Jump to content
ErmaC

Clover General discussion

21,080 posts in this topic

Recommended Posts

Advertisement

Could battle egos all day/week/year , a novel idea would be- work on the injection problem instead. I know, im a revoultionary thinker. :lol:

Share this post


Link to post
Share on other sites

 

Could battle egos all day/week/year , a novel idea would be- work on the injection problem instead. I know, im a revoultionary thinker. :lol:

It has nothing to do with ego's. Really. Thing is. Apple's boot.efi boots up by default with 0x0 (more secure) and Clover with 0x67 (less secure) and that makes it less secure.

Share this post


Link to post
Share on other sites

I think the laughter comes from the primary real-world effect of CSR being to lock out FakeSMC unless you can get a kext signing certificate (Good luck, now!).

 

0x00 is mostly just CYA from Apple, to remove a potential attack vector that could hit millions of Macs.

 

Hopefully they'll continue to keep OS X open enough for us few hackers and our cheep x86 hardware . . .

Share this post


Link to post
Share on other sites

Personally, I've never had a problem with security in OS X over the last ten years and even if we exclude this new SIP Mac OS is the most secure its ever been.

Yes You are right!

Share this post


Link to post
Share on other sites

Still can not disable csr using Clover 3253

shyhjie@temps-mbp ~ $ csrutil status
System Integrity Protection status: enabled.

nvram -p shows nvram is set correctly, also tried 0x55

shyhjie@temps-mbp ~ $ nvram -p
bootercfg   (%00
fmm-computer-name   temps-mbp
prev-lang:kbd   en:0
security-mode   none
efi-boot-device <array><dict><key>IOMatch</key><dict><key>IOProviderClass</key><string>IOMedia</string><key>IOPropertyMatch</key><dict><key>UUID</key><string>AA82655B-00B3-4282-90D1-536D4EA6B3BB</string></dict></dict></dict></array>
backlight-level H%04
tbt-options %04
efi-boot-device-data    %02%01%0c%00%d0A%03%0a%00%00%00%00%01%01%06%00%02%1f%03%12%0a%00%00%00%00%00%00%00%04%01*%00%03%00%00%00%00pV%09%00%00%00%00%e00%cd"%00%00%00%00[e%82%aa%b3%00%82B%90%d1SmN%a6%b3%bb%02%02%7f%ff%04%00
LocationServicesEnabled %01
csr-active-config   g%00%00%00

kernel version and boot param, with/without rootless = 0 doesn't matter.

shyhjie@temps-mbp ~ $ uname -a
Darwin temps-mbp 15.0.0 Darwin Kernel Version 15.0.0: Tue Jul 21 21:47:25 PDT 2015; root:xnu-3247.1.68~32/RELEASE_X86_64 x86_64
shyhjie@temps-mbp ~ $ bdmesg|grep kext-dev
16:447  6:016  EDITED: -v -xcpm kext-dev-mode=1

Share this post


Link to post
Share on other sites

Apple's boot.efi boots up by default with 0x0 (more secure) and Clover with 0x67 (less secure) and that makes it less secure.

Why with 0x67 is less secure?

Share this post


Link to post
Share on other sites

 

Still can not disable csr using Clover 3253

shyhjie@temps-mbp ~ $ csrutil status
System Integrity Protection status: enabled.

nvram -p shows nvram is set correctly, also tried 0x55

shyhjie@temps-mbp ~ $ nvram -p
bootercfg   (%00
fmm-computer-name   temps-mbp
prev-lang:kbd   en:0
security-mode   none
efi-boot-device <array><dict><key>IOMatch</key><dict><key>IOProviderClass</key><string>IOMedia</string><key>IOPropertyMatch</key><dict><key>UUID</key><string>AA82655B-00B3-4282-90D1-536D4EA6B3BB</string></dict></dict></dict></array>
backlight-level H%04
tbt-options %04
efi-boot-device-data    %02%01%0c%00%d0A%03%0a%00%00%00%00%01%01%06%00%02%1f%03%12%0a%00%00%00%00%00%00%00%04%01*%00%03%00%00%00%00pV%09%00%00%00%00%e00%cd"%00%00%00%00[e%82%aa%b3%00%82B%90%d1SmN%a6%b3%bb%02%02%7f%ff%04%00
LocationServicesEnabled %01
csr-active-config   g%00%00%00

kernel version and boot param, with/without rootless = 0 doesn't matter.

shyhjie@temps-mbp ~ $ uname -a
Darwin temps-mbp 15.0.0 Darwin Kernel Version 15.0.0: Tue Jul 21 21:47:25 PDT 2015; root:xnu-3247.1.68~32/RELEASE_X86_64 x86_64
shyhjie@temps-mbp ~ $ bdmesg|grep kext-dev
16:447  6:016  EDITED: -v -xcpm kext-dev-mode=1

Are you using EmuVariableUEFI? 

