Jump to content

10.9 GM Released.

AsusFreak

By AsusFreak,
in New Releases and Updates

 Share
282 posts in this topic

Recommended Posts

TheEnthusiast
TheEnthusiast
Posted
Posted

All of this is rumored and heresy until its actually implemented and even if it is we will figure a way around it. 

This is all that matters at this point in time. When it first noted that Apple was introducing kext signing, most went paranoid that it meant the end of hackintosh, etc. Yet, here we are, presumably a few weeks from the public release, and the process is the same as Mountain Lion, more or less. Speculation is honestly pointless because no one, outside of Apple, truly knows the reason why Apple has chosen to implement this concept; Apple hasn't even released any documentation about it. Plus, it doesn't affect hackintosh only because there are other third party kexts as well. Like Joe75 said, as I have said in the past as well, there is always a way.

  • Like 3
Link to comment
Share on other sites
peg4a
peg4a
Posted
Posted

at XanthraX 

 

Hi !

I just found something very interesting for anybody who has problem to install working kext from 10.8.4 to 10.9

The problem can come from an option : npci

I had npci=0x3000 in my boot options for maverick to start. 

Now with maverick I don't need it anymore. If I keep it, my kexts just don't work (marvell yukon 80e8056 and ad2000b.kext). Since I delete the option everything works fine !

 

Hope it can help :) (I was searching for one week now...)

Peg4a

 

Asus p6t deluxe v2

Core i7 920

  • Like 1
Link to comment
Share on other sites
joe75
joe75
Posted
Posted

Agreed!  :pirate:

 

This is not a hackint0sh issue it goes for any kexts used in osx and its hard to believe apple is going to break things like this. Kexts are a vulnerability in osx because they can connect at kernel level and this type of signing for security should have been made long ago. Without going into details, a kext can be made hidden and able to load without showing to the user or the system for purpose of exploit  :smoke:

  • Like 1
Link to comment
Share on other sites
Pike R. Alpha
Pike R. Alpha
Posted
Posted

This is all that matters at this point in time. When it first noted that Apple was introducing kext signing, most went paranoid that it meant the end of hackintosh, etc. Yet, here we are, presumably a few weeks from the public release, and the process is the same as Mountain Lion, more or less. Speculation is honestly pointless because no one, outside of Apple, truly knows the reason why Apple has chosen to implement this concept; Apple hasn't even released any documentation about it. Plus, it doesn't affect hackintosh only because there are other third party kexts as well. Like Joe75 said, as I have said in the past as well, there is always a way.

I don't think that anyone has said that kext signing would be the end of hackintosh community. At least not me. It will eventually make things a lot more difficult. That's for sure.

 

And Apple did mention why they introduced it, in the already available documentation i.e. it is done to protect the kernel. Well. A first step that is.

 

Also. When someone quotes Apple's own documentation, stating that /System/ will be locked down (in the near future) and that kexts in /Library/Extensions/ must be signed, or they refuse to load, that is far from speculation. I call that facts.

  • Like 1
Link to comment
Share on other sites
joe75
joe75
Posted
Posted

Funny that you are one of these main contributors of FUD!

 

"We just have to wait and see when it happens, but if this is introduced (in whatever OS version that may be) then we are locked out and that means that editing plists and/or patching bin (executable) files of signed kexts will be impossible, and since there are plenty kexts that need a binary and/or plist patch."

 

"The side effect is that it will stop people from using the latest and greatest aka OS X 10.9 Mavericks on a hack."

 

You also go on to claim that this will all happen in 10.9 and now here it is and its still not an issue.

Link to comment
Share on other sites
mendietinha
mendietinha
Posted
Posted

Probably something to do with the trackpad driver.

Which do you use?

It's probably PM related... (driver power management)

after all i solved by just changing the appleps2 kext for a voodoops2 kext from rehabman. thanks!

  • Like 1
Link to comment
Share on other sites
TheEnthusiast
TheEnthusiast
Posted
Posted

I don't think that anyone has said that kext signing would be the end of hackintosh community. At least not me. It will eventually make things a lot more difficult. That's for sure.

 

And Apple did mention why they introduced it, in the already available documentation i.e. it is done to protect the kernel. Well. A first step that is.

