5.1.3 Ensure Apple Mobile File Integrity Is Enabled

Information

Apple Mobile File Integrity was first released in macOS 10.12, the daemon and service block attempts to run unsigned code. AMFI uses lanchd, code signatures, certificates, entitlements, and provisioning profiles to create a filtered entitlement dictionary for an app. AMFI is the macOS kernel module that enforces code-signing and library validation.

Rationale:

Apple Mobile File Integrity (AMFI) validates that application code is validated.

Impact:

Applications could be compromised with malicious code.

Solution

Run the following command to enable the Apple Mobile File Integrity service:

$ sudo /usr/sbin/nvram boot-args=''

See Also

https://workbench.cisecurity.org/files/3569