From 41e95952b8ac6b70061c51338603648e0d45b4ac Mon Sep 17 00:00:00 2001 From: ComplexSpaces Date: Mon, 18 Apr 2022 16:40:13 -0500 Subject: [PATCH] docs: Improve macOS entitlements reference for improved security --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e4c2db6..1af5000 100644 --- a/README.md +++ b/README.md @@ -33,9 +33,11 @@ For notarization, you need the following things: 1. Xcode 10 or later installed on your Mac. 2. An [Apple Developer](https://developer.apple.com/) account. 3. [An app-specific password for your ADC account’s Apple ID](https://support.apple.com/HT204397). -4. Your app may need to be signed with `hardened-runtime` and the following entitlements: +4. Your app may need to be signed with `hardened-runtime`, including the following entitlement: 1. `com.apple.security.cs.allow-jit` - 2. `com.apple.security.cs.allow-unsigned-executable-memory` + + If you are using Electron 11 or below, you must add the `com.apple.security.cs.allow-unsigned-executable-memory` entitlement too. + When using version 12+, this entitlement should not be applied as it increases your app's attack surface. ## API