JahStories Posted August 15, 2015 Share Posted August 15, 2015 exactly the same. Btw I don't know why even if the kext is loaded if i try to write to nvram nothing appear on the nvram.plist at all... @ErmaC CsrActiveConfig (Hex 0x00) (Binary 00000000) (Decimal 0)Enoch.2749.0x00.zip tried this, and I can still load unsigned kexts and sip is disabled... Link to comment Share on other sites More sharing options...
blackosx Posted August 15, 2015 Share Posted August 15, 2015 exactly the same. Btw I don't know why even if the kext is loaded if i try to write to nvram nothing appear on the nvram.plist at all... Strange. Not sure why that would be. You're definitely looking at the correct nvram.plist? @ErmaC CsrActiveConfig (Hex 0x00) (Binary 00000000) (Decimal 0) Enoch.2749.0x00.zip tried this, and I can still load unsigned kexts and sip is disabled... I haven't tried with that version yet, but I will a bit later. Link to comment Share on other sites More sharing options...
Pike R. Alpha Posted August 15, 2015 Share Posted August 15, 2015 Guys, Don't forget to set bootArgs->csrActiveConfig with the value found in the nvram.plist, otherwise csrutil et all won't show the correct state. 3 Link to comment Share on other sites More sharing options...
blackosx Posted August 15, 2015 Share Posted August 15, 2015 So are you saying I should be able to change the SIP state by matching the boot-arg to the value in nvram.plist? I can't get it to be anything other then what I've had before which is what I believe to be 01 00 00 00I have the following org.chameleon.Boot.plist <key>Kernel Flags</key> <string>-v dart=0</string> <key>UseKernelCache</key> <string>Yes</string> <key>GraphicsEnabler</key> <string>Yes</string> <key>Legacy Logo</key> <string>Yes</string> <key>DropSSDT</key> <string>Yes</string> <key>Graphics Mode</key> <string>1920x1080x32</string> <key>Wait</key> <string>No</string> <key>BlackMode</key> <string>Yes</string> I have manually added a csr-active-config nvram value of zero. $ nvram -p csr-active-config %00%00%00%00 I have this in ioreg $ ioreg -lx -p IODeviceTree | grep csr-active-config "csr-active-config" = <00000000> Yet 15/08/2015 19:44:11.184 com.apple.kextd[43]: kext-dev-mode allowing invalid signature -67062 0xFFFFFFFFFFFEFA0A for kext "/tmp/DirectHW.kext" 15/08/2015 19:44:20.805 com.apple.kextd[43]: kext-dev-mode allowing invalid signature -67062 0xFFFFFFFFFFFEFA0A for kext "/tmp/VoodooHDA.kext" And always I see $ csrutil status System Integrity Protection status: disabled. I’ve also tried each of the following boot-arg settings. <key>Kernel Flags</key> <string>-v dart=0 CsrActiveConfig=0x00</string> <string>-v dart=0 CsrActiveConfig=0</string> <string>-v dart=0 CsrActiveConfig=%00%00%00%00</string> <string>-v dart=0 csrActiveConfig=00000000</string> <string>-v dart=0 csrActiveConfig=0</string> Maybe I've got the wrong case for csrActiveConfig (tried two) or the wrong syntax for the value? Link to comment Share on other sites More sharing options...
blackosx Posted August 15, 2015 Share Posted August 15, 2015 @ErmaC CsrActiveConfig (Hex 0x00) (Binary 00000000) (Decimal 0) Enoch.2749.0x00.zip tried this, and I can still load unsigned kexts and sip is disabled... Just tried this version and it does indeed enable SIP $ csrutil status System Integrity Protection status: enabled. 15/08/2015 20:45:04.708 com.apple.kextd[43]: ERROR: invalid signature for com.coresystems.driver.DirectHW, will not load 15/08/2015 20:45:06.593 com.apple.kextd[43]: ERROR: invalid signature for org.voodoo.driver.VoodooHDA, will not load This must be hard coded within Enoch and not user changeable via plist. Link to comment Share on other sites More sharing options...
