Big Sur - Enable Authenticated Root

Information

Authenticated Root _MUST_ be enabled.

When Authenticated Root is enabled the macOS is booted from a signed volume that is cryptographically protected to prevent tampering with the system volume.

NOTE: Authenticated Root is enabled by default on macOS systems.

Solution

[source,bash]
----
/usr/bin/csrutil authenticated-root enable
----
NOTE: To re-enable "Authenticated Root", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the command.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-3, 800-53|CM-5, 800-53|MA-4(1), 800-53|SC-34, 800-53|SI-7, 800-53|SI-7(6), CCE|CCE-85298-8

Plugin: Unix

Control ID: 857917139fa880f279203bc7f1db2dcdfd3890f2dc91722499f2e61e9bd64b99