How Secure Boot and System Integrity Protection Guard Your Mac From Malware
Tim Standing of SoftRAID has an outstanding article on how macOS protects you from malware, via System Integrity Protection (SIP) and Secure Boot features, and why turning off Secure Boot is no big deal, and required for SoftRAID and other drivers.
How Secure Boot and System Integrity Protection Guard Your Mac From Malware
Some users don’t want to disable Secure Boot because they believe it disables all malware protection on their Mac. This belief is not correct, and Apple labeling the setting for disabling Secure Boot as “No Security” in the Startup System Security application doesn’t help.
Actually, Secure Boot only protects your Mac for less than 2 minutes after the white Apple logo appears on the screen during startup. After 2 minutes, Secure Boot offers no protection.
What is protecting your Mac from malware the entire time, is System Integrity Protection (SIP). SIP starts protecting your Mac when it first boots up and continues for as long as your Mac is running. SIP ensures that software that runs on your Mac is only from developers recognized by Apple. Starting with macOS 10.14.6, SIP also assures that the software has been previously checked for malware by Apple’s malware scanning servers.