blackosx Posted August 15, 2015 Share Posted August 15, 2015 Looks like for El Capitan DP4/DP5 and PB3 Enoch not work anymore.... Until now the CSR (Code Signing Restrictions) was set to 0x01 (00000001) (Thx Pike) so only untrusted kext was allowed... Pls try this UNTESTED versions: CsrActiveConfig (Hex 0x00) (Binary 00000000) (Decimal 0)Enoch.2749.0x00.zip CsrActiveConfig (Hex 0x67) (Binary 01100111) (Decimal 103)Enoch.2749.0x67.zip CsrActiveConfig (Hex 0x65) (Binary 01100101) (Decimal 101)Enoch.2749.0x65.zip Let me know... ErmaC For ref:Both Enoch.2749.0x65 and Enoch.2749.0x67 don’t allow loading unsigned kexts 15/08/2015 21:29:12.712 com.apple.kextd[43]: Untrusted kexts are not allowed 15/08/2015 21:29:12.712 com.apple.kextd[43]: ERROR: invalid signature for org.voodoo.driver.VoodooHDA, will not load 15/08/2015 21:29:13.632 com.apple.kextd[43]: Untrusted kexts are not allowed 15/08/2015 21:29:13.632 com.apple.kextd[43]: ERROR: invalid signature for com.coresystems.driver.DirectHW, will not load Link to comment Share on other sites More sharing options...
mhaeuser Posted August 15, 2015 Share Posted August 15, 2015 Pike meant the boot_args structure passed from the booter to the kernel. Look here: http://www.opensource.apple.com/source/xnu/xnu-2782.10.72/pexpert/pexpert/i386/boot.h The 'csrActiveConfig' field of the 'boot_args' struct needs to be set to the value in NVRAM. For boot solutions that load boot.efi, this is not needed as boot.efi does the job. Edit (forgot the edit message before, sorry): Misread Pike's post, updated this to fit. Link to comment Share on other sites More sharing options...
blackosx Posted August 15, 2015 Share Posted August 15, 2015 Thanks for the explanation Download-Fritz. Yes I've seen bootercfg in DumpefiCalls and I know it's used in Clover. So with Enoch here, I guess I'll leave alone trying to change the SIP setting outside of the boot file. Funny thing is I only started here trying to determine a simple way to discover a running system's SIP setting from bash script, other than trying to load a kext or trying to run dtrace and testing if they fail or not. 1 Link to comment Share on other sites More sharing options...
JahStories Posted August 15, 2015 Share Posted August 15, 2015 I'm using that boot file and sip is still not enabled... i'm on pb4 CsrActiveConfig (Hex 0x00) (Binary 00000000) (Decimal 0)Enoch.2749.0x00.zip Link to comment Share on other sites More sharing options...
blackosx Posted August 15, 2015 Share Posted August 15, 2015 Must be a difference between PB4 and DP6 Link to comment Share on other sites More sharing options...
Pike R. Alpha Posted August 15, 2015 Share Posted August 15, 2015 Just tried this version and it does indeed enable SIP $ csrutil statusSystem Integrity Protection status: enabled. SIP will also be enabled, or it can be enabled, even when csrutil shows "disabled" Note: the csrutil command line utility only checks the existence/value of property options:/csr-active-config, which is set by AppleEFINVRAM.kext when it finds the NVRAM variable (at boot time). @Download-Fritz, Yup. That is exactly what I meant to say. Note: The end of the structure is a little different, but the devs already know this: uint32_t csrActiveConfig; uint32_t csrCapabilities; uint32_t boot_SMC_plimit; uint16_t bootProgressMeterStart; uint16_t bootProgressMeterEnd; uint32_t __reserved4[726]; 2 Link to comment Share on other sites More sharing options...
JahStories Posted August 15, 2015 Share Posted August 15, 2015 how should we check sip status so? Link to comment Share on other sites More sharing options...
blackosx Posted August 15, 2015 Share Posted August 15, 2015 Thanks for the update Pike how should we check sip status so? I think we should simply check each setting by testing if it works or not. I'll create a small script to test dtrace, load a kext etc. 1 Link to comment Share on other sites More sharing options...
