Thank you for the detailed background!
Currently, our system performs signature verification on scripts before execution, ensuring the following condition is met:
The script originates from a specific trusted source.
When this checks is successful, we consider the script safe for execution
We provide a B2B solution to our customers, with an agent on all devices, which (among other things) enables e.g. L1 and L2 IT teams to execute (only) pre-written quality controlled and signed scripts. Our current implementation is similar to your point “4. Trust exceptions”, except that the customer remotely (ideally through MDM) marks the leaf explicitly as trusted, without interaction from the customer’s employees (device users). The leaf certificate for script signing comes from a public root CA trusted by Apple (as in “2. Built-in trusted root certificates”), so that parties untrusted by us and our customers can also request leaf certificates. For remote script execution, we only trust specific leaf certificates deployed on the device.
We are planning to move towards the approach you described as category "1. Custom implementation.".
However, we didn't anticipate the need to expedite this change due to Sonoma's new limitations on mass-deploying non-root CAs and marking them as trusted without user confirmation.
We have customers that already rely on the solution based on the KeyChain. We would like to provide them with a temporary workaround they can use immediately.
Is there a temporary workaround we could go with until we update our product to do "1. Custom implementation." ?
Your advice would be very helpful.
Topic:
Business & Education
SubTopic:
Device Management
Tags: