---
title: Introduction
framework: security
role: article
path: apple-archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/Introduction
---

# Introduction

Describes a security feature that protects against unauthorized access to system locations and processes.

## At a Glance

This document covers the key concepts of System Integrity Protection and explains the implications it has on the design and capabilities of apps.

### System Locations Cannot Be Written To

System files can be modified only by system processes signed with Apple’s code signing identity. App processes should instead write to locations designated for third-party developers.

**Relevant Chapter:** [File System Protections](../FileSystemProtections/FileSystemProtections.html#//apple_ref/doc/uid/TP40016462-CH2-SW1)

### System Processes Cannot Be Attached To

System binaries can be modified only by Apple Installer and Software Update from Apple-provided packages, and no longer permit runtime attachment or code injection.

**Relevant Chapter:** [Runtime Protections](../RuntimeProtections/RuntimeProtections.html#//apple_ref/doc/uid/TP40016462-CH3-SW1)

### Kernel Extensions Must Be Signed

Kernel extensions must be signed with a Developer ID for Signing Kexts certificate.

**Relevant Chapter:** [Kernel Extensions](../KernelExtensions/KernelExtensions.html#//apple_ref/doc/uid/TP40016462-CH4-SW1)

### System Integrity Protection Is Configured On Recovery OS

Security configuration is stored in NVRAM, and applies to the entire machine Persists across OS install. You can enable and disable System Integrity Protection by booting to Recovery OS and running the `csrutil(1)` command.

**Relevant Chapter:** [Configuring System Integrity Protection](../ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html#//apple_ref/doc/uid/TP40016462-CH5-SW1)

## Prerequisites

Read *[Security Overview](../../Security_Overview/Introduction/Introduction.html#//apple_ref/doc/uid/TP30000976)* to understand the technologies used to make macOS secure.

For more information about kernel extensions, read the *[Kernel Programming Guide](../../../../Darwin/Conceptual/KernelProgramming/About/About.html#//apple_ref/doc/uid/TP30000905)*.

[Next](../FileSystemProtections/FileSystemProtections.html)

Copyright © 2015 Apple Inc. All Rights Reserved. [Terms of Use](http://www.apple.com/legal/internet-services/terms/site.html) | [Privacy Policy](http://www.apple.com/privacy/) | Updated: 2015-09-16