mirror of
https://github.com/fleetdm/fleet
synced 2026-05-22 16:39:01 +00:00
02437a098e
Closes: #19271 Closes: #19286 Changes: - Updated the example in the schema folder readme - Updated the block scalar used in Fleet's osquery override documentation (`>-` » `|-`) and removed extra newlines - Updated the block scalar used in URLs used to create new yaml override files - Regenerated osqeury_fleet_schema.json
15 lines
1 KiB
YAML
15 lines
1 KiB
YAML
name: csrutil_info
|
|
platforms:
|
|
- darwin
|
|
description: Information from csrutil system call.
|
|
columns:
|
|
- name: ssv_enabled
|
|
type: integer
|
|
required: false
|
|
description: |-
|
|
Sealed System Volume is a security feature introduced in macOS 11.0 Big Sur.
|
|
During system installation, a SHA-256 cryptographic hash is calculated for all immutable system files and stored in a Merkle tree which itself is hashed as the Seal. Both are stored in the metadata of the snapshot created of the System volume.
|
|
The seal is verified by the boot loader at startup. macOS will not boot if system files have been tampered with. If validation fails, the user will be instructed to reinstall the operating system.
|
|
During read operations for files located in the Sealed System Volume, a hash is calculated and compared to the value stored in the Merkle tree.
|
|
notes: This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)).
|
|
evented: false
|