Micky1979 Posted August 16, 2015 Share Posted August 16, 2015 (edited) compiled yesterday by mickey, this one loads. FileNVRAM.kext-2.zip This file always need a license to be published, please edit your post my friend EDIT done Anyway was just compiled in Xcode 7 with 10.11 SDK, different compiler, source was indicated here #3293 . Thank you. That works great! @Micky1979 - any chance of a non-debug version? Yes, check the source at https://public.xzenue.com/diffusion/F/browse/master/kext/ That variable is an OS-owned variable, so it should indeed work with that Ozmosis version in my opinion. Storing that to nvram require FileNVRAM to be modified because normally load the nvram.plist with newer time stamp found on all partitions, but it should be that only on the partition that belong to, stated on what you said, but nvram is a chip soldered on the motherboard and its contents shared on all OSes .....so is that really correct? blackosx can ensure that on its real Mac Edited August 16, 2015 by Micky1979 Link to comment Share on other sites More sharing options...
mhaeuser Posted August 16, 2015 Share Posted August 16, 2015 I'm not sure if I understood the question, but yes, NVRAM is shared accross OSes as it's usually part of the Flash ROM (I think it could be on an external chip to per-spec, but not sure). What I said was only refering to blackosx wondering if it would even work with Ozmosis, not to Chameleon. Edit: Ohh, I see what you mean. By 'OS-owned' I did not mean only for that OS, but I mean it's an OS X NVRAM variable. Ozmosis has many NVRAM variables for itself, so I just wanted to clarify it is managed by OS X. 1 Link to comment Share on other sites More sharing options...
Micky1979 Posted August 16, 2015 Share Posted August 16, 2015 Edit: Ohh, I see what you mean. By 'OS-owned' I did not mean only for that OS, but I mean it's an OS X NVRAM variable. Ozmosis has many NVRAM variables for itself, so I just wanted to clarify it is managed by OS X. Yep, what I mean ...sorry I'm On Topic 1 Link to comment Share on other sites More sharing options...
crazybirdy Posted August 16, 2015 Share Posted August 16, 2015 hi guys, Chameleon Enoch r2748 works fine with -f to load /Extra/Extensions/kexts with DB4~DB6 as Clover r3259's kernel patch. :thumbsup_anim: sudo perl -pi -e 's|\xC3\x48\x85\xDB\x74\x70\x48\x8B\x03\x48\x89\xDF\xFF\x50\x28\x48|\xC3\x48\x85\xDB\xEB\x12\x48\x8B\x03\x48\x89\xDF\xFF\x50\x28\x48|g' /System/Library/Kernels/kernel Is it possible to add to Chameleon code?? .... you know!! crazybirdy 2 Link to comment Share on other sites More sharing options...
Micky1979 Posted August 16, 2015 Share Posted August 16, 2015 hi guys, Chameleon Enoch r2748 works fine with -f to load /Extra/Extensions/kexts with DB4~DB6 as Clover r3259's kernel patch. :thumbsup_anim: sudo perl -pi -e 's|\xC3\x48\x85\xDB\x74\x70\x48\x8B\x03\x48\x89\xDF\xFF\x50\x28\x48|\xC3\x48\x85\xDB\xEB\x12\x48\x8B\x03\x48\x89\xDF\xFF\x50\x28\x48|g' /System/Library/Kernels/kernel Is it possible to add to Chameleon code?? .... you know!! crazybirdy The kernel patcher....yep Hi blackosx, this:http://www.insanelymac.com/forum/files/file/453-nvrammeapp/ can be useful 1 Link to comment Share on other sites More sharing options...
JahStories Posted August 16, 2015 Share Posted August 16, 2015 my macbook pro showed enabled on csrutil status, but the ioreg -lx -p IODeviceTree | grep car-active-config "csr-active-config" = <10000000> Had to reset the nvram then ioreg -lx -p IODeviceTree | grep car-active-config gives no outputs. Link to comment Share on other sites More sharing options...
