Jump to content

Clover General discussion


ErmaC
30,171 posts in this topic

Recommended Posts

I liked this post earlier but having reread it I feel it could be interpreted as liking Pike's retort back to Download-Fritz where infact I was liking Pike's description of his proof of concept. I have therefore quoted above only the part I liked.

 

Haha, chill, it's all good. I just didn't see the direct purpose of this PoC to be honest.

That kext signature is only checked when creating the cache and not from cache itself has been known since it was introduced in OS X Yosemite. You could boot with kext-dev-mode, create the cache with unsigned kexts and reboot without the flag fine. And in my opinion, the PoC is pretty much the same except for the fact that the file path is changed. No offense meant to anyone though, just my direct thoughts. Correct me all day if you want, but I ask you to do it in a proper way instead of accusing me of assuming things I did not, e.g. that the idea is not good which I said in no direct way.

 

I will play around with stuff and see if I'm capable of writing up some code to append kexts to the prelinkedkernel in-memory, though don't count on me. Beside being a little busy with other stuff, I'm also mostly unexperienced.

 

EDIT: I saw Mr. Alpha edited his blog post saying the information was pretty unknown and saying it after he published his post is unfair. If it was known, it would have been implemented in Chameleon or Clover, right? Well... I always wondered, what business do the boot solutions have setting or managing Apple NVRAM variables? They are supposed to deliver features that the user didn't have before, though editing NVRAM is not one of them in my opinion. If the user wants kext-dev-mode enabled, the user can set it (either via hardware NVRAM, FileNVRAM, EmuVariableDrv or whatever). If he doesn't want it, he can just not set it. I always hated it when the boot solution thought it knew better than me and didn't let me manage the setup the way I wanted it (though recently I'm quite happy ;) )

Anyways, I didn't use Mavericks in ages and Yosemite not since El Capitan was out. I can't proof it, but I have no reason to lie. That piece of knowledge is not rocket science but an experiment of boredom maybe lasting 5 minutes. I saw quite a few users in chat saying they did it that way and being so happy they didn't need to use the flag after. ;)

  • Like 5
Link to comment
Share on other sites

Nice blackosx. does this also affect kext-dev-mode in yosemite?

As far as I see yosemite kernel sources it affects.

I still can't upload new installer because sf.net is still not full functional. Upload service is not working yet. Wait, please.

  • Like 1
Link to comment
Share on other sites

You could always post it here while waiting for SF to get their act together.

 

I haven't touched my laptop since everything went south on the Z68 with DP4. It's still running PB1. So if the current Clover will allow injection etc to work as before it would be nice to upgrade to that and try PB2.

 

Although it's currently tied-up with the Windows 10 update.

Link to comment
Share on other sites

As far as I see yosemite kernel sources it affects.

I still can't upload new installer because sf.net is still not full functional. Upload service is not working yet. Wait, please.

I know how you feel about github.com. But I can only recommend to migrate to it or better to gitlab.com

  • Like 1
Link to comment
Share on other sites

Thanks for the recent csr additions slice. After some testing this morning I can confirm the CsrActiveConfig settings are working. But I’m still not sure what the BooterConfig setting does, other than write the bootercfg nvram var which we see in the DumpUefiCalls log.

 

This is what i used for my testing:...

You can run
csrutil enable/disable/status/report
Optionally with --no-internal.
  • Like 2
Link to comment
Share on other sites

You can run

csrutil enable/disable/status/report
Optionally with --no-internal.

 

Small correction: 

p70:~ Lex$ csrutil report

csrutil: invalid command report

usage: csrutil <command>

Modify the System Integrity Protection configuration. All configuration changes apply to the entire machine.

Available commands:

 

    disable

        Disable the protection on the machine. Requires a reboot.

    enable

        Enable the protection on the machine. Requires a reboot.

    status

        Display the current configuration.

Link to comment
Share on other sites

Hi everyone,

 

I have a problem with AppleTYMCEdriver's patch with clover. I use a mac pro 4,1 as SMBIOS, because my GTX 760 is faster with a mac pro 4,1 than a mac pro 3,1. Now I see on clover wiki page that there is a patch for appleTYMCEdrive, now i use it but when I start yosemite i have a KP with AppleTYMCEdriver so I must delete file from windows. I hope someone can help me, because I every time upgrade Yosemite I have a Kp. This is my config.plist

config.plist.zip

Link to comment
Share on other sites

You can run

csrutil enable/disable/status/report
Optionally with --no-internal.

 

Thanks for the tip. I'll try it this evening.

Hi everyone,

 

I have a problem with AppleTYMCEdriver's patch with clover. I use a mac pro 4,1 as SMBIOS, because my GTX 760 is faster with a mac pro 4,1 than a mac pro 3,1. Now I see on clover wiki page that there is a patch for appleTYMCEdrive, now i use it but when I start yosemite i have a KP with AppleTYMCEdriver so I must delete file from windows. I hope someone can help me, because I every time upgrade Yosemite I have a Kp. This is my config.plist

You should be able to boot in to OS X's single-user mode using -s kernel flag

Then I'm not entirely sure of the exact steps but you can remove the driver using something like this:

mount -uw /
rm -rf /system/library/extensions/appletymcedriver.kext
exit
Link to comment
Share on other sites

 

Thanks for the tip. I'll try it this evening.

