Is it anticipated for a retail bought, non-provisioned units configured with AMFI (Apple Cell File Integrity) developer mode drive enabled?
I just lately purchased two MacBooks with AppleCare+ via Apple retail channels which can be AMFI developer mode drive enabled. I did not buy the MacBooks with enterprise or developer accounts.
Machine 1
A MacBook Professional from Apple.com as a licensed refurbished unit (the one talked about above) for retailer pickup. After unusual mdm kind conduct (wifi settings and many others. altering with out my involvement and what look like mdm associated community calls) I took it the Genius bar and Apple carried out the next actions:
- Recent MacOS set up
- DFU restore
- Logic board alternative
Developer mode drive enabled endured on the machine after every of the steps above. <– see under
Machine 2
Due to my expertise with the MacBook Professional I went and bought a MacBook Air M4 on the Cupertino customer middle retailer with AppleCare+ a couple of weeks in the past. I carried out the next analysis:
- Booted solely into Restoration Mode <– Be aware, I’ve but to set the machine up with a neighborhood account.
- Whereas in restoration mode, I linked to the web.
- In terminal, I checked the AMFI logs and once more noticed developer mode drive enabled. <– see under
Listed here are a few of outputs from terminal from each machines:
spctl kext-consent standing
Kernel Extension Consumer Consent: ENABLED
spctl --status
assessments enabled
csrutil standing
System Integrity Safety standing: enabled.
devtoolssecurity -status
Developer mode is at the moment disabled.
log present --predicate 'eventMessage CONTAINS "AMFI"' --info --last 7d
AMFI: developer mode is drive enabled on this platform
Notes
- For the MacBook Professional, there aren’t any System Preferences seen configuration profiles or extensions put in on the gadget.
- Manually enabling / disabling developer mode has no affect on the AMFI developer mode setting for both machine.
- MDM is listed as disabled in terminal for each machines.
References
Pattern Immediate
In MacOS, are AMFI developer mode drive enabled and developer mode managed via devtoolssecurity totally different settings? Below what circumstances, if any, would you anticipate AMFI developer mode drive enabled with a recent retail MacBook?
Key Variations Summarized
| AMFI Developer Mode "Pressure Enabled" | Developer Mode through devtoolssecurity / System Settings |
|
|---|---|---|
| Objective | Relaxes core code signature validation for working unsigned/self-signed code at a decrease system stage. | Permits admin or _developers group customers to run Apple-signed debugging and efficiency evaluation instruments with no password; permits Xcode to run apps on units. |
| Management Stage | Deeper system-level setting, usually requiring extra intrusive modifications or particular provisioning. | Consumer-facing setting, designed to be simply toggled by directors or builders. |
| Safety Affect | Considerably reduces the general safety posture of the system by stress-free basic code integrity checks. | Provides a managed leisure of safety for growth instruments, with express consumer consent. |
| Visibility | Typically found via system logs (log present –predicate ‘eventMessage CONTAINS "AMFI"’) or particular diagnostic instruments. | Clearly seen and manageable in System Settings > Privateness & Safety and through devtoolssecurity command. |
| Management | Modifying AMFI developer mode drive enabled settings on macOS just isn’t a part of commonplace consumer configuration — it includes low-level system adjustments that may compromise safety and are sometimes reserved for Apple inner use, MDM provisioning, or superior growth eventualities. | DevToolsSecurity -enable |
"AMFI developer mode drive enabled" implies a extra profound and probably much less safe state the place the system’s basic code integrity checks are bypassed for growth, whereas the "Developer Mode" managed by devtoolssecurity is a extra granular and user-controlled setting designed for on a regular basis growth duties with Apple’s instruments.
