Contribute
Register

Need Help to replace stock Apple kext from /L/E in BigSur

Status
Not open for further replies.
bisk

bisk

Joined
Apr 12, 2010
Messages
67
Motherboard
Lenovo ThinkCentre M73-Clover
CPU
i3-4130T/H81
Graphics
HD4400
Mac
  1. MacBook Pro
Mobile Phone
  1. iOS
  2. Other
Can someone tell me if it is possible to get a replacement kext into the prelinked kernel cache under Big Sur ?

I am running 11.6.1 with OpenCore 0.7.7 and would like to replace the stock Apple IO80211Family.kext
with my own modified version which sits in /L/E. Injection no longer works. Attempts to affect the cache via
injection just cause a "Refusing kext" error and KP probably due to illegal access of the sealed boot snapshot.

I have followed some older guides to remove the boot snapshot in recovery mode but get stopped with
"insufficient privileges" errors every time no matter the csrutil status.

Anybody having any success stripping away the boot snapshot, rebuilding kernel cache and regenerating a new snapshot ?

Or has Apple now officially locked this down allowing us only to provide additional kexts via injection.

If so, how do vendors provide new kexts to support their products since they presunably would bw using /L/E ?
 
GA-B75-D3V High Sierra
GA-B75M-D3V |  i7 2600 |  GeForce GTX 550 Ti
Asus N53S (HM65/i7-2630QM) High Sierra
H65 Board |  i7 Other |  HD 3000
HP Z400 Sierra
X58 Board |  Xeon X5690 |  GeForce GT 440
Asus Q500a (HM76/i7-3632QM) Sierra
Other |  i7 Other |  HD 4000
The software developers would give Apple the necessary information regarding their third-party kexts, so the kexts were enabled in macOS when the software installer runs.

Big Sur 11.6.1 took on some additional security processes, in line with the processes used in Monterey. So the amended Apple kext probably needs to be installed via the boot loader, or not used.
 
Oh sure, if even. It seems that any kexts not already present in the boot snapshot's prelinked kernel cache will load just fine even when not passing validation so long as SIP is disabled.

However, it seems that for Big Sur, injecting a kext that attempts to replace a kext already present in the prelinked kernel results in a KP. Loading a kext, post boot, that attempts to replace a kext already present in the prelinked kernel within the boot snapshot simply causes the version in the snapshot to load instead of the kext actually presented to kextload.

So the only solution seems to be to delete the boot snapshot, replace the stock kext with the modified kext and then recreate a new snapshot. The tools seem to exist to do exactly this but there appear to be some permission hurdles that need to be overcome. More secret internal Apple switches etc., etc.

Anybody ?
 
GA-B75-D3V High Sierra
GA-B75M-D3V |  i7 2600 |  GeForce GTX 550 Ti
Asus N53S (HM65/i7-2630QM) High Sierra
H65 Board |  i7 Other |  HD 3000
HP Z400 Sierra
X58 Board |  Xeon X5690 |  GeForce GT 440
Asus Q500a (HM76/i7-3632QM) Sierra
Other |  i7 Other |  HD 4000
Status
Not open for further replies.
Copyright © 2010 - 2024 tonymacx86 LLC
Back
Top