Share this post


Link to post
Share on other sites

Are you using EmuVariableUEFI? 

No, I did not have EmuVariableUEFI.efi, but after I install EmuVariableUEFI-64.efi , and I saw EmuVariableUEFI-64.efi load success, initialize success... in my bdmesg.

 

csrutils status still enabled.

Share this post


Link to post
Share on other sites

No, I did not have EmuVariableUEFI.efi, but after I install EmuVariableUEFI-64.efi , and I saw EmuVariableUEFI-64.efi load success, initialize success... in my bdmesg.

 

csrutils status still enabled.

Did you try disabling it from recovery?

 

If not, you can try booting into your Recovery partition, opening up a Terminal window, and typing:

 

csrutil disable

Although adding

<key>RtVariables</key>
    <dict>
        <key>CsrActiveConfig</key>
        <string>0x67</string>
        <key>BooterConfig</key>
        <string>0x28</string>
    </dict>

in Clover config plist, should have the same effect.

 

Also, I've got a question: is anyone else having reboots almost immediately after successfully booting into EC? The system just reboots once, sometimes twice, then it's all fine. Is this from the update (running PB3 right now, build 15A234d), or something in Clover? Any idea?

 

I remember having these issues with Yosemite as well, back when it was in Beta. So...I wouldn't be surprised if it was something from the updates.

Share this post


Link to post
Share on other sites

No, I did not have EmuVariableUEFI.efi, but after I install EmuVariableUEFI-64.efi , and I saw EmuVariableUEFI-64.efi load success, initialize success... in my bdmesg.

 

csrutils status still enabled.

I do not use EmuVariableUEFI, but if installed it can cause problems reading from Nvram. 

 

Disabled csr with csrutil disable in PB2, do not know if it works with PB3, since enabling it will give an error.

p70:~ Lex$ csrutil enable
csrutil: failed to modify system integrity configuration. This tool needs to be executed from the Recovery OS.

Not the way it was intended by Clover, but should be tested. I'm wondering if OS X even reads the values for csr from the Nvram in DP5 and PB3. 

Share this post


Link to post
Share on other sites

I do not use EmuVariableUEFI, but if installed it can cause problems reading from Nvram. 

 

Disabled csr with csrutil disable in PB2, do not know if it works with PB3, since enabling it will give an error.

p70:~ Lex$ csrutil enable
csrutil: failed to modify system integrity configuration. This tool needs to be executed from the Recovery OS.

Not the way it was intended by Clover, but should be tested. I'm wondering if OS X even reads the values for csr from the Nvram in DP5 and PB3. 

 

csrutil disable works from Recovery, in PB3. Doesn't work from the OS though.

 

And I'm using EmuVariableUEFI-64 with no issues. 

Share this post


Link to post
Share on other sites

csrutil disable works from Recovery, in PB3. Doesn't work from the OS though.

 

And I'm using EmuVariableUEFI-64 with no issues. 

Depends on the system i think, on the Acer and Toshiba in my sig, with it i could not store nvram variables, on the Dell it was a mandatory driver. 

Thank you for the feedback on the csrutil disable :)

Share this post


Link to post
Share on other sites

Its where apple wants you to put 3rd party kexts. Stay out of SLE!

 

Okay, I'm really confused now. I thought the whole point of Clover was to keep any and all kexts away from S/L/E or L/E and to have them injected from EFI/CLOVER/kexts. Isn't that right? I have my FakeSMC.kext, realtekALC.kext, and RealtekRTL8111.kext in that folder and them seem to inject fine and work properly. Am I wrong to assume that?

 

Where is the proper place to put additional kexts when using Clover?

 

Thanks!

Share this post


Link to post
Share on other sites

hello

 

what u quote is related to 10.11 El Capo

 

if u don't are running that .. the kext should be in kexts/10.10 to be injected in cache ..

 

only is broken in 10.11

 

good hack

Share this post


Link to post
Share on other sites

At least there's less stuff in /L/E. If point upgrades don't mess with FakeSMC in /L/E, this will be just as good as being in the EFI.

Heck, I could even just reduce my CSR flag to unsigned kexts, 0x01. 

