macOS-Simple-KVM
macOS-Simple-KVM copied to clipboard
How to audit this repo?
If I understood correctly, the FetchMacOS project downloads a fresh BaseSystem.img
directly from apple servers, and then we emulate this BaseImage.img
which in turn downloads the rest of the system?
So in order to audit everything, I coud simply audit the FetchMacOS script, certify it's downloading from apple servers. Then audit dmg2img
, and finally audit firmware/
, or better, simply download or compile the firmware from the original project: https://www.linux-kvm.org/page/OVMF
By the way, which OVMF should I download/compile? I think this is the only hard part. Anybody has any idea?