Now, in practice, Apple doesn't need to make it impossible to run OS/X on commodity machines, just irritating enough that people who otherwise would have bought Macs don't buy PCs instead. That's basically a matter of compensating for the price premium that Apple charges for its hardware. So, it's interesting to explore what Apple might do.
The simplest thing to do is to simply embed checks in the software to see if its running on authorized hardware. For instance, every machine could have a serial number that's checked by the operating system. Potential candidates on commodity hardware include a CPU serial number like Intel at one point had, or to look at the Ethernet MAC address. These serial numbers could be chosen from a range that was identifiable as being owned by Apple (MAC addresses already are assigned this way). They could also be digitally signed but its overkill. This sort of mechanism is fairly easy to counter. All the attacker has to do is find all the checks in the software and distribute a patch file that nulls them out. The defender can of course try to hide the checks, use different idioms, etc., so it's kind of an arms race, and given how frequently Apple delivers new software revisions, if there's any serious demand, patches will be available most of the time.
Because Apple controls the hardware on which OS/X runs, there's something better they can do: simply arrange that all of their hardware components (BIOS, chipsets, graphics cards, etc.) have semi-proprietary interfaces that aren't available in commodity PCs and wire their interfaces to that hardware fairly deeply into their programs. Obviously, people can replace these drivers, but we're now talking about very substantial amounts of work, more than the average person looking to save a couple of hundred bucks is going to be willing to do.
I imagine that this, plus some kind of per-copy license enforcement, is the approach Apple will take.
Even easier:
Apple only needs to SUPPORT a narrow range of hardware. EG, OS-Xi only runs on "Intel Chipsets versions X, Y, Z, bios version Q". That alone really locks down the systems, and its what happend with NeXTstep Intel and why it never caught on.
Since all we're really talking about is the Aqua UI components, how will that work? The OS, for all intents and purposes, already runs on white-box hardware, as raw Darwin. How long before we see a the cooked version, OS X Server for Intel?
I think the one problem with MAC addresses, and this may not be a problem for Apple, is the occurance of network card failures, and upgrades. Say Joe Buyer's Ethernet port fails, so he goes out and buys a new one from Apple. Unless the card was built before the OS was released, the OS will have to boot and get a new list from Apple of acceptable MAC addresses. At this point, someone would be able to block that.
As for the other hardware, so long as it is apple made and remains constant throughout product (OS) life, then they should be better off.
What I had in mind here was that Apple would wire their OUI arc into the OS. Then whenever they get a new OUI arc they just release an OS update. Actually, they can just deliver that update on CDROM with the new cards.
I wrote a response here. In short, if Apple does deep BIOS changes, I propose that hackers will do BIOS cloning.
I have heard rumors that they will be using a customized chipset, have a customized BIOS, and random asynchronous software checks. They may also be using a special series of Intel processor.
This should make it difficult enough so that only an extremely determined hacker with enormous effort can get OS X up and running on a standard system. Not much of a threat to Mac market share.