 

Scary having my Mackintosh hanging by a single bit, but there we are : )

Share this post


Link to post
Share on other sites

only is broken in 10.11

Dummy kexts/Info.plists work

Kext w/executable code do not (even with SIP completely disabled)

Aug  1 19:44:41 localhost kernel[0]: Not entitled to link kext 'org.netkas.driver.FakeSMC'
Aug  1 19:44:41 localhost kernel[0]: Failed to load executable for kext org.netkas.driver.FakeSMC.
Aug  1 19:37:59 localhost kernel[0]: Not entitled to link kext 'com.insanelymac.IntelMausiEthernet'
Aug  1 19:37:59 localhost kernel[0]: Failed to load executable for kext com.insanelymac.IntelMausiEthernet.

Share this post


Link to post
Share on other sites

Hey Guys, can anyone explain me what do these three options?

 

CSR_ALLOW_TASK_FOR_PID
CSR_ALLOW_UNRESTRICTED_DTRACE
CSR_ALLOW_UNRESTRICTED_NVRAM

Share this post


Link to post
Share on other sites

 

Hey Guys, can anyone explain me what do these three options?

 

CSR_ALLOW_TASK_FOR_PID
CSR_ALLOW_UNRESTRICTED_DTRACE
CSR_ALLOW_UNRESTRICTED_NVRAM

 

 

Not sure about the first one.... PID=Process Identifier? Setting it to 1 enables it to run tasks, and setting it to 0 disables it. Did I get this right? Can anyone confirm?

 

For the second one, setting it to 1 activates unrestricted access for DTrace. Setting it to 0 will disable it.

 

About DTrace (source: wiki):

DTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kernel and application problems on production systems in real time. Originally developed for Solaris, it has since been released under the free Common Development and Distribution License (CDDL) and has been ported to several other Unix-like systems (that includes OS X).

 

For the third one, setting it to 1 activates unrestricted access to NVRAM editing. Setting it to 0 will disable it.

 

About NVRAM (source: wiki):

Non-volatile random-access memory (NVRAM) is random-access memory that retains its information when power is turned off (non-volatile). This is in contrast to dynamic random-access memory (DRAM) and static random-access memory (SRAM), which both maintain data only for as long as power is applied.

The best-known form of NVRAM memory today is flash memory.

 

Also, I've got one issue. I can't turn off my computer anymore. The display goes to idle, so I'm guess the video card is disabled, but the power is still provided to the board and I think the CPU is also running.

Before, I was having the same issue when setting the computer to Sleep (issue is still there). And to prevent that, I just set it to not go to Sleep automatically anymore. But I don't remember having that kind of issues for Shut Down. Looks like it tries to go into Sleep mode instead of shutting down.

 

Any idea?

Share this post


Link to post
Share on other sites

Joking...

Oh, come on, man! :)) If you know how to get this fixed, please, tell me. It's driving me crazy. And you joking about it doesn't make it any better. :))

Share this post


Link to post
Share on other sites

 

Hey Guys, can anyone explain me what do these three options?

 

CSR_ALLOW_TASK_FOR_PID
CSR_ALLOW_UNRESTRICTED_DTRACE
CSR_ALLOW_UNRESTRICTED_NVRAM

 

 

 

Not sure about the first one.... PID=Process Identifier? Setting it to 1 enables it to run tasks, and setting it to 0 disables it. Did I get this right? Can anyone confirm?

 

For the second one, setting it to 1 activates unrestricted access for DTrace. Setting it to 0 will disable it.

 

About DTrace (source: wiki):

DTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kernel and application problems on production systems in real time. Originally developed for Solaris, it has since been released under the free Common Development and Distribution License (CDDL) and has been ported to several other Unix-like systems (that includes OS X).

 

For the third one, setting it to 1 activates unrestricted access to NVRAM editing. Setting it to 0 will disable it.

 

About NVRAM (source: wiki):

Non-volatile random-access memory (NVRAM) is random-access memory that retains its information when power is turned off (non-volatile). This is in contrast to dynamic random-access memory (DRAM) and static random-access memory (SRAM), which both maintain data only for as long as power is applied.

The best-known form of NVRAM memory today is flash memory.

 

Also, I've got one issue. I can't turn off my computer anymore. The display goes to idle, so I'm guess the video card is disabled, but the power is still provided to the board and I think the CPU is also running.

Before, I was having the same issue when setting the computer to Sleep (issue is still there). And to prevent that, I just set it to not go to Sleep automatically anymore. But I don't remember having that kind of issues for Shut Down. Looks like it tries to go into Sleep mode instead of shutting down.