Pike R. Alpha Posted August 16, 2015 Share Posted August 16, 2015 <10000000> = 0x10/16 (the CSR_ALLOW_APPLE_INTERNAL flag) and that is normal behaviour for this command: sudo csrutil enableUse this one to write 0x00/0 instead:sudo csrutil enable --no-internalThis one writes 0x77/119:sudo csrutil disableAnd this should report the active state:sudo csrutil reportEnabling/disabling may show you one of these: SIP enabled SIP enabled / Apple Internal (with CSR_ALLOW_APPLE_INTERNAL aka 0x10/16 set) SIP disabled SIP disabled / Custom Configuration 1 Link to comment Share on other sites More sharing options...
blackosx Posted August 17, 2015 Share Posted August 17, 2015 Hi blackosx, this:http://www.insanelymac.com/forum/files/file/453-nvrammeapp/ can be useful NVRAMme.png Hi Micky1979 Not really useful for me, but I'm sure somebody will use it But well done though with your objective-C skill. You are good at it! 1 Link to comment Share on other sites More sharing options...
ErmaC Posted August 19, 2015 Author Share Posted August 19, 2015 Hi guys! I was really busy during last week... but here we go with a small update - TEST revision - --> now available in the Download section I add the ability to read a user provided CsrActiveConfig value (Integer) set in the org.chameleon.Boot.plist Example: Key in o.c.B.p <key>CsrActiveConfig</key><string>3</string>output in bdmesgSystem Integrity Protection:- Custom value set by user! CsrActiveConfig = 0x03 (00000011)If the key is not present or the provided value is bigger than 255 (8bit 11111111) a custom value is used (0x03)System Integrity Protection:- Default value CsrActiveConfig = 0x01Other output tested... System Integrity Protection:- Custom value set by user! CsrActiveConfig = 0x65 (01100101) System Integrity Protection:- Custom value set by user! CsrActiveConfig = 0x67 (01100111)Hope it help...- Also include the BlackMode options (Thx Pike for the macosxbootloader source) Work for Yosemite and El Capitan with the key "BlackMode" in your org.chameleon.Boot.plist <key>BlackMode</key><string>Yes</string>Note: still some defect with blackMode... no progressbar ErmaC 4 Link to comment Share on other sites More sharing options...
Micky1979 Posted August 19, 2015 Share Posted August 19, 2015 going to test... Last login: Wed Aug 19 06:01:14 on ttys000 MBPdiMicky1979:~ Micky1979$ /Users/Micky1979/Desktop/Pandora_test/Base/Insanelymac/PKG/Chameleon/i386/bdmesg ; exit; Enoch (r2752 ErmaC Test (CsrActiveConfig)) [2015-08-19 04:43:44] Logging started: 2015/08/19, 04:00:06 [ CPU INFO ] Sticking with [BCLK: 99Mhz, Bus-Ratio: 25] Attempting to scan GPT boot volumes [biosdev=80h]: Attempting to read GPT Read GPT Reading GPT partition 1, type C12A7328-F81F-11D2-BA4B-00A0C93EC93B Reading GPT partition 2, type 48465300-0000-11AA-AA11-00306543ECAC Attempting to scan GPT boot volumes [biosdev=81h]: Attempting to scan FDISK boot volumes [biosdev=81h]: Attempting to scan GPT boot volumes [biosdev=82h]: Attempting to read GPT Read GPT Reading GPT partition 1, type C12A7328-F81F-11D2-BA4B-00A0C93EC93B Reading GPT partition 2, type 48465300-0000-11AA-AA11-00306543ECAC Reading GPT partition 3, type 426F6F74-0000-11AA-AA11-00306543ECAC Reading GPT partition 4, type 48465300-0000-11AA-AA11-00306543ECAC