Contribute
Register

What is System Integrity Protection (SIP)?

Joined
Jan 27, 2012
Messages
6
Motherboard
Z370M-ITX/ac
CPU
Intel i5 8400
Graphics
Intel
Hey,

read today that Chrome caused some trouble on macOS with disabled SIP. So I checked my build and SIP was disabled. I got my Clover-Test-USB Stick and set CsrActiveConfig to 0x00 that enabled SIP. My Build with Catalina Beta 8 booted from USB-Clover and I see no difference. Thought that the kext in my EFI Partition will not load but kextstat list all third-party-kext.
So is there any reason to disable SIP?
Will it cause problems when I update to a new version or if I empty the kext cache?

Thx
 

pastrychef

Moderator
Joined
May 29, 2013
Messages
15,338
Motherboard
Gigabyte Z390 M Gaming
CPU
i9-9900K OC'd @ 5.0GHz
Graphics
Radeon VII
Mac
  1. MacBook
  2. Mac Pro
Classic Mac
  1. iBook
  2. Power Mac
  3. PowerBook
Mobile Phone
  1. iOS
Hey,

read today that Chrome caused some trouble on macOS with disabled SIP. So I checked my build and SIP was disabled. I got my Clover-Test-USB Stick and set CsrActiveConfig to 0x00 that enabled SIP. My Build with Catalina Beta 8 booted from USB-Clover and I see no difference. Thought that the kext in my EFI Partition will not load but kextstat list all third-party-kext.
So is there any reason to disable SIP?
Will it cause problems when I update to a new version or if I empty the kext cache?

Thx

If you are using Clover to inject your Hackintosh kexts, there's no reason to disable SIP.
 

Jamesbond007

Moderator
Joined
May 21, 2011
Messages
5,695
Motherboard
Z390 Designare
CPU
i7 9700KF
Graphics
RX 580
Mac
  1. Mac mini
Mobile Phone
  1. iOS
If you are using Clover to inject your Hackintosh kexts, there's no reason to disable SIP.

If that is so, I will consider enabling SIP. As far as I can see the setting on my systems is 0x3, which translates to "SIP partially disabled", the default setting used in the Unibeast installation.

By the way, is there a reason for the Unibeast installation to default to 0x3 and not to 0x0 (SIP enabled)? To allow for installation of third party kexts into /Library/Extensions? Or perhaps other reasons?
 

Gigamaxx

Moderator
Joined
May 15, 2016
Messages
6,018
Motherboard
GIGABYTE X470 Arous Gaming 7 WiFi
CPU
Ryzen R9 3900X
Graphics
RX 480
Mac
  1. iMac
If that is so, I will consider enabling SIP. As far as I can see the setting on my systems is 0x3, which translates to "SIP partially disabled", the default setting used in the Unibeast installation.

By the way, is there a reason for the Unibeast installation to default to 0x3 and not to 0x0 (SIP enabled)? To allow for installation of third party kexts into /Library/Extensions? Or perhaps other reasons?

Nvidia web drivers and installing with multibeast.
 

Jamesbond007

Moderator
Joined
May 21, 2011
Messages
5,695
Motherboard
Z390 Designare
CPU
i7 9700KF
Graphics
RX 580
Mac
  1. Mac mini
Mobile Phone
  1. iOS
Nvidia web drivers and installing with multibeast.

I see. Since I don't use Nvidia drivers and MultiBeast, and only use Clover to inject kexts, it should be safe for me to enable SIP then.
 

pastrychef

Moderator
Joined
May 29, 2013
Messages
15,338
Motherboard
Gigabyte Z390 M Gaming
CPU
i9-9900K OC'd @ 5.0GHz
Graphics
Radeon VII
Mac
  1. MacBook
  2. Mac Pro
Classic Mac
  1. iBook
  2. Power Mac
  3. PowerBook
Mobile Phone
  1. iOS
I see. Since I don't use Nvidia drivers and MultiBeast, and only use Clover to inject kexts, it should be safe for me to enable SIP then.

Yes.
 

pastrychef

Moderator
Joined
May 29, 2013
Messages
15,338
Motherboard
Gigabyte Z390 M Gaming
CPU
i9-9900K OC'd @ 5.0GHz
Graphics
Radeon VII
Mac
  1. MacBook
  2. Mac Pro
Classic Mac
  1. iBook
  2. Power Mac
  3. PowerBook
Mobile Phone
  1. iOS
Nvidia web drivers and installing with multibeast.

Nvidia web drivers are signed and can be used on systems with SIP enabled.
 

Gigamaxx

Moderator
Joined
May 15, 2016
Messages
6,018
Motherboard
GIGABYTE X470 Arous Gaming 7 WiFi
CPU
Ryzen R9 3900X
Graphics
RX 480
Mac
  1. iMac
Nvidia web drivers are signed and can be used on systems with SIP enabled.

Yes but I believe the beta web drivers required sip disabled to install and configure then enable sip. I recall a lot of threads with frustrated users not being able to activate them after updates.
 
Joined
Jan 27, 2012
Messages
6
Motherboard
Z370M-ITX/ac
CPU
Intel i5 8400
Graphics
Intel
Thx all of you.
Since enabling SIP I got often the question if I permit. But this is good.
Something not so nice is, that Clover Installer has problems with SIP. I prepared a new USB-Stick and with SIP enabled Clover Installer stops doing its job. But for this special time I will reboot with disabled SIP.
 
Top