Contribute
Register

Should I enable SIP?

Status
Not open for further replies.
MarcinNull

MarcinNull

Joined
Jul 26, 2012
Messages
36
Motherboard
Asus P5Q Deluxe
CPU
Intel Core 2 Quad Q9550
Graphics
GeForce GT 730
I have Clover loading FakeSMC.kext from EFI/CLOVER/kexts/10.11 and I am patching audio using <key>KextsToPatch</key>.... and my custom DummyHDA.kext in S/L/E. Can I enable SIP and be done with it until 10.12 or does Clover needs SIP to be disabled, to be able to patch AppleHDA on boot?
 
My understanding is that once your kernel cache is built, you can enable SIP. However, virtually any OS update (or new hardware drivers or etc.) can cause the cache to be outdated, and then things will fail if SIP is enabled. So you will have to be very conscious to disable it before you do system updates.

FWIW, if you leave SIP disabled, I believe your security status will be no different than all pre-El Capitan hackintoshes.
 
Jeepers
GA-H87N-WIFI |  i7 4790S |  GeForce GT 740
So there could be a problem witch FakeSMC not being put into cache because it is outside S/L/E. DummyHDA is in right folder but is not signed. Does not signed kext can be cached with SIP enabled? And what about Clover dynamic patching on boot, is it working despite SIP?

...OK I keep it disabled.
 
Status
Not open for further replies.
Copyright © 2010 - 2024 tonymacx86 LLC
Back
Top