-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow building boxes with SIP disabled #4
Comments
I found this: https://www.tekrevue.com/tip/mac-vm-boot-recovery-mode-vmware-fusion/
Boots the VM in OSX Recovery Mode. This opens the door to an elevated terminal. |
So this works. OSX gets into Recovery. I have a theory - this might be the offset in the nvram that needs to be patched:
The other part I found is about the boot loader. |
I have this need as well. Happy to test out any proposed implementations. @egandro what did you find about the boot loader? |
I put a few more hours in this investigating what the "magic bits" are in the NVRAM.
Binary diffing 1/2/3 lead into no insigths. I used diff + xxd (from vim - to create a hexdump) So maybe somebody has a smarter idea then I have. 2nd approach - how does clover do this? They patch the kexts in memory :( Unfortunately it's not a simulated nvram... So this is still open... |
Is there a way I can boot my macinbox virtualbox VM into recovery mode? I want to disable SIP to test some things. I see the line above, but I'm not sure where to put that. |
@JonHolman Some quick googling indicates that there are a couple of methods that may work to get you into recovery mode with Virtualbox, but I don't have experience with them and can't comment on whether they would be effective. The |
@bacongravy thanks. I'm not sure how to trigger booting into recovery mode with virtualbox, but I ended up creating a Mojave ISO and booted to that and was able to do what I wanted. |
This works - however - after doing that you can't get the system to boot into non recovery mode... Maybe I am to stupid. |
https://github.com/myspaghetti/macos-virtualbox/blob/master/macos-guest-virtualbox.sh might have a solution for this (search for "csr-active-config"), generating a nvram file and loading it in the EFI boot loader, if I read that code correctly. |
Add option to disable SIP (System Integrity Protection) at boot time. Currently only supported for virtualbox, so this partially implements issue bacongravy#4.
Add option to disable SIP (System Integrity Protection) at boot time. Currently only supported for virtualbox, so this partially implements issue bacongravy#4.
I've created a pull request, but I can only test virtualbox here, so this needs to be applied for the other providers, too. |
@frankosterfeld Thank you for the PR! I haven't had a chance to give it a spin but it looks good. I don't how to replicate this functionality for VMware Fusion or Parallels Desktop, so it may need to be VirtualBox-only for now. |
(Specifically, I don't know how to replicate the |
Sometimes you need to test or verify something, and SIP gets in your way. It would be useful to be able to quickly spin up a VM with SIP pre-disabled.
The SIP setting is stored in NVRAM, so it may be possible to generate an appropriate .nvram file and drop it into the box at creation time, without having to boot the image at all.
The text was updated successfully, but these errors were encountered: