A Comprehensive Definition of macOS Security Terms

APFS (Apple File System): A filesystem developed by Apple that uses “Containers” and “Volumes” and “Groups”, though no one knows the difference between them. The core features of APFS are the fact that it wasn’t created by a murderer and allows Macs to mount a huge number of “Volumes” for no specific reason.

Secure Token: On macOS, agents that don’t do any important operations are called “tokens” and can suffer from agent imposter syndrome. Secure Token is an agent that is not really needed for the operations of the system, but it is fine with that.

Read-Only System Volume: The operating system is installed on a “read-only” system volume, but it has been known to sneak Netflix when users are not looking.

FileVault: When files are moved from one folder to another, malware can intercept them. In modern versions of macOS, they are no longer copied but “vaulted” from one folder to another. This makes it more secure since the airtime of malware on macOS is very small.

Bootstrap Token: When Secure Tokens were introduced to macOS, there were protests that they hadn’t earned the right to be on the system. Apple dropped Bootstrap Tokens completed naked and with only a small hunting knife onto each Mac system. Bootstrap Tokens can be used by MDM to find and destroy Secure Tokens during escalated escrow operations.

Secure Enclave: A place where Secure Tokens can hide from Bootstrap Tokens.

Key Bags: A slightly dirty-sounding name for storing keys that are no longer used by the system, hated by both Secure and Bootstrap Tokens (though Apple has never explained why).

KEK, SKP, UID, LLB, & SMRK: After a late night drinking cognac, Apple security engineers vowed to use every letter of the alphabet for their security acronyms. They succeeded in the first draft of the Platform Security Guide.

One True Recovery (1TR): After a late marathon of watching LOTR and drinking near-beer, Apple security engineers renamed the Recovery Partition to One True Recovery as a prank and then realized that you can’t delete changes in Radar.