Türkçe tercümesini yapmak isterdim ama insan bana o kadar vaktim yok. Konuyu kısaca özetleyeyim sana. Cihazının hard diskini bir kripto makinası gibi düşün ve bu şifreyi bootloader her seferinde giriyor bu sayede Apple Secure Boot (Apple Önyükleme Güvenliği) taklit ediliyor ve açık olabiliyor. Bu sayede diskin daha güvende olduğu anlatılıyor. Ama buradaki asıl olan işletim sistemini kandırmak.
Type: plist integer, 64 bit
Failsafe: 0
Description: Apple Enclave Identifier.
Setting this value to any non-zero 64-bit integer will allow using personalised Apple Secure Boot identifiers. To use this setting, make sure to generate a random 64-bit number with a cryptographically secure random number generator. With this value set and SecureBootModel valid and not Disabled it is possible to achieve Full Security of Apple Secure Boot.
To start using personalised Apple Secure Boot, the operating system will have to be reinstalled or personalised. Unless the operating system is personalised, macOS DMG recovery cannot be loaded. If DMG recovery is missing, it can be downloaded with macrecovery utility and put to com.apple.recovery.boot as explained in Tips and Tricks section. Note that DMG loading needs to be set to Signed to use any DMG with Apple Secure Boot.
To personalise an existing operating system use bless command after loading to macOS DMG recovery. Mount the system volume partition, unless it has already been mounted, and execute the following command:
bless bless --folder "/Volumes/Macintosh HD/System/Library/CoreServices" \ --bootefi --personalize
When reinstalling the operating system, note that current versions of macOS Installer, tested as of 10.15.6, will usually run out of free memory on the /var/tmp partition when trying to install macOS with the personalised Apple Secure Boot. Soon after downloading the macOS installer image an Unable to verify macOS error message will appear. To workaround this issue allocate a dedicated RAM disk of 2 MBs for macOS personalisation by entering the following commands in macOS recovery terminal before starting the installation:
disk=$(hdiutil attach -nomount ram://4096)
diskutil erasevolume HFS+ SecureBoot $disk
diskutil unmount $disk
mkdir /var/tmp/OSPersonalizationTemp
diskutil mount -mountpoint /var/tmp/OSPersonalizationTemp $disk
