Jump to content

Chameleon 2.4svn Official PKG Installer

ErmaC

By ErmaC,
in Chameleon

 Share
4261 posts in this topic

Recommended Posts

Pike R. Alpha
Pike R. Alpha
Posted
Posted

Never mind. I finally had time to watch https://developer.apple.com/videos/wwdc/2015/?id=706

and it's clear to me now. The setting is stored in nvram. This setting can only be changed in Recovery OS so you need to boot into the Recovery HD setup and launch the security app in the utility menu to change this setting.

  • Like 3
crazybirdy
crazybirdy
Posted
Posted

Guys,  can you test this "test boot"?

It does not inject rootless=0 nor kext-dev-mode=1 in El Capitan.

 

The test is too see if unsigned kexts are loaded by the DP1 or DP2 as state by someone, so boot using -f or UseKernelCache=No

 

thanks

attachicon.gifboot.zip

// ----------------------------------------------------------------------------------------------------------------------------

This test is for crazybirdy only ------> attachicon.gifboot.zip

 

Loading kexts from /Extra/Extensions.

 

Assuming you have /Extra/Extensions but not something like /Extra/Extensions/10.11 (because Chameleon can do that too normally)...otherwise this test is not reliable..

 

Since we cannot inject kexts in the prelinkedkernel, the test must be made with -f flag

like above, does not inject rootless/kext-dev-mode flags, if you need it then write it at boot time.

 

It's a test, no guarantees  :P

 

10.11.dp2

prelinkedkernel without FakeSMC

/Extra/Extensions/FakeSMC.kext + other kexts

/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext (add id 4350 for wireless)

 

test with above

 

both boot files can not boot to 10.11 with prelinkedkernel, -v only, stop at [IOBluetoothHCIController]......No FakeSMC loading.

 

1.the first boot file can boot to 10.11 with -v -f, without rootless=0, kext-dev-mode=1.

2.the second boot file can not boot to 10.11 with -v -f, without rootless=0, kext-dev-mode=1, and get kext error with AirPortBrcm4360.kext.

FYI :wink_anim:

 

joe75
joe75
Posted
Posted

Never mind. I finally had time to watch https://developer.apple.com/videos/wwdc/2015/?id=706

and it's clear to me now. The setting is stored in nvram. This setting can only be changed in Recovery OS so you need to boot into the Recovery HD setup and launch the security app in the utility menu to change this setting.

 

If a setting was in stored nvram you wouldn't need to boot to Recovery to change it..

Micky1979
Micky1979
Posted
Posted

When NVRAM writes are blocked, how will Startup Disk be set? How will the audio volume be stored? And how will bless' bootnext work? Mhmm.

 

Probably is limited to some vars only?

nvram is already working with Chameleon?

nvram is already working with Chameleon?

            #2614             was fully working for me until Yosemite with latest FileNVRAM. Can't say with El Capitan, not installed yet.

Pike R. Alpha
Pike R. Alpha
Posted
Posted

When NVRAM writes are blocked, how will Startup Disk be set? How will the audio volume be stored? And how will bless' bootnext work? Mhmm.

Look at this:

#define CSR_VALID_FLAGS	/* Rootless configuration flags */#define CSR_ALLOW_UNTRUSTED_KEXTS		(1 << 0)
#define CSR_ALLOW_UNRESTRICTED_FS		(1 << 1)
#define CSR_ALLOW_TASK_FOR_PID			(1 << 2)
#define CSR_ALLOW_KERNEL_DEBUGGER		(1 << 3)
#define CSR_ALLOW_APPLE_INTERNAL		(1 << 4)
#define CSR_ALLOW_UNRESTRICTED_DTRACE	(1 << 5)
#define CSR_ALLOW_UNRESTRICTED_NVRAM	(1 << 6)
The last one will block writes to NVRAM in the GM, specifically changes to rootless=[0/1] because Apple said that they cannot trust root to change this setting. They will only allow changes after you boot into Recover OS (from the Recover HD) or they have to depart from this and change it later on, but I don't see that happening.
Micky1979
Micky1979
Posted
Posted

I have some difficult for understanding too, so, in this cases i use subtitles or download for watch later (carefully).

kYc.png

 

:P

Ha ha I understand everything, but to a certain point I fell asleep ...

