It's late.....
I'm tired.....
I've probably jumped to all sorts of inaccurate assumptions!
My previous posts about using Boot64 or CapitanPikeFix (after modifying the SIP exclusion file) are redundant for 10.11.2.
Sorry folks. It looks like 10.11.1 must have updated the system_installd, which now has its own version of SIP. So when the installer takes over, SIP is effectively reset and re-enabled. This will stop Boot64 or CapitanPikeFix from replacing the Apple boot.efi files automatically. We will have to do it manually for now...
Code:
Dec 8 23:52:14 admins-Mac-Pro system_installd[483]: rootless_apply: unrestricted file at /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/C/PKInstallSandboxManager-SystemSoftware/543E6EEC-F966-4F54-8650-F7C86DB3A2CC.activeSandbox/Root/System/DeferredInstall/Root
Dec 8 23:53:02 admins-Mac-Pro com.apple.xpc.launchd[1] (com.apple.rootless.init): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Appears as part of the installer setup
When Boot64 sees the changes to the boot.efi files, it tries to replace them but SIP is back in force...
Code:
Dec 8 23:53:07 admins-Mac-Pro.local ensureBoot.sh: Not using the grey boot.efi. Switching over...
cp: /System/Library/CoreServices/boot.efi: Operation not permitted
cp: /usr/standalone/i386/boot.efi: Operation not permitted
It's probably because I hadn't edited the path file after updating to 10.11.1. I'll go check in the morning.
Either way it looks like there's currently a need to boot from another partition after each update to either replace the boot.efi files manually, or to re-edit the path file!
I'm going to go to sleep now...
I'll be more methodical in the morning....
============= sleep, loverly sleep ===========
I have realised that I overlooked a step before I ran the 10.11.2 update. I forgot to re-edit the paths file after the 10.11.1 update. It needed to be re-edited because 10.11.1 overwrites it with the Apple version. My mistake sorry.
But it did get me to thinking.... Maybe I could adapt my Boot64 tools to take care of that too.
I have some good news and some bad news. First the good news. I have adapted both pikify3.1 and Boot64 to take care of the boot.efi files and the paths file. I will upload new versions later, pikify3.1.v5 and Boot64.v2... (done, see post
#1390 and post
#1391)
I tested them:
- Created an installer using pikify3.1.v5
- Wiped a spare disk
- Installed El Capitan 10.11
- Booted okay into the new disk ( pikify did its thing )
- Installed Boot64.v2
- Upgraded to 10.11.1 using the Apple DMG from Support Downloads
- Booted okay ( Boot64 did its thing )
- Upgraded to 10.11.2 from the App Store
- Booted okay ( Boot64 did its thing a second time )
All well and good. Except......
The bad news, it looks to me like the /S/L/C/boot.efi file is still protected by SIP in 10.11.2.
I'm still investigating, all the mods seem to be in place, so I'm wondering if that efi file is now "hard coded" into SIP in some way.
I would be interested in feedback from others, if you could verify that /S/L/C/boot.efi is protected on your systems at 10.11.2?