Jump to content

No rootless=0 mode for final release ?


Pieroman
 Share

24 posts in this topic

Recommended Posts

In this post about a security session at the WWDC, it was stated that the "rootless=0" nvram boot argument will be disabled in the final version:

 

https://forums.developer.apple.com/message/9062

 

Is it very worrying for the hackintosh community, or would clover work fine without it ?

I don't know, how "rootless" mode works, but could you not change the system files, if you boot from another partition or OS?

If that's so, there isn't any issue, as clover would patch the kexts in the memory as usual and /S/L/E would be accessible from another system/partition, like recovery mode.

Link to comment
Share on other sites

So based on that... From my understanding in the final release the recovery partition will allow you to write these options to nvram. Presumably that means that on a hackintosh we wouldn't even have to mess with the recovery partition, and would just need to use the equivalent boot-args instead. Good news so far. I'm trying to hold faith that Apple doesn't want to screw everyone over that likes to personalize or modify their machines.

Link to comment
Share on other sites

How would one go about changing NVRAM variables by booting into a different partition? For instance, let's say once the retail version is out and one can not boot into a Recovery so I would use my 10.11 DP1 install partition to boot into and use terminal. 

 

Would it look like:

 

sudo nvram /Volumes/volume_name_here kext-dev-mode=1 rootless=0 ???

Link to comment
Share on other sites

Guys I am able to boot without "rootless=0 kext-dev-mode=1" but for installation rootless=0 is needed but after successful install and rebuilding cache via kext utility all Patched Kext works without any flags :)  :thumbsup_anim:  :D  

  • Like 1
Link to comment
Share on other sites

I think rootless=0 will not need in final release  :D  :P

I hope so.

But like "kext-dev-mode=1" boot-argument in Yosemite, is probably that we'll need use "rootless-0" in El Capitan too.

Link to comment
Share on other sites

  • 3 weeks later...

Sorry but slide=0 for whats working ?

It prevents the kernel from "sliding" to different locations in memory. (if i understand it correctly).

With the clover uefi driver aptiofix, slide=0 is added by clover automatically. If using Aptiofix2, you have to set the slide value manually, and set it to the correct value.

If someone has a more techincal explanation i would like to hear it. It does fix glitches with intelhd3000 for some reason, that i can confirm.

  • Like 2
Link to comment
Share on other sites

Hmm I read this FAQ and it clearly says:

 

 

This nvram boot-args command will be going away. It will not be available in the El Capitan release version and may disappear before the end of the Developer Betas.

 

Well ... lets assume for a moment this is true. Will a hackintosh still boot then?

Link to comment
Share on other sites

Hmm I read this FAQ and it clearly says:

 

 

Well ... lets assume for a moment this is true. Will a hackintosh still boot then?

Alot of us do not use rootless=0, do not put kexts in SLE, and everything is fine.

Link to comment
Share on other sites

to clarify the things...

 

rootless=0 is not needed to boot fine a hackintosh

 

rootless=0 is only useful when you modify the system files (kexts for example)... apart of this, you should not use it and don't have to do it.

 

kext-dev-mode=1 is already implemented in rootless=0 so you don't need this flag anymore to boot your hackintosh

 

(in Yosemite) kext-dev-mode=1 is only useful when you rebuild system or kext cache (for 3rd party kexts)... apart of this, you should not use it and don't have to do it.  You can boot Yosemite fine w/o it.

  • Like 3
Link to comment
Share on other sites

rootless=0 is only useful when you modify the system files (kexts for example)...

 

Yeah but thats what I meant. So, what about AppleHDA? And you say the rootless mode does not apply to FakeSMC at all? I just was under the impression that the whole System Folder will be locked down, but of course I may be wrong, and yes you could load it from Clover EFI partition. But still - what about AppleHDA then? No more sound?

Link to comment
Share on other sites

Okay so if I get this right, the kernelcache is excluded from these safety measures? So yeah, this almost sounds like hole which can enable us to bypass things. Still, there must be a way to get this stuff in there in the first place. Still thinking about AppleHDA, for example. Actually I use Pikes "patchless" method, but unfortunately this wont work if  AppleHDA898.kext (which helps this process) resides in the EFI folder.

 

Also some people need to patch AppleGraphicsControl.kext since 10.10.3. How will this be done later on? And unfortunately this seems not be patchable using Clover due to some restrictions with patching info.plists.

Link to comment
Share on other sites

rootless is just a new security method to prevent against harmful intrusions

 

this will not change kernelcache issue that we already have 

 

Clover patching infoplist has nothing do with rootless

 

the biggest problem of clover's infoplist patching is to get kexts in the cache file... sometimes it just works and sometimes doesn't

  • Like 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...