"If you're feeling generous, Apple likely made this change to improve device security under OS X."
Enabling an INDUSTRY STANDARD on third party disks cannot be a security related issue. TRIM is an entirely hardware based function (well, SSD controller level, which is software technically) that cannot interfere with any encryption or data integrity!
Totally agreed. This is nothing but the same old stereo-typical Apple. You have to come to us for everything, every dollar, under the guise of making a product better.
Apple is getting really insane with their stuff. 3rd party SSDs? Apple doesnt make it's own SSDs so every SSD is a 3rd party. I guess in apple's eyes even if you buy their stuff they still own it.
There's an open question in your reporting, Joel: Does Apple provide hardware developers with a way to submit their kernel extensions for Apple's review and approval? If so, this move is a bit less severe than your article makes it sound and more like Apple's policies surrounding the App Store; Apple is bringing a "walled garden" experience to hardware drivers.
This article is a bit misleading.
Apple have never supported TRIM on third-party SSDs. This dates from the very first introduction of SSDs into Macs.
The method previously used to enable TRIM on third-party SSDs was the use of a patch to the Apple AHCI driver. This patch removed the check for an Apple approved SSD and enabled TRIM on all SSDs.
Yosemite enables kernel extension signing by default. This patch can still be applied to Yosemite, but it will not load unless kernel extension signing is disabled. It isn't reasonable to expect Apple to sign an unauthorised modified version of their own driver.
Most people who have needed to enable TRIM use an application called TRIM Enabler - this has had an update for Yosemite and can automatically disable kernel extension signing as part of the patch.
Right. Apple previously didn't *enable* this function, but they didn't take security actions to make it impossible, either. Now, they have. So now, if you want to enable TRIM, you have to install a patch or take action manually that disables the *entire* driver signing mechanism.
That's bad design.
Now, you can argue that you don't make the system any less secure under OS X 10.10 than it was under OS X 10.9, since you're disabling a feature that wasn't previously available. Nonetheless, if the goal is to improve the security environment for all users, you need to offer security features that users don't need to disable to keep using their previously purchased hardware.
That's the real problem here. And while I absolutely agree that Apple didn't previously support this mode directly, they're now forcing users to pick between a less secure operating mode or buying new, Apple approved hardware at Apple-decided prices.