I'm currently trying to develop a transparent data encryption(TDE) system on MacOS 12.6.8. Our company has its own file encryption format. In order to facilitate safe and convenient file transfer between Windows and Mac platforms, we need to develop a TDE system on the Mac platform (on the Windows platform, we have developed such a system based on the Minifilter framework).
I tried to implement this system using a MacFuse
based file system and the Endpoint Security system extension
, but found that this did not allow complete control of files on the Mac system. For example, when you use Finder to copy an encrypted file, the decrypted data will be copied out. I'm guessing this might be due to Finder or some other system process cache.
By referring to the current product introductions of other companies, I learned that the current TDE systems on Mac systems are all based on kernel extension.
But I noticed that Apple no longer encourages kernel extension
development, and the Mac kernel has fewer and fewer APIs open to development.
So I would like to ask is it still feasible to develop a TDE system based on the kernel extension?