Pieroman Posted June 15, 2015 Share Posted June 15, 2015 In this post about a security session at the WWDC, it was stated that the "rootless=0" nvram boot argument will be disabled in the final version: https://forums.developer.apple.com/message/9062 Is it very worrying for the hackintosh community, or would clover work fine without it ? Link to comment Share on other sites More sharing options...
smolderas Posted June 15, 2015 Share Posted June 15, 2015 In this post about a security session at the WWDC, it was stated that the "rootless=0" nvram boot argument will be disabled in the final version: https://forums.developer.apple.com/message/9062 Is it very worrying for the hackintosh community, or would clover work fine without it ? I don't know, how "rootless" mode works, but could you not change the system files, if you boot from another partition or OS? If that's so, there isn't any issue, as clover would patch the kexts in the memory as usual and /S/L/E would be accessible from another system/partition, like recovery mode. Link to comment Share on other sites More sharing options...
Pieroman Posted June 15, 2015 Author Share Posted June 15, 2015 More details (reassuring) here: https://www.cindori.org/forums/topic/trim-enabler-with-os-x-el-capitan/page/2/ It's a very interesting thread btw. Link to comment Share on other sites More sharing options...
jamiethemorris Posted June 15, 2015 Share Posted June 15, 2015 So based on that... From my understanding in the final release the recovery partition will allow you to write these options to nvram. Presumably that means that on a hackintosh we wouldn't even have to mess with the recovery partition, and would just need to use the equivalent boot-args instead. Good news so far. I'm trying to hold faith that Apple doesn't want to screw everyone over that likes to personalize or modify their machines. Link to comment Share on other sites More sharing options...
Navaira Posted June 16, 2015 Share Posted June 16, 2015 More details (reassuring) here: https://www.cindori.org/forums/topic/trim-enabler-with-os-x-el-capitan/page/2/ It's a very interesting thread btw. It's also deleted. I wonder why?! Shame, I haven't finished reading it before it went... Link to comment Share on other sites More sharing options...
BNZfive Posted June 17, 2015 Share Posted June 17, 2015 How would one go about changing NVRAM variables by booting into a different partition? For instance, let's say once the retail version is out and one can not boot into a Recovery so I would use my 10.11 DP1 install partition to boot into and use terminal. Would it look like: sudo nvram /Volumes/volume_name_here kext-dev-mode=1 rootless=0 ??? Link to comment Share on other sites More sharing options...
Dec_Bra1n Posted June 22, 2015 Share Posted June 22, 2015 Guys I am able to boot without "rootless=0 kext-dev-mode=1" but for installation rootless=0 is needed but after successful install and rebuilding cache via kext utility all Patched Kext works without any flags 1 Link to comment Share on other sites More sharing options...
Allan Posted June 22, 2015 Share Posted June 22, 2015 Hmm, great to know this. Thanks for shrare Link to comment Share on other sites More sharing options...
Dec_Bra1n Posted June 22, 2015 Share Posted June 22, 2015 Hmm, great to know this. Thanks for shrare I think rootless=0 will not need in final release 1 Link to comment Share on other sites More sharing options...
Allan Posted June 22, 2015 Share Posted June 22, 2015 I think rootless=0 will not need in final release I hope so. But like "kext-dev-mode=1" boot-argument in Yosemite, is probably that we'll need use "rootless-0" in El Capitan too. Link to comment Share on other sites More sharing options...
Dec_Bra1n Posted June 22, 2015 Share Posted June 22, 2015 Me as well use kext-dev-mode=1 in 10.10.4 but on EL Capitan i use only slide=0 thats it so i guess no more kext-dev in 10.11 1 Link to comment Share on other sites More sharing options...
hiphopboy Posted July 11, 2015 Share Posted July 11, 2015 Me as well use kext-dev-mode=1 in 10.10.4 but on EL Capitan i use only slide=0 thats it so i guess no more kext-dev in 10.11 Sorry but slide=0 for whats working ? Link to comment Share on other sites More sharing options...
