What does it mean to modify the Security Policy?

  • Updated

If you are installing LucidLink software on a newer generation Apple computer, and should that system feature the new Apple M1 CPU (also known as Apple Silicon), then you may be wondering why the LucidLink installation process is asking that you modify your computer’s “Security Policy” within the macOS Recovery environment. 


This article will attempt to provide some context to what this setting is, and to provide assurances that changing this setting will not impact your computer’s security.


The LucidLink client software is designed to embed itself into the Mac operating system at the file system level. This is how LucidLink can provide the infinite scalability of the cloud, without ever requiring users to change their established workflow. To achieve this, LucidLink needs to install a piece of software, known as a “kernel extension,” that runs within the kernel of the Mac operating system.


In November of 2020, Apple announced a new generation of computer hardware based on an Apple-designed CPU chip. The introduction of this new kind of Apple CPU, known more commonly Apple Silicon or as the “M1” chip, ushered in some new requirements and new restrictions for Apple’s Mac-based operating system, as it relates to 3rd party software.


As an example of these new restrictions, the new Apple M1-based systems block LucidLink’s own kernel extension by default. LucidLink’s software process thus requires the end-user to enable the usage of LucidLink’s kernel extension manually. This process is carried out by first rebooting into the Recovery environment of the Mac system, and then choosing to “allow” the LucidFS extension to run. The LucidLink installer offers step-by-step guidance on how this process works.


Once you’ve entered the Recovery environment, you will need to choose the “Reduced Security” option along with “Allow user management of kernel extensions from identified developers.” 


As named, the term “Reduced Security” may introduce concern. This setting however, and the word “Security” as used in this context, does not relate to protecting your system from computer viruses, malware or other malicious code designed to harm. Choosing this setting only enables LucidLink to install its needed kernel extension, which is also the same kernel extension that gets installed for Apple’s Intel-based computer systems.  


Please note that even when the “Reduced Security” setting is applied, only those kernel extensions explicitly approved and signed by Apple, such as the LucidFS kernel extension, can be loaded into the macOS kernel. Since Apple must approve and sign 3rd party-provided kernel extensions, this prevents users from either maliciously or inadvertently running unapproved software and therefore potentially dangerous code that could compromise system security. 

For more in-depth technical information about these settings and what they mean, IT professionals and System Administrators can read through this supplemental KB article here.

Was this article helpful?

1 out of 1 found this helpful