Trilight Zone

[tricore]

Apple has taken the interesting step of adding support for encrypted program code in Mac OS X.

Researcher Amit Singh describes much of the mechanism on the Web site that promotes his book, Mac OS X Internals. While much of OS X is open source, this feature appears to have been unearthed through old-fashioned reverse engineering.

There are at least two reasons for encrypting binaries (executable program files). In Apple's case, the most important reason may have to do with protecting its hardware business.

Apple has been rolling out Mac systems based on Intel processors for some time now, and has to take measures to prevent users from running their software on off-the-shelf hardware bought through other sources. Apple made clear from the outset that it would not allow users to run Mac OS X on non-Apple hardware.

By encrypting the programs and using a key tied in hardware to Apple systems, perhaps a TPM (Trusted Platform Module) or something like it, Apple would make it very difficult, although not impossible, for third parties to circumvent protection.

The other major reason for encryption is to impede reverse engineering of the type Singh performs. One again, encryption doesn't make such reverse engineering impossible, just more difficult. Eventually, it should be possible to build tools that allow researchers not to have to wade through encryption when working with OS X code on a genuine Apple system.