 

Also. When someone quotes Apple's own documentation, stating that /System/ will be locked down (in the near future) and that kexts in /Library/Extensions/ must be signed, or they refuse to load, that is far from speculation. I call that facts.

Well, there was a thread a few months back in which there was mention of the potential end of hackintosh. In regards to protecting the kernel, I could have said that myself, but I'm willing to say that I am at fault here since I could have been more specific. And lastly, perhaps I didn't read closely enough, but I don't recall anyone referring directly to Apple's documentation. In other words, most of what has been said in this thread has been speculation, especially in regards to 10.10. Facts or not, still doesn't change another fact, there will be a way. 

Link to comment
Share on other sites
XanthraX
XanthraX
Posted
Posted

at XanthraX 

 

Hi !

I just found something very interesting for anybody who has problem to install working kext from 10.8.4 to 10.9

The problem can come from an option : npci

I had npci=0x3000 in my boot options for maverick to start. 

Now with maverick I don't need it anymore. If I keep it, my kexts just don't work (marvell yukon 80e8056 and ad2000b.kext). Since I delete the option everything works fine !

 

Hope it can help :) (I was searching for one week now...)

Peg4a

 

Asus p6t deluxe v2

Core i7 920

Thank you, I will give it a try. I usually use now the GA-B57-D3H Hackintosh and it works flawlessly without any DSDT, but I don't want to think of a funeral for the Asus P5K-VM. I know it is an old MoBo, not many of us still use it if they have used, but this grandpa still has potential, I just don't find the right hack for it. 

Link to comment
Share on other sites
TechGuru
TechGuru
Posted
Posted

Z77x-ud3h is 100% working with my 7970 without using any Kexts only issue is the kext alert so if we could build it into the boot loader that be great also display port and my new retina display from hp works epic. On a side not anyway to fix the resolution error in the boot loader it's not 1080p unlike the USB boot loader

Link to comment
Share on other sites
Pike R. Alpha
Pike R. Alpha
Posted
Posted

Funny that you are one of these main contributors of FUD!

 

"We just have to wait and see when it happens, but if this is introduced (in whatever OS version that may be) then we are locked out and that means that editing plists and/or patching bin (executable) files of signed kexts will be impossible, and since there are plenty kexts that need a binary and/or plist patch."

 

"The side effect is that it will stop people from using the latest and greatest aka OS X 10.9 Mavericks on a hack."

 

You also go on to claim that this will all happen in 10.9 and now here it is and its still not an issue.

Right. You cannot change the plist and/or patch the binary and expect it to get loaded from /Library/Extensions. All part of Apple's documentation, but you are right in saying that I was wrong when I said that it would be done in 10.9 Make that OS X 10.10 (or whatever version of OS X) but I simply forgot to change it. FUD is however something different as it will happen.

 

Thanks for the heads up. Errors corrected in my blog.

  • Like 1
Link to comment
Share on other sites
dan542
dan542
Posted
Posted

"Impossible"? Certainly not... "A lot more difficult"? I doubt so.

 

First, the kernel has to load Apple's public key from somewhere, right? So, we could just add another key, that everyone would generate themselves and sign their kexts with it... This is the cleanest solution, since you don't lose that extra bit of security added by kext signing nor do you have to modify the kernel. This is what I'll probably do with OS X 10.10.

 

But, since many people don't want to do that, I'm pretty sure that there will be other solutions disabling the signature verification altogether. I think it's pretty likely that Apple will just add a kernel flag to disable it (if it's not already there, I haven't checked). In case they won't, it's not a problem either, as you can just change one je/jne to jmp/nop, so that the signature check always passes. Or you wait for the source code and do the same thing in a slightly cleaner way...

  • Like 1
Link to comment
Share on other sites
Andy Vandijck
Andy Vandijck
Posted
Posted

"Impossible"? Certainly not... "A lot more difficult"? I doubt so.

 

First, the kernel has to load Apple's public key from somewhere, right? So, we could just add another key, that everyone would generate themselves and sign their kexts with it... This is the cleanest solution, since you don't lose that extra bit of security added by kext signing nor do you have to modify the kernel. This is what I'll probably do with OS X 10.10.

 

But, since many people don't want to do that, I'm pretty sure that there will be other solutions disabling the signature verification altogether. I think it's pretty likely that Apple will just add a kernel flag to disable it (if it's not already there, I haven't checked). In case they won't, it's not a problem either, as you can just change one je/jne to jmp/nop, so that the signature check always passes. Or you wait for the source code and do the same thing in a slightly cleaner way...

