Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DISABLE_SIP doesn't seem to be working #75

Open
xaocon opened this issue Nov 16, 2016 · 4 comments
Open

DISABLE_SIP doesn't seem to be working #75

xaocon opened this issue Nov 16, 2016 · 4 comments

Comments

@xaocon
Copy link

xaocon commented Nov 16, 2016

I thought that there was an issue with the way the prepare_iso.sh script was working with matches at first but now I've moved the csrutil disable line out of the conditional and redirected output to a file. I see now that when it's run there is a Successfully disabled System Integrity Protection. Please restart the machine for the changes to take effect. but when the system imported and brought up it is not disabled. I've been trying to boot the system into recovery so I can try again but I haven't figured out the magic needed to catch that at boot yet.
@timsutton
Copy link
Owner

In my experience it's possible to boot into it using Cmd+R if you're using VMware Fusion if you're quick enough. If you can't "catch" it in time, it's possible to set a bios boot delay parameters in VMX.

@xaocon
Copy link
Author

xaocon commented Nov 16, 2016

Thanks @timsutton, I'm using VirtualBox and was never able to catch it. I did find a way to boot into recovery by catching the EFI menu and booting the recovery EFI directly. Upon entering recovery and disabling SIP there, the system now actually has SIP disabled.

Do you know if the DISABLE_SIP flag works for you when building the image @timsutton ? It would surprise me if an issue like this was specific to my setup and I'm pretty sure that I've done things correctly. As I had mentioned above, I've even logged the successful output of the command being run in veewee-config.pkg.

@timsutton
Copy link
Owner

My guess is that it's not possible to actually disable SIP on Vbox, because it relies on nvram variables being set. What's the output of nvram -p, both immediately after running csrutil disable and then once booted into the regular OS?

@wmiller848
Copy link

wmiller848 commented Jul 26, 2017
edited

Ditto @xaocon experience with virtualbox 5.1.24 r117012 (Qt5.6.2).

Running MacOS Sierra 10.12.6 I can't even locate the recovery drive from the EFI Shell to attempt to boot into recovery mode command-r and other variants just drop me into the BIOS with no hope of booting into recovery.

I suspect based off @timsutton and other thoughts here even if I could boot into recovery mode to disable SIP the nvram reset that virtualbox does on boot is going to nullify it anyway.

Huge pain, just getting into KEXT development and I've spent 2 days trying to get a working virtual target machine to develop against :(

I think the resolution here is just shelling out some money for VMware Fusion?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@timsutton @xaocon @wmiller848