Jump to content

No rootless=0 mode for final release ?


24 posts in this topic

Recommended Posts

In this post about a security session at the WWDC, it was stated that the "rootless=0" nvram boot argument will be disabled in the final version:

 

https://forums.developer.apple.com/message/9062

 

Is it very worrying for the hackintosh community, or would clover work fine without it ?

I don't know, how "rootless" mode works, but could you not change the system files, if you boot from another partition or OS?

If that's so, there isn't any issue, as clover would patch the kexts in the memory as usual and /S/L/E would be accessible from another system/partition, like recovery mode.

So based on that... From my understanding in the final release the recovery partition will allow you to write these options to nvram. Presumably that means that on a hackintosh we wouldn't even have to mess with the recovery partition, and would just need to use the equivalent boot-args instead. Good news so far. I'm trying to hold faith that Apple doesn't want to screw everyone over that likes to personalize or modify their machines.

How would one go about changing NVRAM variables by booting into a different partition? For instance, let's say once the retail version is out and one can not boot into a Recovery so I would use my 10.11 DP1 install partition to boot into and use terminal. 

 

Would it look like:

 

sudo nvram /Volumes/volume_name_here kext-dev-mode=1 rootless=0 ???

Guys I am able to boot without "rootless=0 kext-dev-mode=1" but for installation rootless=0 is needed but after successful install and rebuilding cache via kext utility all Patched Kext works without any flags :)  :thumbsup_anim:  :D  

  • 3 weeks later...

Sorry but slide=0 for whats working ?

It prevents the kernel from "sliding" to different locations in memory. (if i understand it correctly).

With the clover uefi driver aptiofix, slide=0 is added by clover automatically. If using Aptiofix2, you have to set the slide value manually, and set it to the correct value.

If someone has a more techincal explanation i would like to hear it. It does fix glitches with intelhd3000 for some reason, that i can confirm.

Hmm I read this FAQ and it clearly says:

 

 

This nvram boot-args command will be going away. It will not be available in the El Capitan release version and may disappear before the end of the Developer Betas.

 

Well ... lets assume for a moment this is true. Will a hackintosh still boot then?

Hmm I read this FAQ and it clearly says:

 

 

Well ... lets assume for a moment this is true. Will a hackintosh still boot then?

Alot of us do not use rootless=0, do not put kexts in SLE, and everything is fine.

to clarify the things...

 

rootless=0 is not needed to boot fine a hackintosh

 

rootless=0 is only useful when you modify the system files (kexts for example)... apart of this, you should not use it and don't have to do it.

 

kext-dev-mode=1 is already implemented in rootless=0 so you don't need this flag anymore to boot your hackintosh

 

(in Yosemite) kext-dev-mode=1 is only useful when you rebuild system or kext cache (for 3rd party kexts)... apart of this, you should not use it and don't have to do it.  You can boot Yosemite fine w/o it.

rootless=0 is only useful when you modify the system files (kexts for example)...

 

Yeah but thats what I meant. So, what about AppleHDA? And you say the rootless mode does not apply to FakeSMC at all? I just was under the impression that the whole System Folder will be locked down, but of course I may be wrong, and yes you could load it from Clover EFI partition. But still - what about AppleHDA then? No more sound?

Okay so if I get this right, the kernelcache is excluded from these safety measures? So yeah, this almost sounds like hole which can enable us to bypass things. Still, there must be a way to get this stuff in there in the first place. Still thinking about AppleHDA, for example. Actually I use Pikes "patchless" method, but unfortunately this wont work if  AppleHDA898.kext (which helps this process) resides in the EFI folder.

 

Also some people need to patch AppleGraphicsControl.kext since 10.10.3. How will this be done later on? And unfortunately this seems not be patchable using Clover due to some restrictions with patching info.plists.

rootless is just a new security method to prevent against harmful intrusions

 

this will not change kernelcache issue that we already have 

 

Clover patching infoplist has nothing do with rootless

 

the biggest problem of clover's infoplist patching is to get kexts in the cache file... sometimes it just works and sometimes doesn't

×
×
  • Create New...