenCore Legacy Patcher (OCLP) to begin with. A "secure" machine is supposed to boot only operating systems signed by Apple or Microsoft. I had a Late 2013 iMac but maybe back then boot security may not be as stringent as it is now. I can boot PopOS (Ubuntu derivative), too, which is not signed. A Windows machine like a Thinkpad of similar vintage appears to be much more stringent at boot security.

My guess is that Monterey now runs in a virtual machine provisioned by OCLP, which might actually be a very thin hypervisor. If you think about it, it is very difficult for a VM to compromise its hypervisor. We can audit OCLP ourselves because it is open source, so let's say we can be assured that OCLP itself is safe. It is conceivable to write malware to specifically target OCLP, akin to boot sector viruses in the 80's, but in order to update OCLP in EFI boot, administrator privileges are required. So just normal care to take a random privilege escalation pop-up with suspicion will prevent such exploits from happening. Most people hardly ever reboot their machines anyway. Ideas along this line seem very pointless to a hacker at any rate — whatever can be done to OCLP can be used to inflict damage to "genuine" Macs which is a far wider audience.

I do not exactly know this stuff and the reason why I am posting this is to try to learn by being corrected! Of course hackers may know of exploits I have never thought of or dreamed of. Let me know what you think.

Alex

Hi,

Thank you for your truly interesting article.

I'd like to add, as I've read somewhere I can't unfortunately remember, that despite some older Mac actually supports newer OSes like Big Sur and Monterey, Apple cuts its OS support off from older Macs due to Intel's decision to stop developing patches for older CPUs (do you recall Spectre and Heart Bleed vulnerabilities?) on newer OSes.

Regards.