[Solved] NVIDIA Web Driver iBooks Bug

[mlg]

A secure and convenient way to solve this is to have AMFI recognize the NVIDIA web drivers as platform binary. However, considering that we only need a temporary workaround until the next macOS release bundes Pascal drivers (or, better yet, fixes the problem), I wouldn't want to invest the time into programming such a complex and fragile construct around AMFI.

Well, guess what I just did? The security thing bugged me after all (no pun intended).

A kernel extension with equal effect but no security impact is available at:

https://github.com/mologie/NVWebDriverLibValFix/releases

I strongly recommend every user of the old kernel extension to switch over to the new one. I'll keep the old project online and unmodified, because disabling library validation system-wide is useful for other purposes (though you don't want to have it disabled on your desktop system. Really.)

The original download page now points to the new project, too.

Pinging @UtterDisbelief, @boywithaxe and @D-vise, because we specifically discussed this issue in the last few posts.

 

[astromooses]

Hi everyone. I wrote a kernel extension, which resolves the problem for those of us without the option to enable an internal GPU. It permits iBooks, Little Snitch and other software to do their rendering with the NVIDIA Web Driver.

https://github.com/mologie/macos-disable-library-validation
(EDIT: Use https://github.com/mologie/NVWebDriverLibValFix/releases instead)

I'm not releasing a precompiled kext until I got a few confirmations that this works on more than just my machine. I kindly ask you to not distribute precompiled versions of the kext either - there'll be an official release once I get a few OKs. (EDIT: Link to precompiled version added to the end of this post.)

Please only follow these instructions if you're familiar with recovering Hackintosh systems. The kext loads on boot, and you may have to boot an installation disk or attach your disk to another Mac to remove it if things go haywire.

Quick start:

1. Install Xcode
2. Open Terminal
3. Run the commands below

xcode-select --install
git clone https://github.com/mologie/macos-disable-library-validation.git
cd macos-disable-library-validation
./install.sh

You'll be prompted for your passcode for installing the kernel extension. All source code is available for review on GitHub.

EDIT: The precompiled version is available at https://github.com/mologie/macos-disable-library-validation/releases

EDIT 2: Use this more secure version instead: https://github.com/mologie/NVWebDriverLibValFix/releases

Dude this totally worked thank you!

 

[tk421mesa]

Hi everyone. I wrote a kernel extension, which resolves the problem for those of us without the option to enable an internal GPU. It permits iBooks, Little Snitch and other software to do their rendering with the NVIDIA Web Driver.

https://github.com/mologie/macos-disable-library-validation
(EDIT: Use https://github.com/mologie/NVWebDriverLibValFix/releases instead)

I'm not releasing a precompiled kext until I got a few confirmations that this works on more than just my machine. I kindly ask you to not distribute precompiled versions of the kext either - there'll be an official release once I get a few OKs. (EDIT: Link to precompiled version added to the end of this post.)

Please only follow these instructions if you're familiar with recovering Hackintosh systems. The kext loads on boot, and you may have to boot an installation disk or attach your disk to another Mac to remove it if things go haywire.

Quick start:

1. Install Xcode
2. Open Terminal
3. Run the commands below

xcode-select --install
git clone https://github.com/mologie/macos-disable-library-validation.git
cd macos-disable-library-validation
./install.sh

You'll be prompted for your passcode for installing the kernel extension. All source code is available for review on GitHub.

EDIT: The precompiled version is available at https://github.com/mologie/macos-disable-library-validation/releases

EDIT 2: Use this more secure version instead: https://github.com/mologie/NVWebDriverLibValFix/releases

Bless you, MLG!! Praises!!

 

[UtterDisbelief]

Well, guess what I just did? The security thing bugged me after all (no pun intended).

A kernel extension with equal effect but no security impact is available at:

https://github.com/mologie/NVWebDriverLibValFix/releases

I strongly recommend every user of the old kernel extension to switch over to the new one. I'll keep the old project online and unmodified, because disabling library validation system-wide is useful for other purposes (though you don't want to have it disabled on your desktop system. Really.)

The original download page now points to the new project, too.

Pinging @UtterDisbelief, @boywithaxe and @D-vise, because we specifically discussed this issue in the last few posts.

Hi @mlg

Thanks very much for the update - it is installed and working fine here.

So does it now just disable library validation for the Nvidia web driver, rather than the whole system, or does it change how the web-driver is recognised by the OS?

In any case: Great piece of work and very much appreciated. Thank you.

 

[mlg]

So does it now just disable library validation for the Nvidia web driver, rather than the whole system, or does it change how the web-driver is recognised by the OS?

It makes software signed by NVIDIA (but nothing else) pass the 'platform binary' check. This makes Apple's high-level code signing logic (contained in AppleMobileFileIntegrity) treat it equally to the Apple-provided graphics drivers and permits loading it into protected processes.

 

[UtterDisbelief]

It makes software signed by NVIDIA (but nothing else) pass the 'platform binary' check. This makes Apple's high-level code signing logic (contained in AppleMobileFileIntegrity) treat it equally to the Apple-provided graphics drivers and permits loading it into protected processes.

A good result all round then.

Thank you very much again for your hard work. I'm enjoying my iBook library on the desktop once again

 

[JCMunsonII]

Well, guess what I just did? The security thing bugged me after all (no pun intended).

A kernel extension with equal effect but no security impact is available at:

https://github.com/mologie/NVWebDriverLibValFix/releases

I strongly recommend every user of the old kernel extension to switch over to the new one. I'll keep the old project online and unmodified, because disabling library validation system-wide is useful for other purposes (though you don't want to have it disabled on your desktop system. Really.)

The original download page now points to the new project, too.

Pinging @UtterDisbelief, @boywithaxe and @D-vise, because we specifically discussed this issue in the last few posts.

This seems to have worked for me as well.

I had pseudo-corrected the bug by enabling my on-board graphics (HD 630) and subsequent loading/reloading both books and iBooks itself re-cached the affected toolbar, side buttons, etc., however, each reboot I'd have the same issue.

After initial kext installation & a reboot, I didn't have the bug in iBooks that was present before.

 

[UtterDisbelief]

Moderators: The work by @mlg is so good on this problem, I feel it deserves a 'Sticky" to keep it in view for new builders.

Any one agree?

 

[cache0928]

It makes software signed by NVIDIA (but nothing else) pass the 'platform binary' check. This makes Apple's high-level code signing logic (contained in AppleMobileFileIntegrity) treat it equally to the Apple-provided graphics drivers and permits loading it into protected processes.

@mlg is it work well with macOS 10.13?

 

[mlg]

Moderators: The work by @mlg is so good on this problem, I feel it deserves a 'Sticky" to keep it in view for new builders.

Fine with me if the mods agree. This is a common problem indeed. I can open a new topic if needed.

@mlg is it work well with macOS 10.13?

I've not yet mastered the art of time travel. There are not official NVIDIA web drivers for macOS 10.13 yet.