Signing with other key?

Sure, if you are a paying dev you can generate the needed certificates and use those.

The second option is to patch the kernel to always say the certificate is valid.

Both should be possible :D

Link to comment
Share on other sites
tle88
tle88
Posted
Posted

...kext signing will go the way of the tpm chip.

Bad divination.  - Maybe true.

 

Then I leave myself in this point in even next 10 years, and start again after that.  Like 10.6.8 is excellent tiny systems now days (I use it in my htpc which is 8 years old machine) early 10.8.5 is that too. And this 10.9 GM.

 

After next 10 years I hope, that free bsd or something like that is satisfying working.  Apple do what they do, so do I.  Closed system is poison to me.  And I do not buy poor hardware with expensive price only because I only like the operating system. This not happen.

 

Fortunately...  10.6.8 ,  10.8.5  and 10.9 gm works for ever and eternally.  If Apple close operating systems in the future, I will only use current systems and replace only when something is finally better.  This takes a lot of times, but I can wait.  I have full working machines.

 

 

 

T  -.-

 

I understand better and better R. Stallman.   And I am not hippy.    :-)

  • Like 1
Link to comment
Share on other sites
XanthraX
XanthraX
Posted
Posted

Tried the last advices either for network and sound. Still no luck. I connected another network card TP-Link TG-3269 (Based on RTL-8169 chip) and still no luck. This is my org.chameleon.Boot.plist

 

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Default Partition</key>
<string>hd(0,2)</string>
<key>EthernetBuiltIn</key>
<string>Yes</string>
<key>GenerateCStates</key>
<string>Yes</string>
<key>GeneratePStates</key>
<string>Yes</string>
<key>Graphics Mode</key>
<string>1680x1050x32</string>
<key>GraphicsEnabler</key>
<string>Yes</string>
<key>Kernel</key>
<string>mach_kernel</string>
<key>Timeout</key>
<string>5</string>
<key>UseKernelCache</key>
<string>Yes</string>
</dict>
</plist>
Link to comment
Share on other sites
dan542
dan542
Posted
Posted

Signing with other key?

Sure, if you are a paying dev you can generate the needed certificates and use those.

The second option is to patch the kernel to always say the certificate is valid.

Both should be possible :D

There is Apple's public key saved somewhere in your computer. In fact, I think there are more keys from Apple, at least one for verifying dev's keys and one for verifying Apple's own kexts.

 

In a kext that is from a registered developer, there is a developer's public key along with Apple's signature of that key. When the kernel checks whether a signature is valid, it first checks whether the dev's public key is signed by Apple, if so, then it checks whether the signature of the kext itself is valid and if so, it loads the kext.

 

As for Apple's own kexts, I think it just uses the Apple's key I was talking about earlier to verify the signature.

 

So basically your computer trusts kexts that are signed either by Apple or by a dev whose key is in turn signed by Apple. Now, guess what happens if you generate a public/private key pair and replace the Apple's public key with the public key you've just generated? Yes, your computer now trusts kexts that are signed using YOUR, not Apple's, private key. :) Now you can just sign everything you want to run using your private key... IMO it's safer this way, because anybody, including virus makers, can buy a key signed by Apple, whereas nobody other than you can sign kexts using your private key. But if you want, I think it would be possible to have both the Apple's key and your own key in your computer, to that your computer runs kexts signed by Apple or registered devs too.

Link to comment
Share on other sites
XanthraX
XanthraX
Posted
Posted

sound should be working with voodoo, I'm not sure what the problem is there. try r1000 kext or the realtekrtl8111 kext for network.

I will give them a try tomorrow and I will post. All I got with voodoo is a pop sound when I shut the system down or at the restart, but still no output device in the sounds preference pane.

Link to comment
Share on other sites
The Real Deal
The Real Deal
Posted
Posted

Still no WPA encryption for create our own WIFI network.. WEP is so vulnerable. Sounds like a decrease?

 

 

EDIT : do you have in energy saver : Allow to sleep by power button? (got it in ML though)

 

 

EDIT2 : i made a quick video of a geekbench run

 

 

  • Like 1
Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...