Dec_Bra1n Posted July 12, 2015 Share Posted July 12, 2015 Sorry but slide=0 for whats working ? I have Intel HD 3000 and slide=0 is for that to reduce glitches on Clover Link to comment Share on other sites More sharing options...
wegface Posted July 12, 2015 Share Posted July 12, 2015 Sorry but slide=0 for whats working ? It prevents the kernel from "sliding" to different locations in memory. (if i understand it correctly). With the clover uefi driver aptiofix, slide=0 is added by clover automatically. If using Aptiofix2, you have to set the slide value manually, and set it to the correct value. If someone has a more techincal explanation i would like to hear it. It does fix glitches with intelhd3000 for some reason, that i can confirm. 2 Link to comment Share on other sites More sharing options...
frankiee Posted July 13, 2015 Share Posted July 13, 2015 Hmm I read this FAQ and it clearly says: This nvram boot-args command will be going away. It will not be available in the El Capitan release version and may disappear before the end of the Developer Betas. Well ... lets assume for a moment this is true. Will a hackintosh still boot then? Link to comment Share on other sites More sharing options...
wegface Posted July 13, 2015 Share Posted July 13, 2015 Hmm I read this FAQ and it clearly says: Well ... lets assume for a moment this is true. Will a hackintosh still boot then? Alot of us do not use rootless=0, do not put kexts in SLE, and everything is fine. Link to comment Share on other sites More sharing options...
frankiee Posted July 13, 2015 Share Posted July 13, 2015 Alot of us do not use rootless=0, do not put kexts in SLE, and everything is fine. Hmm and how do you run FakeSMC then, and patch AppleHDA? Link to comment Share on other sites More sharing options...
fantomas Posted July 13, 2015 Share Posted July 13, 2015 to clarify the things... rootless=0 is not needed to boot fine a hackintosh rootless=0 is only useful when you modify the system files (kexts for example)... apart of this, you should not use it and don't have to do it. kext-dev-mode=1 is already implemented in rootless=0 so you don't need this flag anymore to boot your hackintosh (in Yosemite) kext-dev-mode=1 is only useful when you rebuild system or kext cache (for 3rd party kexts)... apart of this, you should not use it and don't have to do it. You can boot Yosemite fine w/o it. 3 Link to comment Share on other sites More sharing options...
frankiee Posted July 13, 2015 Share Posted July 13, 2015 rootless=0 is only useful when you modify the system files (kexts for example)... Yeah but thats what I meant. So, what about AppleHDA? And you say the rootless mode does not apply to FakeSMC at all? I just was under the impression that the whole System Folder will be locked down, but of course I may be wrong, and yes you could load it from Clover EFI partition. But still - what about AppleHDA then? No more sound? Link to comment Share on other sites More sharing options...
fantomas Posted July 13, 2015 Share Posted July 13, 2015 it's all about system/kext cache once your 3rd party kexts are in the cache, there's no need to use kext-dev-mode (for Yosemite) or rootless (for ElCapitan) Link to comment Share on other sites More sharing options...
frankiee Posted July 14, 2015 Share Posted July 14, 2015 Okay so if I get this right, the kernelcache is excluded from these safety measures? So yeah, this almost sounds like hole which can enable us to bypass things. Still, there must be a way to get this stuff in there in the first place. Still thinking about AppleHDA, for example. Actually I use Pikes "patchless" method, but unfortunately this wont work if AppleHDA898.kext (which helps this process) resides in the EFI folder. Also some people need to patch AppleGraphicsControl.kext since 10.10.3. How will this be done later on? And unfortunately this seems not be patchable using Clover due to some restrictions with patching info.plists. Link to comment Share on other sites More sharing options...
fantomas Posted July 14, 2015 Share Posted July 14, 2015 rootless is just a new security method to prevent against harmful intrusions this will not change kernelcache issue that we already have Clover patching infoplist has nothing do with rootless the biggest problem of clover's infoplist patching is to get kexts in the cache file... sometimes it just works and sometimes doesn't 1 Link to comment Share on other sites More sharing options...
rlf Posted July 15, 2015 Share Posted July 15, 2015 In El Capitan, go run this: /System/Library/CoreServices/Security Configuration.app 1 Link to comment Share on other sites More sharing options...
fantomas Posted July 15, 2015 Share Posted July 15, 2015 In El Capitan, go run this: /System/Library/CoreServices/Security Configuration.app yes... this serves to completely disable El Capitan's protections Link to comment Share on other sites More sharing options...
Recommended Posts