I need for the 2° round :hysterical:

10.11.dp2

prelinkedkernel without FakeSMC

/Extra/Extensions/FakeSMC.kext + other kexts

/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext (add id 4350 for wireless)

 

test with above

 

both boot files can not boot to 10.11 with prelinkedkernel, -v only, stop at [IOBluetoothHCIController]......No FakeSMC loading.

 

1.the first boot file can boot to 10.11 with -v -f, without rootless=0, kext-dev-mode=1.

2.the second boot file can not boot to 10.11 with -v -f, without rootless=0, kext-dev-mode=1, and get kext error with AirPortBrcm4360.kext.

FYI :wink_anim:

 

Thanks, I think this need more greater adroitness

Look at this:

#define CSR_VALID_FLAGS	/* Rootless configuration flags */#define CSR_ALLOW_UNTRUSTED_KEXTS		(1 << 0)
#define CSR_ALLOW_UNRESTRICTED_FS		(1 << 1)
#define CSR_ALLOW_TASK_FOR_PID			(1 << 2)
#define CSR_ALLOW_KERNEL_DEBUGGER		(1 << 3)
#define CSR_ALLOW_APPLE_INTERNAL		(1 << 4)
#define CSR_ALLOW_UNRESTRICTED_DTRACE	(1 << 5)
#define CSR_ALLOW_UNRESTRICTED_NVRAM	(1 << 6)
The last one will block writes to NVRAM in the GM, specifically changes to rootless=[0/1] because Apple said that they cannot trust root to change this setting. They will only allow changes after you boot into Recover OS (from the Recover HD) or they have to depart from this and change it later on, but I don't see that happening.

 

Perhaps it is still too early and have to wait DP6 or 7, we are only in June.

  • Like 2
Micky1979
Micky1979
Posted
Posted

If root can disable rootless then it will be useless.

 

no is normal I would say. They can't stop root, but only user that use sudo? What's on in /etc/sudoers?

 

hahahahaha

If I stay a long time watching some videos without subtitles in English, I fall asleep too.  :P

Was also late here ^_^

Pike R. Alpha
Pike R. Alpha
Posted
Posted

The Security Configuration.app sets options/csr-active-config and this property is read/removed/synced by /AppleEFIRuntime.kext/Contents/PlugIns/AppleEFINVRAM.kext/Contents/MacOS/AppleEFINVRAM

 

I also noticed a temporarily property on options/rootless (with a value of "1cat") but it disappeared shortly afterwards. Go check NVRAM vars like com.apple.private.iokit.nvram-csr for the entitlement)

  • Like 1
Micky1979
Micky1979
Posted
Posted
I am waiting for new ssd tomorrow, after I'll do a bit of testing with Recovery HD.
Since the RecoveryHD partition can also be on an external disk (Apple have a tool for this, but also my Hera.app is good) I want to see if there's more....

 

I will create a fake app to receive arguments passed, if any.

The Security Configuration.app sets options/csr-active-config and this property is read/removed/synced by /AppleEFIRuntime.kext/Contents/PlugIns/AppleEFINVRAM.kext/Contents/MacOS/AppleEFINVRAM

I also noticed a temporarily property on options/rootless (with a value of "1cat") but it disappeared shortly afterwards. Go check NVRAM vars like com.apple.private.iokit.nvram-csr for the entitlement)

 

 

i tried to disable but gave an error.

  • Like 1
chris1111
chris1111
Posted
Posted

Hi ! Try old cdboot from Chameleon-2.0-RC4 for EL Cap ! I fix this for test !  :D  :P 

attachicon.gifcdboot.zip

Ok thanks Bronya  I try

I coming  Back in 30 Minutes  :thumbsup_anim:

 

 

015.png

 Share
Go to topic listing
×
×
  • Create New...