Comments on Should you trust a third-party bootloader to run newer MacOS versions?

A bit odd to be allowed to EFI Boot OpenCore Legacy Patcher (OCLP) to begin with. A "secure" machine is supposed to boot only operating systems signed by Apple or Microsoft. I had a Late 2013 iMac but maybe back then boot security may not be as stringent as it is now. I can boot PopOS (Ubuntu derivative), too, which is not signed. A Windows machine like a Thinkpad of similar vintage appears to be much more stringent at boot security.

My guess is that Monterey now runs in a virtual machine provisioned by OCLP, which might actually be a very thin hypervisor. If you think about it, it is very difficult for a VM to compromise its hypervisor. We can audit OCLP ourselves because it is open source, so let's say we can be assured that OCLP itself is safe. It is conceivable to write malware to specifically target OCLP, akin to boot sector viruses in the 80's, but in order to update OCLP in EFI boot, administrator privileges are required. So just normal care to take a random privilege escalation pop-up with suspicion will prevent such exploits from happening. Most people hardly ever reboot their machines anyway. Ideas along this line seem very pointless to a hacker at any rate — whatever can be done to OCLP can be used to inflict damage to "genuine" Macs which is a far wider audience.

I do not exactly know this stuff and the reason why I am posting this is to try to learn by being corrected! Of course hackers may know of exploits I have never thought of or dreamed of. Let me know what you think.

Hi,

Thank you for your truly interesting article.

I'd like to add, as I've read somewhere I can't unfortunately remember, that despite some older Mac actually supports newer OSes like Big Sur and Monterey, Apple cuts its OS support off from older Macs due to Intel's decision to stop developing patches for older CPUs (do you recall Spectre and Heart Bleed vulnerabilities?) on newer OSes.

Regards.

I am a opencore-patcher user, and a big fan of the project, now running 4 unsupported macbooks, pro and air on version 0.5.1 and Ventura, without a problem. i don't want linux or some variant of it, there nice but nowhere near as good and user friendly as MacOS, there are always risks, but I'll take that risk, i have a newer mac with the original software so im not without if opencore take a while for a new update.

2012 imac: I am learning how to scan system logs and saw the constant flood of SIGKILLS dragging my CPU down. When I installed the patch to let me read the *private* data APPLE has restricted from system logs and things took a dark turn. I was truly shocked to see how many different seemingly mundane routine functions all have separate servers @ APPLE that phone home, dump logs to the server, approve or disapprove permissions and communications connections, report what programs you install and are running, when it crashed and why, ect. APPLE SERVERS receives updates constantly when you alter or attempt EVERYTHING, a separate server for each function. I watched a connection between my cellphone and imac repeatedly drop off, then I found it in the logs and APPLES bluetooth servers had been denying the connection. So they knew about that cracked Omnisphere I had?(NOTE I said HAD, I haven't used pirated software at all on this machine) NO MORE SECURITY UPDATES? It wasn't really secure EVER. OPENCORE then became a no brainer and so far its running Venture just fine on external SSD. I've been a sitting duck for a couple years now on Catalina and didn't know it and it seems even with APPLE. If you watch The YouTube videos a couple times, have 1 small usb drive to install OPENCORE on and 1 for your final OS, follow the directions in order step by step it happens. OPENCORE can't be any less secure than I was anyway. WORD ABOUT APPLE