You should be able to boot in to OS X's single-user mode using -s kernel flag

Then I'm not entirely sure of the exact steps but you can remove the driver using something like this:

mount -uw /
rm -rf /system/library/extensions/appletymcedriver.kext
exit

 

Correct me if I'm wrong but I think the exact syntax is :

/sbin/mount -uw /
rm -rf /System/Library/Extensions/AppleTyMCEDriver.kext
exit
Link to comment
Share on other sites

 

Correct me if I'm wrong but I think the exact syntax is :

/sbin/mount -uw /
rm -rf /System/Library/Extensions/AppleTyMCEDriver.kext
exit

 

Thanks of the correction polyzargone.

I did say I wasn't entirely sure of the exact steps top of my head.

 

Mount -uw / works also, the path and filename are case sensitive though. 

  • Like 1
Link to comment
Share on other sites

$ csrutil status
System Integrity Protection status: disabled.

I was hoping for something more detailed. :)

 

EDIT:

Welcome to DarwinDumper 2.9.9b3
Wed Jul 29 19:30:30 BST 2015
System Version: OS X 10.11 (15A235d)
Security Integrity Configuration: Custom

This is a little better.

  • Like 1
Link to comment
Share on other sites

Hi devs, I've been having some trouble building the installer lately but I'm not sure if it's a Clover or CloverGrowerPro issue.

 

ld: file not found: /usr/lib/system/libsystem_stats.dylib for architecture x86_64

collect2: error: ld returned 1 exit status

make[2]: *** [../bin/GnuGenBootSector] Error 1

make[1]: *** [GnuGenBootSector] Error 2

make: *** [source/C] Error 2

Cloverx64 release  ERROR!!

 
And indeed the file "libsystem_stats.dylib" doesn't exist in that folder in 10.11 beta5. 
Link to comment
Share on other sites

EDIT: I saw Mr. Alpha edited his blog post saying the information was pretty unknown and saying it after he published his post is unfair. If it was known, it would have been implemented in Chameleon or Clover, right? Well... I always wondered, what business do the boot solutions have setting or managing Apple NVRAM variables? They are supposed to deliver features that the user didn't have before, though editing NVRAM is not one of them in my opinion. If the user wants kext-dev-mode enabled, the user can set it (either via hardware NVRAM, FileNVRAM, EmuVariableDrv or whatever). If he doesn't want it, he can just not set it. I always hated it when the boot solution thought it knew better than me and didn't let me manage the setup the way I wanted it (though recently I'm quite happy ;) )

Anyways, I didn't use Mavericks in ages and Yosemite not since El Capitan was out. I can't proof it, but I have no reason to lie. That piece of knowledge is not rocket science but an experiment of boredom maybe lasting 5 minutes. I saw quite a few users in chat saying they did it that way and being so happy they didn't need to use the flag after. ;)

Well hello. Please read my blog post again (edited for clarity) and then remember that it is about kext injection in El Capitan with full SIP already in place. Also. I wasn't talking about implementing NVRAM settings. Just plain kext injection, but the proper way, which is still not done. Yes. I wonder why nobody told slice how he could fix it, but then again the DP4 that broke kext injection is how old again?

 

About the people who told you that they had been using "this" (whatever that may be) before, is rubbish. My POC is about El Capitan, and I do this without kext-dev-mode (in Mavericks/Yosemite) and/or rootless=0 in El Capitan. Neither do I need any of the CSR flags. That makes it a totally different story.

  • Like 4
Link to comment
Share on other sites

Now that I was able to update Clover to r3251 thanks to FredWst sharing the installer I successfully updated to PB2 and then PB3. Kexts are in /L/E and CsrActiveConfig is set to 0x65.

Will it work without doing those things and just updating Clover to 3251? Will Clover automatically set all those things up? Also, will the old method (adding the kexts in Clover/kexts) still work for the installer (assuming you want to start fresh with DP4 or PB2 and you need to create an USB installer with Clover as bootloader)? I'm currently on DP3, with the kexts in Clover/kexts, as usual and not necessarily looking for a fresh install right now. But it's still good to know for when I will need to make a fresh install.

Also, will this method do any harm to the current Yosemite partitions?

 

Also, if I do need to do those things (move kexts around and set things up), how do I set CsrActiveConfig to 0x65 (is it something in config.plist?) and what does that mean/do? Sorry for the noob questions but if I don't ask, I'll never understand. So I prefer to ask, understand, and become a little bit less of a noob. :)

Link to comment
Share on other sites

It won't set up the RtVariables. These have to be added to your config.plist. Otherwise SIP is active and the kexts will be omitted from the post-update cache rebuild. This post from blackosx explains the CSR variables (I also added the BooterConfig one though I'm not really sure what it does). Look at the 8 digits in the brackets after 0x67. Now look at the list of CSR values from bottom to top and you'll see the matching pattern of the 0 and 1s. You enable or disable the values using 0 or 1 and list them in a string starting from the bottom of the list. When you convert the binary string to hex you get 0x67.

 

Injection still doesn't work from EFI. So if (like me) you want to be able to boot a vanilla installer you'll have to stick with DB3 or PB1 and then copy the kexts to /L/E afterwards. Not ideal, but we just have to wait for the Clover guys to get injection working again.

  • Like 2
Link to comment
Share on other sites

×
×
  • Create New...