Many are looking forward to the upcoming ARM Macs, but this architecture also has certain drawbacks. One of the main ones is that Apple can also make the Mac more and more a closed system.
If the macOS app is not signed it cannot be started
As ifun noticed, Apple mentions in the release notes for the beta version of macOS Big Sur that under this operating system and on Macs with ARM processor only programs that are signed will start.
New in macOS 11 on Apple silicon Mac computers, and starting in the next macOS Big Sur 11 beta, the operating system will enforce that any executable must be signed with a valid signature before it’s allowed to run. There isn’t a specific identity requirement for this signature: a simple ad-hoc signature issued locally is sufficient, which includes signatures which are now generated automatically by the linker.
On the one hand this increases security, as Apple has previously checked the software to be installed, but on the other hand it also deprives you of the possibility to install a small tool from an independent developer without much effort. The only way around this is to sign locally – you have to issue a local certificate for the software yourself.
We don’t know how to find this. Currently, it’s often annoying that you have to open an unsigned program with the right mouse button to install it. The obligation of every piece of software not to let Apple not approve it is perhaps too much of a good thing. If you take a look at the normal users, not installed updates might be the biggest security risk. The good news is though, that you can still run anything you want on your Mac.
What do you think about Apple’s approach to seal off macOS a bit more like iOS?