 

Any idea?

Thanks man but at the moment of usability how these three options benefit me. Ex. if I don't use CSR_ALLOW_UNRESTRICTED_NVRAM, NVRAM no longer works on the motherboars that use RTvariables ???

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Jancey
      I used this command: diskutil info disk0s2 | grep -i "Partition UUID" | rev | cut -d' ' -f 1 | rev

      But I accidentally removed the wrong disk and now my main windows drive is not appearing in the bootloader. I can't figure out how to get it back. I tried resetting my windows drive, but I kept getting an error. I also reset my mac and reinstalled Catalina.
    • By gengstapo
      @Hervé
       
      Im having similar issue with my HS setup, dell latitute 3480, i5-7200U
      Once the hdmi plugged in, the laptop display went blank, only could see the external tv
      But, when i put my laptop to sleep & wake up again, both screen got display (hdmi still connected)
      Even the hdmi could be plugged off & in (after sleep), the laptop display is fine
       
      What could be the culprit?
      Dell’s MacBook Pro IORegistry.zip
      config.plist.zip
    • By TomZanna
      Hi, I'm trying to install Mac Os Catalina on a HP 550-132NL.
      The system has:
      i7-6700
      RAM 12 GB
      GT 730
      LAN Realtek RTL8161
      ALC3863
       
      It passes the verbose phase but after the Apple logo goes away, it gets stuck on a grey screen and I can only move the pointer.
      Can I try to boot with the iGPU?
       
      origin.zip
      CLOVER_dGPU_USB_3.zip
    • By MaLd0n
      ---TUTORIAL---
      https://www.olarila.com/topic/5794-guide-install-macos-with-olarila-image-step-by-step-install-and-post-install-windows-or-mac/
       
      --Original Post--
      https://www.olarila.com/topic/6531-olarila-hackbeast-z390-designare-thunderbolt-full-dsdt-patches-clover-opencore/
       
      --Bios/UEFI Settings--
       
      *Update bios/uefi to F7+*
      1- Go to M.I.T./Advanced Frequency Settings tab
       
      Extreme Memory Profile (X.M.P.) - Profile 1
       
      2- Go to BIOS tab
       
      CSM Support - Disabled
       
      3- Go to Peripherals/Thunderbolt(TM) Configuration tab
       
      Security Level - No Security
      Thunderbolt USB Support - Enabled
      GPIO3 Force Pwr - Enabled
       
      4- Go to Chipset tab
       
      Internal Graphics - Enable
       
      ---CLOVER FOLDER---
      https://olarila.com/files/Clover.Folder/EFI CLOVER Z390 DESIGNARE.zip
      *Use this folder with FULL DSDT PATCHED
       
      ---OPENCORE FOLDER---
      https://www.olarila.com/topic/6364-mojave-catalina-on-mobos-series-100200300-with-opencore-bootloader/
      *Use this folder with FULL DSDT PATCHED
       
       
      ---Extract one Full dump for DSDT edits, post files---
       
      RunMe.app
       
       
       
      ---HARDWARE---
       
      --MOBO

      GIGABYTE Z390 DESIGNARE
      -Link
      https://www.amazon.com/Z390-DESIGNARE-Gigabyte-Thunderbolt-Motherboard/dp/B07K8RJZRG/ref=sr_1_1?keywords=Z390+DESIGNARE&qid=1565492390&s=electronics&sr=1-1

      --PROCESSOR

      Intel Core i9-9900K
      -Link
      https://www.amazon.com/Intel-i9-9900K-Desktop-Processor-Unlocked/dp/B005404P9I/ref=sr_1_1_sspa?keywords=Intel+Core+i9-9900K&qid=1553358099&s=gateway&sr=8-1-spons&psc=1

      --COOLER

      CORSAIR H100i RGB PLATINUM AIO Liquid CPU Cooler
      -Link
      https://www.amazon.com/CORSAIR-H100i-PLATINUM-Liquid-Cooler/dp/B07JWB5BSN/ref=sr_1_4?keywords=WATER+COOLER+CPU&qid=1565492509&s=gateway&sr=8-4

      --MEMORY

      Corsair CMW32GX4M2C3200C16 Vengeance RGB PRO 32GB (2x16GB) DDR4 3200 (PC4-25600)
      -Link
      https://www.amazon.com/Corsair-CMW32GX4M2C3200C16-Vengeance-PC4-25600-Desktop/dp/B07GTG2T7L/ref=sr_1_15?keywords=memory+ddr4+32&qid=1553358238&s=gateway&sr=8-15

