The two 32-byte AES-256 keys concatenate to form a 64-character string that begins with "ourhardwork" and ends with "(c)AppleComputerInc". So to me it seems like there might in fact be a copyrightable expression of an idea here since the keys are english text that tells you what it's for and asks you not to steal. I've seen poems with less letters that are copyrighted.

I think most people don't realize what the keys are when they make the claim that the keys themselves cannot be copyrighted. Clearly the keys aren't a random computer-generated (and thus not copyrightable) set of numbers. They are a human written string of text.

So now even if you completely ignore the DMCA you still have the fact that in order to make OS X work on a PC you must by necessity copy those keys from a Mac onto the PC. There is no getting around this. If those keys are considered a copyrighted work (and why wouldn't they be?) then you just violated basic well-established copyright law.

So that is what I meant when I said that Apple is setting up a legal minefield. Even if Psystar gets past the DMCA portion and the replacement for "Dont Steal Mac OS X" isn't considered a DMCA circumvention device, it could still be considered a violation of plain old copyright.

I assure you they are not trying to claim the bootloader does any checks since they are using my bootloader and not Apple's boot.efi.

I think what they are trying to claim is that Apple's kernel startup routine blocks certain machines. And this is true. It blocks any CPU that is not family 6 and I think also checks for certain models (like 14 and 15 which are Core and Core 2). Beyond that it also checks for LAPIC version which if they actually were to enforce it would really fuck with running OS X under VMware.

Of course the problem with Psystar's argument is that Apple is checking for these things because you need this information to properly initialize things for the processor. Apple can easily argue that they only bother checking for CPUs that they use in their machines because they have no reason to explicitly support anything else. And it would require at least some small amount of explicit support.

The flip side of this is that for the last few OS X point releases, Apple has finally got someone dedicated to doing the code releases and the equivalent Darwin xnu kernel source is coming out like the next day after Apple pushes out the update. It takes like 5 minutes to apply your patch to the new version since the startup code doesn't change very much. Then it takes like 10-20 minutes to build the new kernel.

Of course none of this has anything to do with what you were talking about which is the actual check for Mac hardware. That is separated into its own kernel extension called "Dont Steal Mac OS X.kext" And it isn't actually a check. It asks the SMC kext to ask the SMC (Systems Management Controller present only on Apple hardware) for two values. It then installs a hook function with the kernel (and you can find dsmos_hook in the open source) which the kernel will call anytime it needs a page decrypted. The Dont Steal Mac OS X.kext then implements the function to use the decryption keys it retrieved from the SMC to AES-256 decrypt the pages that the kernel asks to be decrypted. I've done a write-up of this on my site which should hopefully demystify the process a bit.

Might it be that Psystar can win on that part due to the Lexmark decision? Maybe. Or maybe they get their ass handed to them because the replacement for Dont Steal Mac OS X.kext is a clone of Apple's kext that contains the keys as constant data instead of pulling the keys from the SMC. Those keys are copyrighted and presumably specifically registered with the copyright office as a separate work from OS X.

The bottom line is that this is basically a legal minefield and it looks as though it was specifically architected as such by Apple. Should Apple lose on one thing they can bring suit for something else.