Contribute
Register

The app’s authorization has been revoked (High Sierra NVIDIA graphics certificates expired)

Status
Not open for further replies.
These commands override the certificate expiration check

Yes, I can see that the boot-command amfi... will help, but not the choice of kexts or Terminal commands.

For example, where is the AppleMobileFileIntegrity.kext in your screen grab?

Let us not confuse people (like me).

Also explain the NVRAM injection ... as that is key to the process. In Clover you place the amfi* boot-command as in your screen grab, but in OpenCore we would use the NVRAM section of config.plist.
 
Last edited:
I just read this extremely scary thread and had to check my two High Sierra computers ("Mini-ITX 1" Haswell, and "Mini-ITX-3" Coffeelake, below). Both boot under OpenCore 0.8.0, both run Mac OS X 10.13.6 (build 17G14042). I ran Heaven and Valley benchmarks on both. Results are below; normal performance; no weird message. Can someone please explain what it is I need to do in order to avoid causing the problem listed in this thread? Thanks!

Mini-ITX 1 Haswell with Gigabyte nVidia GT1030 graphics card on a 1280 x 1024 monitor:
Mini-ITX 1.jpg


Mini-ITX 3 Coffeelake with Gigabyte Nvidia GTX 1050 TI OC graphics card on a 1920 x 1080 monitor:
Mini-ITX 3.jpg
 
Last edited:
Can someone please explain what it is I need to do in order to avoid causing the problem listed in this thread?
Don't reset your NVRAM. Don't shut down or reboot. Other than that, buy a supported AMD card or a Kepler card.
 
The below steps will resolve your issue at the cost of waiving the operating system’s ability to block signatures revoked for legit security reasons. If you have previously tampered with an affected system, please revert to the most recent Time Machine backup (no manual signature-stripping or hauling around of system files).

Step 1. Physically disconnect the affected device from the web. Powering down the router for a few minutes will do just fine.

Step 2. Boot into Safe Mode. Everything will be extremely laggy, be patient.

Step 3. Launch Terminal and enter the command ‘sudo nano /etc/hosts’, once prompted provide the password.

Step 4. Append the following lines to the file’s contents:

127.0.0.1 ocsp.apple.com
127.0.0.1 ocsp2.apple.com
127.0.0.1 ocsp.digicert.com

Save changes and exit.

Step 5. Run the following batch of Terminal commands:

crlrefresh rp
sudo rm -f /var/db/crls/*cache?.db
sudo date -u 020200002020
sudo reboot

Your computer will immediately reboot after the last command. Upon seeing the desktop again, you should notice that everything is back to normal. You can now reconnect to the internet. System time and date will automatically adjust themselves upon reconnecting. If some apps throw errors related to bad time and date, another reboot will fix that. Don’t worry if you run into any scary messages upon the first reboot.

The ‘sudo date’ shift trick is 90% likely unnecessary but better safe than sorry. It’s there just to lure the system (now reverted to a clean state) into repeating any sneaky moves it’s compelled to make since the 1st of June, just to check it no longer breaks itself.
 
Last edited:
Can someone please explain what it is I need to do in order to avoid causing the problem listed in this thread? Thanks!

If you are 100% unaffected at the moment do just steps 3 & 4 from my previous post then reboot. Blocking those hosts keeps ocsp from fetching the updated blacklist from Apple’s servers.
 
Take a look at this...
From horses mouth and may offer clues for a way forward:


Also see:
 
All i did was repack the driver and it installed no problem. Idk why all these extra steps are needed....
Sounds interesting. Let us know more ...

What exactly do you mean by "repack the driver" ?

:)
 
Sounds interesting. Let us know more ...

What exactly do you mean by "repack the driver" ?

:)


I downloaded the webdriver. Put it on the desktop. ran these two commands, and installed using the new repacked .pkg. No problem installing or no second chance needed just as normal as before. restart and my second monitor came right on just as it has done the last nvidia update. hopefully that helps

pkgutil --expand ~/Desktop/WebDriver-387.10.10.10.40.140.pkg ~/Desktop/WebDriver_temp
pkgutil --flatten ~/Desktop/WebDriver_temp ~/Desktop/WebDriver-repack.pkg
 
I downloaded the webdriver. Put it on the desktop. ran these two commands, and installed using the new repacked .pkg. No problem installing or no second chance needed just as normal as before. restart and my second monitor came right on just as it has done the last nvidia update. hopefully that helps

pkgutil --expand ~/Desktop/WebDriver-387.10.10.10.40.140.pkg ~/Desktop/WebDriver_temp
pkgutil --flatten ~/Desktop/WebDriver_temp ~/Desktop/WebDriver-repack.pkg

Great. Thanks for the update.

Let's see if it is repeatable. The problem is the Nvidia code-signing which has expired.

:)
 
Status
Not open for further replies.
Back
Top