- Joined
- Mar 8, 2017
- Messages
- 758
- Motherboard
- Dell XPS 9700 4K (OpenCore)
- CPU
- i7-10875H
- Graphics
- UHD 630, 3840x2400
- Mobile Phone
Hey guys!
// Edit:
BTW, I should tell you what I want to do: I want to install VoltageShift, which tells me the following:
This program supports macOS 10.12 or above, however you need to switch off the SIP for unsigned kext.
I don't want to fully compromise SIP with 0x67
I wanted to understand how the NVRAM csr-active-config value works, so I looked into the OC documentation. That document just redirected me to csr.h. I read the code and made a little "helper" script that makes selecting values easier for me, since I'm not that good at binary and hex. The following is what I came up with:
It gets called like this:
Where the input-number is the sum of all bitmask values that should be on. AFAIK, for unsigned kexts, I need UNTRUSTED_KEXTS and UNAPPROVED_KEXTS, which would result in 513 or 0x01020000 in big endian. When entering this to my OC config, the outcome is not what I want.
tool output:
csrutil status output:
Why is Apple Internal disabled? But Kext Signing is too, so that's a start. Before this, I used 0x67000000, which was supposed to be off. This would result in the following flags, if my tool's logic is correct:
So it even seems like I don't need UNAPPROVED_KEXTS, would be cool to know what that's actually for tho.
Every help is appreciated! I'm trying to learn here, I don't just want to copy csr-active-config values from any sources.
Thanks!
// Edit:
BTW, I should tell you what I want to do: I want to install VoltageShift, which tells me the following:
This program supports macOS 10.12 or above, however you need to switch off the SIP for unsigned kext.
I don't want to fully compromise SIP with 0x67
I wanted to understand how the NVRAM csr-active-config value works, so I looked into the OC documentation. That document just redirected me to csr.h. I read the code and made a little "helper" script that makes selecting values easier for me, since I'm not that good at binary and hex. The following is what I came up with:
JavaScript:
// All possible flags, mapped to their mask value
const flags = new Map();
flags.set( "CSR_ALLOW_UNTRUSTED_KEXTS", 1 << 0 )
flags.set( "CSR_ALLOW_UNRESTRICTED_FS", 1 << 1 )
flags.set( "CSR_ALLOW_TASK_FOR_PID", 1 << 2 )
flags.set( "CSR_ALLOW_KERNEL_DEBUGGER", 1 << 3 )
flags.set( "CSR_ALLOW_APPLE_INTERNAL", 1 << 4 )
flags.set( "CSR_ALLOW_UNRESTRICTED_DTRACE", 1 << 5 )
flags.set( "CSR_ALLOW_UNRESTRICTED_NVRAM", 1 << 6 )
flags.set( "CSR_ALLOW_DEVICE_CONFIGURATION", 1 << 7 )
flags.set( "CSR_ALLOW_ANY_RECOVERY_OS", 1 << 8 )
flags.set( "CSR_ALLOW_UNAPPROVED_KEXTS", 1 << 9 )
// Find the longest flag name, to padd all with trailing spaces accordingly,
// since the tabs will look crooked otherwise (on my machine at least)
let longest = 0;
for ( const flag of flags ) {
if( flag[ 0 ].length > longest )
longest = flag[ 0 ].length;
}
// Either process node's first command line arg or fall back to hardcoded value
const CSR_ACTIVE_STATUS = process !== undefined && process.argv[ 2 ] !== undefined ? parseInt( process.argv[ 2 ] ) : 0;
console.log( "csr-active-config: " + getPaddedBase( CSR_ACTIVE_STATUS, 10, 2 ) + " (" + CSR_ACTIVE_STATUS + ")\n" );
// Loop all flags for displaying
for ( const flag of flags ) {
let f = padTrailingSpaces( flag[ 0 ], longest );
// Print: flag binValue decValue state
console.log(
f + "\t" +
getPaddedBase( flag[ 1 ], 10, 2 ) + "\t" +
flag[ 1 ] + "\t" +
getStatus( flag[ 1 ], CSR_ACTIVE_STATUS )
);
}
// Swap endian style (little to big) for config data value
console.log( "\nBigEndian value (for config): " + swapEndians( CSR_ACTIVE_STATUS ) );
// Swaps endians, this is symmetrical, swapping twice will be the original
function swapEndians( input ) {
const num = getPaddedBase( input, 8, 16 );
let buf = "";
for( let i = num.length - 1; i >= 0; i -= 2 )
buf += num[ i - 1 ] + num[ i ];
return buf;
}
// Check whether or not the flag is active, X is active, O is off
function getStatus( flag, input ) {
return ( flag & input ) == flag ? "X" : "O";
}
// Pad a string with trailing spaces to meet length requirement
function padTrailingSpaces( input, totalLength ) {
while( input.length < totalLength )
input = input + " ";
return input;
}
// Get the binary representation of a decimal number with leading zeros
function getPaddedBase( input, totalLen, base ) {
let outp = input.toString( base );
while( outp.length < totalLen )
outp = "0" + outp;
return outp.toUpperCase();
}
It gets called like this:
Code:
node csrutil.js <input-number in decimal>
Where the input-number is the sum of all bitmask values that should be on. AFAIK, for unsigned kexts, I need UNTRUSTED_KEXTS and UNAPPROVED_KEXTS, which would result in 513 or 0x01020000 in big endian. When entering this to my OC config, the outcome is not what I want.
tool output:
csrutil status output:
Why is Apple Internal disabled? But Kext Signing is too, so that's a start. Before this, I used 0x67000000, which was supposed to be off. This would result in the following flags, if my tool's logic is correct:
So it even seems like I don't need UNAPPROVED_KEXTS, would be cool to know what that's actually for tho.
Every help is appreciated! I'm trying to learn here, I don't just want to copy csr-active-config values from any sources.
Thanks!