Reading GPT partition 5, type 426F6F74-0000-11AA-AA11-00306543ECAC Boot UUID of '10.11' (GPT HFS+): 95B6627F-4618-34D3-8A99-8E98BE498101 Kernel Cache file path (Mac OS X 10.10 and newer): Loading Kernel Cache from: '10.11' (GPT HFS+) System Integrity Protection: - Custom value set by user! CsrActiveConfig = 0x43 (01000011) Decompressing Kernel CacheDecompressing Kernel Using lzvn OK. Using PCI-Root-UID value: 0 Skip Nvidia gfx device! [ INTEL GMA DEVICE INFO ] Class code: [0300] Intel HD Graphics 4000 [8086:0166] (rev 09) Subsystem: [103c:181d] :: PciRoot(0x0)/Pci(0x2,0x0) Using user supplied AAPL,ig-platform-id AAPL,ig-platform-id: 04006601 [ WIRELESS DEVICE INFO ] Class code: [0280] EnableWifi = Yes Setting up wifi keys Atheros AR9285 Wireless Network Adapter [168c:002b] PciRoot(0x0)/Pci(0x1c,0x3)/Pci(0x0,0x0) [ ETHERNET DEVICE INFO ] Class code: [0200] EthernetBuiltIn = No Realteck RTL8111/8168 PCI-E Gigabit Ethernet [10ec:8168] PciRoot(0x0)/Pci(0x1c,0x5)/Pci(0x0,0x0) [ DRAM CONTROLLER ] SMBus CmdReg: 0x3 Scanning SMBus [8086:1e22], mmio: 0xd4615004, ioport: 0x5040, hostc: 0x1 SPD[0] (size): 146 @0x50 Slot: 0 Type 24 4096MB (DDR3 SDRAM) 1600MHz Vendor=Micron Technology PartNo=16KTF51264HZ-1G6M1M1 SerialNo=EA70D331 SPD[0] (size): 255 @0x51 SPD[0] (size): 146 @0x52 Slot: 2 Type 24 4096MB (DDR3 SDRAM) 1600MHz Vendor=Micron Technology PartNo=16KTF51264HZ-1G6M1M1 SerialNo=EA70D32F SPD[0] (size): 255 @0x53 SPD[0] (size): 255 @0x54 SPD[0] (size): 255 @0x55 SPD[0] (size): 255 @0x56 SPD[0] (size): 255 @0x57 CPU is Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz, family 0x6, model 0x3a SMBIOS orig was = fe120 SMBIOS new is = 3276000 SMBIOS rev.: 2.4, DMI rev.: 2.4 Handle: 0x0001, DMI type 17, 27 bytes Memory Device Error Information Handle: No Error Size: 4096 MB Form Factor: SODIMM Locator: Bottom-Slot 1(top) Bank Locator: BANK 0 Memory Type: DDR3 Speed: 1600 MHz Manufacturer: Micron Technology Serial Number: ** PRIVATE ** Asset Tag: Unknown Part Number: 16KTF51264HZ-1G6M1M1 Handle: 0x0005, DMI type 17, 27 bytes Memory Device Error Information Handle: No Error Size: 4096 MB Form Factor: SODIMM Locator: Bottom-Slot 2(under) Bank Locator: BANK 2 Memory Type: DDR3 Speed: 1600 MHz Manufacturer: Micron Technology Serial Number: ** PRIVATE ** Asset Tag: Unknown Part Number: 16KTF51264HZ-1G6M1M1 Handle: 0x000C, DMI type 0, 24 bytes BIOS Information Vendor: Apple Inc. Version: MBP91.88Z.00D3.B00.1203211536 Release Date: 21/03/12 BIOS Revision: 0.1 Handle: 0x000D, DMI type 1, 27 bytes System Information Manufacturer: Apple Inc. Product Name: MacBookPro9,2 Version: 1.0 Serial Number: ** PRIVATE ** UUID: ** PRIVATE ** Wake-up Type: Power Switch SKU Number: Default SKU# Family: MacBook Pro Handle: 0x000E, DMI type 2, 16 bytes Base Board Information Manufacturer: Apple Inc. Product Name: Mac-6F01561E16C75D06 Version: 52.23 Serial Number: ** PRIVATE ** Asset Tag: Default Asset Tag# Location In Chassis: Type2 - Board Chassis Location Type: Motherboard Handle: 0x000F, DMI type 3, 21 bytes Chassis Information Manufacturer: Apple Inc. Type: Unknown Version: Chassis Version Serial Number: ** PRIVATE ** Asset Tag: Default Asset Tag# Handle: 0x0024, DMI type 11, 5 bytes OEM Strings String 1: $HP$ String 2: LOC#ABZ String 