SIP is already fairly flexible, in that it allows you to selectively disable only certain protections (see csrutil's man page). The things people complain about being unable to do without disabling SIP—injecting into other processes, modifying system files, etc—are in fact the exact things SIP exists to prevent.
A lot of Mac users I've talked to, including technical ones who IMO should absolutely know better—appear to be under the impression that disabling any part of SIP will perform voodoo magic that makes them an instant hacker target. This just isn't true. Running `csrutil disable && csrutil enable --without debug` allows mac apps with root privledges to inject code into other processes, nothing more and nothing less. To the extent that allowing code injection is a security risk, this is a security risk. If you want to inject code, turn it off and have fun.
iOS apps are the first time to my knowledge that disabling SIP has actually broken something unrelated. (But do let me know if there's a --without-disabling-fairplay option, I don't have an M1 Mac and there's a dearth of information on this.)
As far as having a trusted computing base, well, I think anyone who believes that's actually possible on a mainstream end-user device is fooling themselves. Jailbreaks already exist, as does Corellium. If you're distributing a private app to employees on company computers, set up an MDM profile which prevents messing with SIP, and schedule regular, in-person device check ups to look for signs of user tampering. In any other situation, assume your software is going to be run in an untrusted environment at some point, because it will be.
SIP is already fairly flexible, in that it allows you to selectively disable only certain protections (see csrutil's man page). The things people complain about being unable to do without disabling SIP—injecting into other processes, modifying system files, etc—are in fact the exact things SIP exists to prevent.
A lot of Mac users I've talked to, including technical ones who IMO should absolutely know better—appear to be under the impression that disabling any part of SIP will perform voodoo magic that makes them an instant hacker target. This just isn't true. Running `csrutil disable && csrutil enable --without debug` allows mac apps with root privledges to inject code into other processes, nothing more and nothing less. To the extent that allowing code injection is a security risk, this is a security risk. If you want to inject code, turn it off and have fun.
iOS apps are the first time to my knowledge that disabling SIP has actually broken something unrelated. (But do let me know if there's a --without-disabling-fairplay option, I don't have an M1 Mac and there's a dearth of information on this.)
As far as having a trusted computing base, well, I think anyone who believes that's actually possible on a mainstream end-user device is fooling themselves. Jailbreaks already exist, as does Corellium. If you're distributing a private app to employees on company computers, set up an MDM profile which prevents messing with SIP, and schedule regular, in-person device check ups to look for signs of user tampering. In any other situation, assume your software is going to be run in an untrusted environment at some point, because it will be.