Contribute
Register

OS X El Capitan Public Beta 3 is Now Available

Status
Not open for further replies.
i can confirm latest clover 3252 can boot beta 3 or DP5 with modifications made to the config.plist file to remove SIP preventing the loading of unsigned kexts.
 
ndungu6678 said:
i can confirm latest clover 3252 can boot beta 3 or DP5 with modifications made to the config.plist file to remove SIP prevent loading of unsigned kexts.
Click to expand...

Could you explain that a bit further? forgive my lack of insight but with 3252, we would need to use a modified config.plist or could the one i am already using be tweaked in clover configurator in order to update, and load my kexts
 
Budget Mac Pro
Z97-A/USB 3.1 |  i5 4690 |  GeForce GTX 1060 6GB SSC
you need to edit the config.plist file in an editor like PlistEditPro cause clover configurator will not allow you to add code only change preconfigured settings. You need to add these lines of code in your config.plist (courtesy of slice2009 and clover team for implementing this):


<key>RtVariables</key>
<dict>
<key>CsrActiveConfig</key>
<string>0x67</string>
<key>BooterConfig</key>
<string>0x28</string>
</dict>

and make sure that you place it correctly-if it can be saved you have succeeded-(PlistEditPro will not save the file unless code is correctly entered). What this does is it removes system integrity protection (SIP) and allows third party kexts in S/L/E to load. The flag 0x67 disables the protection and can be re-enabled by changing to 0x00. After this rebuild kernel caches and reboot and if you did things correctly beta 3 will boot with full kext support.
I am assuming that you have already installed the beta and can boot into it? if not you will have to do this from a separate osx disk!
 
I can confirm it works. If you got struck during installation of PB3, you may also boot into single, chmod/chown and build your cache with kextcache command. You should do that again after successful boot to have all relevant kexts on board.
 
Build 1
GA-Z68MX-UD2H-B3 |  i7 2600K |  RX 570 Pulse 8GB
I can confirm as well, upgrading to PP3 is OK. Here is a dummies guide to upgrade from Public Beta 2 to Beta 3 for Clover users.

0. Make a backup of everything.


1. Upgrade to Clover 3252


You can download it here (naiclub build):
https://www.dropbox.com/s/oru6n1wf08hxgty/Clover_v2.3k_r3252.pkg?dl=0

IMHO best to do a custom install and be sure to tick "Install Clover in the ESP".


2. Mount your EFI partition (you use Clover Configurator for that) and open /EFI/CLOVER/config.plist with a text editor. Change the code signing requirements by copying the following text before the final </dict> in the your file:


<key>RtVariables</key>
<dict>
<key>CsrActiveConfig</key>
<string>0x65</string>
<key>BooterConfig</key>
<string>0x28</string>
</dict>


So the end of your config will look something like this:


(...other config stuff...)
<key>RtVariables</key>
<dict>
<key>CsrActiveConfig</key>
<string>0x65</string>
<key>BooterConfig</key>
<string>0x28</string>
</dict>
</dict>
</plist>


Also remove "rootless=0" and "kext-dev-mode=1" entries from under Boot/Arguments in the same file if you have them.

Also, be sure to check if Clover 3252 installed fine (most stuff under /EFI/CLOVER should have a fresh "date modified" in Finder and your Clover_Install_Log.txt should look nice with r3252 mentioned in it).


3. Move your custom kexts (like FakeSMC.kext, AppleIntelE100e.kext) from /System/Library/Extensions to /Library/Extensions


Check permissions for your kexts as well:


- Launch Terminal
- enter: cd /Library/Extensions
- enter: ls -la


Your custom kexts should have "drwxr-xr-x 3 root wheel" in front of them. If not, then fix the permissions:


chmod -R 755 <kext name>
sudo chown -R root:wheel <kext name>


4. You should be good to go now. Simply reboot to test everything. After reboot open terminal and enter "csrutil status". System Integrity Protection should be disalbed.

5. If boot fails, you might have some problem. Sorry for that. o_O

6. Install Public Beta 3 from App Store. Update should be uneventful. :p
 
Build 1
Z97M-PLUS |  i7 4790 |  GeForce GTX 970
nice mini guide from uee3fc. Apple has tightened security in el capitan beta 3 and DP5.

But note the following about boot flags with SIP removed-(courtesy of blackosx)-
with flag:

<key>RtVariables</key>
</key>
<dict>
<key>CsrActiveConfig</key>
<string>0x00</string>
<key>BooterConfig</key>
<string>0x28</string>
</dict>

SIP Security is FULLY enabled.
you cannot edit a kext’s info.plist in S/L/E

with:

<key>RtVariables</key>
<dict>
<key>CsrActiveConfig</key>
<string>0x67</string>
<key>BooterConfig</key>
<string>0x28</string>
</dict>

SIP Security is COMPLETELY disabled.
you can edit a kext’s info.plist in S/L/E

with:

key>RtVariables</key>
<dict>
<key>CsrActiveConfig</key>
<string>0x65</string>
<key>BooterConfig</key>
<string>0x28</string>
</dict>

SIP Security is ONLY enabled for file system.
you cannot edit a kext’s info.plist in S/L/E but custom kexts will still load

this is according to blackosx -have not tried to edit a kext’s info.plist in S/L/E with 0x65 flag only used 0x67-cause i am lazy and don't want to move custom kexts from S/L/E to L/E in clover 3252-just check, maybe its author has modified the new bootloader to allow for full SIP removal- can someone confirm these settings?

thanks happy hacking
 
Thanks to everyone for posting results! :thumbup:

We've been doing a lot of testing too. Chimera and UniBeast for beta will be delayed because of the changes with security- we're hoping to get something out later next month.
 
400 Series
Prime Z490-A |  i5 10600K |  HD 630
300 Series
Z370N WIFI |  i7 8700K |  HD 630
200 Series
GA-Z270X-UD5 |  i3 7100 |  Radeon RX Vega 56 Air Boost
100 Series
GA-Z170X-UD5 TH |  i5 6600K |  GeForce GTX 770
9 Series
GA-Z97-D3H |  i7 4790K |  HD 4600
ndungu6678 said:
have not tried to edit a kext’s info.plist in S/L/E with 0x65 flag only used 0x67
Click to expand...
Kext editing/unsigned kexts require only:
CSR_ALLOW_UNTRUSTED_KEXTS > 1
CSR_ALLOW_UNRESTRICTED_FS > 2

CsrActiveConfig=0x3.
Tested.
 
Build 1
MAXIMUS VII IMPACT |  i7 4770K |  Radeon Other
Build 2
GA-Z97N-WiFi |  i5 5675C |  HD 6200
thanks Toleda- i have changed flag from 0x67 to 0x3 as you suggested and amazingly it is working without restrictions. By the way i am honored to receive your assistance and i am a great admirer of your legendary work in the hackingtosh world-cheers!
 
After setting CsrActiveConfig to 0x3 in the Rtvariables section of my config.plist, I was able to boot into El Capitan: Beta 2 without the rootless switch. I was then able to successfully upgrade to Beta 3 with no problems. This was using version 3253 of Clover, created using CloverGrowerPro.

The only other thing I did was move my FakeSMC.kext into /Library/Extensions and make sure the permissions were correct on it. I don't know if this step was needed with the 0x3 switch, but I did it just in case. Thanks to everyone in this thread for finding the correct steps needed to upgrade El Capitan.

Also there was no need to reinstall the Nvidia Drivers for my GTX 970. They worked just fine in Beta 3.
 
Status
Not open for further replies.
Copyright © 2010 - 2024 tonymacx86 LLC
Back
Top