Contribute
Register

Explaining OS X El Capitan Security Changes - Workarounds and Current Information

Joined
Dec 28, 2012
Messages
167
Motherboard
Gigabyte GA-Z87X-UD5H, 16 GB
CPU
Intel i5 4670K
Graphics
GTX 760
Mac
MacBook
Classic Mac
Mobile Phone
So every time we have to update, do we need to disable SIP or can we leave it on partially disabled and be ok? For example I just updated (love clover) and the only thing that isnt working is audio. Right now I have it set per the guide. So do I need to disable SIP fully to fix audio or can I leave it on partially disabled?
 

RehabMan

Moderator
Joined
May 3, 2012
Messages
191,395
Motherboard
Intel DH67BL
CPU
Core i7-2600K
Graphics
Intel HD 3000
Mac
MacBook Air
Mobile Phone
iOS
So every time we have to update, do we need to disable SIP or can we leave it on partially disabled and be ok? For example I just updated (love clover) and the only thing that isnt working is audio. Right now I have it set per the guide. So do I need to disable SIP fully to fix audio or can I leave it on partially disabled?
You can re-enable SIP, but you have to be careful. Any action that might cause kernel cache to be rebuilt, if done without SIP enabled, will cause kernel cache to be without unsigned kexts that might be sitting in /S/L/E or /L/E. Things that a hack needs to boot... (FakeSMC, etc.).

It is not clear to me all the conditions that may lead to a kernel cache rebuild...
 
Joined
Jan 17, 2014
Messages
18
Mac
iMac, MacBook Air, MacBook Pro, Mac Pro
Classic Mac
Mobile Phone
iOS
Is there any reason why (other than not having a developer account with apple) you could not sign a kext yourself, and then turn SIP back on? e.g.
Code:
codesign -s "Developer ID Application: Mycompany" FakeSMC.kext
Obviously one would not want to distribute this (for fear of having your developer account revoked), but it seems like you could have the best of both worlds: SIP+hackintosh.
 

RehabMan

Moderator
Joined
May 3, 2012
Messages
191,395
Motherboard
Intel DH67BL
CPU
Core i7-2600K
Graphics
Intel HD 3000
Mac
MacBook Air
Mobile Phone
iOS
Is there any reason why (other than not having a developer account with apple) you could not sign a kext yourself, and then turn SIP back on? e.g.
Code:
codesign -s "Developer ID Application: Mycompany" FakeSMC.kext
Obviously one would not want to distribute this (for fear of having your developer account revoked), but it seems like you could have the best of both worlds: SIP+hackintosh.
It needs to be signed by a developer account with "kext signing" privs.

But yes, if you had the required kext signing privs attached to your developer account, you could sign your own kexts and never have to disable SIP.
 
Joined
May 21, 2012
Messages
71
Mac
iMac, MacBook Pro
Classic Mac
Mobile Phone
Not quite on topic I know, but as we are discussing SIP in El Capitan:

Is there a way to edit SIP functionality on a legit Mac using Terminal commands for finer control, similar to what Clover offers?
Can I, on a real Mac, partially disable SIP like 0x02 or 0x03 does in Clover, without completely disabling it?

If Clover can do it, perhaps there are similar Terminal commands...

It is so third-party utilities can work with SIP enabled.

Thanks!
 
Joined
Jan 17, 2014
Messages
18
Mac
iMac, MacBook Air, MacBook Pro, Mac Pro
Classic Mac
Mobile Phone
iOS
Is there a way to edit SIP functionality on a legit Mac using Terminal commands for finer control, similar to what Clover offers?
Thanks!
Yes, there is! You are looking for "csrutil" which you will find on 10.11 installations. You can run it to find available options. You can find a little more discussion in one of the current reviews of El Capitan, e.g. http://arstechnica.com/apple/2015/09/os-x-10-11-el-capitan-the-ars-technica-review/9/ (where p9 talks about SIP and csrutil).
 
Joined
Sep 17, 2012
Messages
86
Motherboard
GA-Z97X-UD3H
CPU
Intel Core i7-4770K Quad-Core
Graphics
GTX 750 TI
Just curious about something that I am wondering about. Why has Apple released the last few version of OS X free to those of use who purchased an earlier version (I Cannot remember which one it was)? Don't get me wrong, I am grateful for what they are doing but I would also like to give what is due to them with these OS X releases.
 
Joined
Dec 28, 2012
Messages
167
Motherboard
Gigabyte GA-Z87X-UD5H, 16 GB
CPU
Intel i5 4670K
Graphics
GTX 760
Mac
MacBook
Classic Mac
Mobile Phone
Just curious about something that I am wondering about. Why has Apple released the last few version of OS X free to those of use who purchased an earlier version (I Cannot remember which one it was)? Don't get me wrong, I am grateful for what they are doing but I would also like to give what is due to them with these OS X releases.

Are you really asking for dues to a $20 OS that you purchased? $20!
 
Joined
Dec 28, 2012
Messages
167
Motherboard
Gigabyte GA-Z87X-UD5H, 16 GB
CPU
Intel i5 4670K
Graphics
GTX 760
Mac
MacBook
Classic Mac
Mobile Phone
How I can to check the current status of SIP whether enabled or disabled?

Check RT values. If its brand new, Its probably fully enabled (which would cause you to not boot). So if you're booting into OSX, its a good indication that it's either fully disabled or partiality disabled.
 
Top