      --GPU

      MSI RX Vega 64 AIR Boost 8G OC
      -Link
      https://www.amazon.com/MSI-RX-64-AIR-8G/dp/B07DH7S1X1/ref=sr_1_2?keywords=vega+64+gigabyte&qid=1565492819&s=electronics&sr=1-2

      --SSD

      Samsung 970 EVO 1TB SSD (MZ-V7E1T0BW) NVMe M.2 V-NAND
      -Link
      https://www.amazon.com/Samsung-970-EVO-1TB-MZ-V7E1T0BW/dp/B07BN217QG/ref=sr_1_1?keywords=s+samsung+970+evo+1tb&qid=1565493002&s=electronics&sr=1-1

      --POWER SUPPLY

      EVGA Supernova 1000 P2 80+ Platinum, 1000W ECO Mode Fully Modular 
      -Link
      https://www.amazon.com/EVGA-Supernova-Platinum-Crossfire-220-P2-1000-XR/dp/B00EKJQM5E/ref=sr_1_3?keywords=power+supply+1000w&qid=1565493196&s=gateway&sr=8-3

      --WIRELESS

      TP-Link Archer T9E
      -Link
      https://www.amazon.com/TP-Link-Archer-T9E-Beamforming-Technology/dp/B00TQEX7AQ/ref=sr_1_1?keywords=TP-Link+Archer+T9E&qid=1553358397&s=gateway&sr=8-1

      --CASE

      Thermaltake Core P5 Tempered Glass Black Edition ATX Open Frame Panoramic Viewing
      -Link
      https://www.amazon.com/Thermaltake-Tempered-Panoramic-Certified-CA-1E7-00M1WN-03/dp/B01N4IGVSC/ref=sr_1_2?keywords=Thermaltake+Core+P5&qid=1565493567&s=gateway&sr=8-2

      --DSDT Patches--
      -FIX ACPI ERRORS -FIX OEM SSDTs to AVOID ERRORS AND WARNINGS -REMOVE UNUSED SCOPES / DEVICES -HIGH PRECISION EVENT TIMER -SATA -DMAC -REMOVE PROBLEMATIC AND UNUSED DEVICES -FIX K.P in REBOOT -SLPB -DARWIN / WINDOWS 2015 -XHCI -PLUGIN TYPE -HDAS to HDEF -HDEF -REAL TIME CLOCK -ARTC -IRQs -SBUS -BUS1 -MCHC -ALS0 -SHUTDOWN -LAN -FWHD -USBX -PMCR -PPMC -XSPI -CNVW -GMM -IMEI -EC -PNLF -ARPT -GFX0 -NVME -DTGP -ACQUIRE MUT0 0XFFFF -MUTEX MUT0 0x00 -EXTERNAL REFERENCES -UNKNOWNOBJ -HDMI / HDAU -FULL RENAMED DEVICES ---SCREENSHOTs---




















      -Credits and thanks to the old and new people in the community who developed patches, kexts and bootloaders!
      Thanks to KGP for SSDT Thunderbolt
      Slice, Kabyl, usr-sse2, jadran, Blackosx, dmazar, STLVNUB, pcj, apianti, JrCs, pene, FrodoKenny, skoczy, ycr.ru, Oscar09, xsmile, SoThOr, RehabMan, Download-Fritz, Zenit432, cecekpawon, Intel, Apple, Oracle, Chameleon Team, crazybirdy, Mieze, Mirone, Oldnapalm, netkas, Elconiglio, artut-pt, ErmaC, Pavo, Toleda, Master Chief and family, bcc9, The King, PMheart, Sherlocks, Micky1979, vit9696, vandroiy2013, Voodoo Team, Pike R. Alpha, lvs1974, Austere.J, CVad, Sampath007, onemanosx, erroruser, Jenny David, Olarila Facebook Community, Hackintosh Facebook Community and many others!
      We're all here to have fun and learn from each other!
    • By dgsga
      Can I propose a new subforum be created for the new OpenCorePkg OpenCore front end being created by vit9696 and others, it is a fantastic piece of work:
      https://github.com/acidanthera/OpenCorePkg
      Even at version 0.1 it runs my Mojave 10.14.4 setup very nearly flawlessly. It consists of a 10KB bootstrap BootX64.efi and a 200KB OpenCore.efi OS loader. All configuration is done using a very well documented config.plist 
       
       
×