3: ABS 70/71 78 79 7A 7B String 4: CNB1 0790100000205710000620100 String 5: HP_Mute_LED_0_0 String 6: String6 for Original Equipment Manufacturer String 7: String7 for Original Equipment Manufacturer String 8: String8 for Original Equipment Manufacturer Handle: 0x0037, DMI type 4, 38 bytes Processor Information Socket Designation: U3E1 Type: Central Processor Family: 0xCD Manufacturer: Intel(R) Corporation ID: 0x306A9 Version: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz External Clock: 0 MHz Max Speed: 2494 MHz Current Speed: 2500 MHz Upgrade: Socket rPGA988B Serial Number: ** PRIVATE ** Asset Tag: To Be Filled By O.E.M. Part Number: To Be Filled By O.E.M. Core Count: 2 Core Enabled: 2 Thread Count: 4 Handle: 0x003B, DMI type 131, 6 bytes Apple specific Processor Type Cpu-type = 0x0604 Handle: 0x003C, DMI type 132, 6 bytes Apple specific Processor Interconnect Speed QPI = 25100 MT/s Handle 0x003d, DMI type 127, 4 bytes End of Table Adding device-properties string to DT [ ACPI PATCHER ] Table /Extra/DSDT.aml read and stored at: 327a000 Generating P-States config: No Generating C-States config: No ACPI Table not found: SSDT.aml No ACPI version 1 found. Ignoring RSDP version 2 found @fe020. Length=36 RSDT @9affe124, Length 100 TABLE FACP, FADT found @9affb000, Length 268 FACP Restart Fix applied! Hardware Signature=0x00000000: using. DSDT: Old @9afe4000,9afe4000, New @327a000,327a000 FADT: Using custom DSDT! TABLE UEFI, TABLE ASF!, TABLE HPET, TABLE APIC, TABLE MCFG, TABLE SLIC, TABLE WDAT, TABLE SSDT, TABLE BOOT, TABLE ASPT, TABLE DBGP, TABLE FPDT, TABLE SSDT, TABLE SSDT, TABLE SSDT, RSDT: Original checksum 224, New checksum 30 at 328f000 XSDT @0;9affe210, Length=164 FADT found @09affb000, Length 268 FACP Restart Fix applied! Hardware Signature=0x00000000: using. DSDT: Old @9afe4000,9afe4000, New @327a000,327a000 FADT: Using custom DSDT! copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) copied (OEM) RSDP: Original checksum 119, New checksum 250 RSDP: Original extended checksum 81, New extended checksum 160 ACPI version 2 patching finished Adding booter El Captain properties to the Platform Expert Attempting to loading drivers from "Extra" reposytories: Starting Darwin/x86_64 [Darwin Kernel Version 15.0.0: Sun Jul 26 19:48:55 PDT 2015; root:xnu-3247.1.78~15/RELEASE_X86_64] Boot Args: debug=0x14e logout Saving session... ...copying shared history... ...saving history...truncating history files... ...completed. [Processo completato] CsrActiveConfig = 67 in ocbp, in bdmesg: CsrActiveConfig = 0x43 (01000011) You meant the value must be an integer/decimal in ocbp? Link to comment Share on other sites More sharing options...
ErmaC Posted August 19, 2015 Author Share Posted August 19, 2015 Yep use decimal value... CsrActiveConfig (Hex 0x00) (Binary 00000000) in Decimal is 0 CsrActiveConfig (Hex 0x67) (Binary 01100111) in Decimal is 103 CsrActiveConfig (Hex 0x65) (Binary 01100101) in Decimal is 101 ErmaC 2 Link to comment Share on other sites More sharing options...
Micky1979 Posted August 19, 2015 Share Posted August 19, 2015 Fabio why not add a node in ioreg? someting like : "/csr" config=01100111 ...can be usefull 1 Link to comment Share on other sites More sharing options...
Recommended Posts