Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- System security overview
- Signed system volume security
- Secure software updates
- Rapid Security Responses
- Operating system integrity
- BlastDoor for Messages and IDS
- Lockdown Mode security
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorization with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
Paired recoveryOS restrictions
On devices with macOS 12.0.1 or later, every new macOS installation also installs a paired version of recoveryOS into the corresponding APFS volume group. This design is familiar to users of Intel-based Mac computers, but on a Mac with Apple silicon, it provides additional security and compatibility guarantees. Because every macOS installation now has a dedicated paired recoveryOS, this helps ensure that only that dedicated paired recoveryOS can perform security-downgrading operations. This helps protect installations of newer versions of macOS from tampering initiated from older versions of macOS, and vice versa.
The pairing restrictions are enforced as follows:
All installations of macOS 11 are paired to the recoveryOS. If a macOS 11 installation is selected to boot by default, the recoveryOS is booted by holding down the power key at boot time on a Mac with Apple silicon. The recoveryOS can downgrade security settings of any macOS 11 installations, but not any installations of macOS 12.0.1.
If a macOS 12.0.1 or later installation is selected to boot by default, its paired recoveryOS is booted by holding down the power key when the Mac starts up. The paired recoveryOS can downgrade security settings for the paired macOS installation, but not for any other macOS installation.
To boot into a paired recoveryOS for any macOS installation, that installation needs to be selected as the default, which is done using General > Startup Disk in System Settings (macOS 13 or later), Startup Disk in System Preferences (macOS 12 or earlier), or by starting any recoveryOS and holding Option while selecting a volume.
Note: Fallback recoveryOS can’t perform downgrades for any macOS installations.