MP 1,1-5,1 Cannot install or use Nvidia Webdrivers anymore!

[majus]

Considering that neither company has said anything, other than Nvidia Support finger-pointing, if someone influential could inquire at the upper levels of Nvidia corporate and ask for at least a solid answer then we might be better off. I would be happy knowing they are working to fix it but I would also be happy knowing they don't plan to. It would be far better than this state of limbo. We all want to plan a forward path but that isn't easy to do without solid information.

So anyone here who is influential in the industry or who knows someone that is, please consider my suggestion.

 

[Fullerfun]

I contacted NVidia on June 9th. Got a response back today, June 14th.
Amazingly! They sent me a driver to try today. The same one 2 other people reported getting from them last week.
So, go ahead try this and/or contact them directly yourself if you'd like.

They sent me a new driver for 10.13.6 (17G14042) (all latest security updates installed)
387.10.10.10.40.140
This is the driver they sent:

Google Drive - Virus scan warning

drive.google.com

This is how I contacted them.
I contacted them at https://nvidia.custhelp.com/app/ask
Signed in.
Product: Selected GeForce
Install/Uninstall
Put in my exact card
driver 387.10.10.10.40.140

FOr Question, I asked them to please send me a driver that doesn't have it's certificate revoked at apple's servers at ocsp.apple.com
I referenced the exact link to the driver. And also, page 16 of this thread where a couple people reported getting a driver directly from them.
----
So, I had a different 10.13.6 system that was not essential to me at the moment, so I unblocked trustd & ocspd in little snitch on that system and let it connect. (I did not run the latest script that was developed by Dayo on this system..used earlier method)
I restarted.
Of course, the frigging old drivers are still working.... I'll report back tomorrow if they ever fail....so I can then test the new driver they sent, and see if it actually works.

I can confirm the new driver does indeed fix the revoking of being launched to be installed at least.
Will report back if I can get my system to lock me out again...

Please post, if anyone has any success with these new drivers on a system that is currently revoked....

 

[pxlpshr22]

Any successful news? I've the exactly same hardware configuration and exactly the same problem...

I have not pursued a fix yet. I use this Mac to Remote Desktop into my work computer, I've lost the ability to run dual monitors, so I need to address it soon. I'll need to do a clean install of High Sierra and then run the HS updates and then run the script. This at best is a temporary solution.

 

[Macschrauber]

I contacted NVidia on June 9th. Got a response back today, June 14th.
Amazingly! They sent me a driver to try today. The same one 2 other people reported getting from them last week.
So, go ahead try this and/or contact them directly yourself if you'd like.

They sent me a new driver for 10.13.6 (17G14042) (all latest security updates installed)
387.10.10.10.40.140
This is the driver they sent:

Google Drive - Virus scan warning

drive.google.com

This is how I contacted them.
I contacted them at https://nvidia.custhelp.com/app/ask
Signed in.
Product: Selected GeForce
Install/Uninstall
Put in my exact card
driver 387.10.10.10.40.140

FOr Question, I asked them to please send me a driver that doesn't have it's certificate revoked at apple's servers at ocsp.apple.com
I referenced the exact link to the driver. And also, page 16 of this thread where a couple people reported getting a driver directly from them.
----
So, I had a different 10.13.6 system that was not essential to me at the moment, so I unblocked trustd & ocspd in little snitch on that system and let it connect. (I did not run the latest script that was developed by Dayo on this system..used earlier method)
I restarted.
Of course, the frigging old drivers are still working.... I'll report back tomorrow if they ever fail....so I can then test the new driver they sent, and see if it actually works.

I can confirm the new driver does indeed fix the revoking of being launched to be installed at least.
Will report back if I can get my system to lock me out again...

Please post, if anyone has any success with these new drivers on a system that is currently revoked....

looks good, from certificate site:

(System refused to let the Suspicious Package tool open the old installer package)

 

[Ivan Shpak]

I contacted NVidia on June 9th. Got a response back today, June 14th.
Amazingly! They sent me a driver to try today. The same one 2 other people reported getting from them last week.
So, go ahead try this and/or contact them directly yourself if you'd like.

They sent me a new driver for 10.13.6 (17G14042) (all latest security updates installed)
387.10.10.10.40.140
This is the driver they sent:

Google Drive - Virus scan warning

drive.google.com

This is how I contacted them.
I contacted them at https://nvidia.custhelp.com/app/ask
Signed in.
Product: Selected GeForce
Install/Uninstall
Put in my exact card
driver 387.10.10.10.40.140

FOr Question, I asked them to please send me a driver that doesn't have it's certificate revoked at apple's servers at ocsp.apple.com
I referenced the exact link to the driver. And also, page 16 of this thread where a couple people reported getting a driver directly from them.
----
So, I had a different 10.13.6 system that was not essential to me at the moment, so I unblocked trustd & ocspd in little snitch on that system and let it connect. (I did not run the latest script that was developed by Dayo on this system..used earlier method)
I restarted.
Of course, the frigging old drivers are still working.... I'll report back tomorrow if they ever fail....so I can then test the new driver they sent, and see if it actually works.

I can confirm the new driver does indeed fix the revoking of being launched to be installed at least.
Will report back if I can get my system to lock me out again...

Please post, if anyone has any success with these new drivers on a system that is currently revoked....

I installed these drivers on a my second reserve/backup computer that also had revoked certificates with a stock GT120 video card, new drivers installed and work, but for me it does not solve the problem because it does not support the VOLTA (GV100) architecture (TITAN V and Quadro GV100 running in my main working machine) This support was in the driver 387.10.10.15.15.108

 

[Fullerfun]

I installed these drivers on a my second reserve/backup computer that also had revoked certificates with a stock GT120 video card, new drivers installed and work, but for me it does not solve the problem because it does not support the VOLTA (GV100) architecture (TITAN V and Quadro GV100 running in my main working machine) This support was in the driver 387.10.10.15.15.108

Contact NVidia, maybe they can issue you a new installer with that specific driver.

 

[Ivan Shpak]

Contact NVidia, maybe they can issue you a new installer with that specific driver.

I spent a huge amount of energy in order to explain to the support service that there was support for this architecture (GV100), and suddenly it was gone, and now this the problem with their certificates (Nvidia Support) is just a mess in the head from this.

My problem is not trivial and I suspected that such an avant-garde approach to choosing a video card could be a problematic solution, I even wrote on the developers forum about our general problem and about my specific problem with Volta, well, in general, I suspect there are not many people in the world who use these video cards.

You're right, I should try asking them about it again.

In addition, Nvidia delete and removed it almost immediately after the release, this is exactly the month of contention between APPLE and Nvidia

 

[Ivan Shpak]

In general, I have a question, to the gurus of this forum, is it possible to sign the oldest driver with a new certificate from this "new" beta from Nvidia? Or compile the kext of the old and new drivers?

 

[DTRX]

I contacted NVidia on June 9th. Got a response back today, June 14th.
Amazingly! They sent me a driver to try today. The same one 2 other people reported getting from them last week.
So, go ahead try this and/or contact them directly yourself if you'd like.

They sent me a new driver for 10.13.6 (17G14042) (all latest security updates installed)
387.10.10.10.40.140
This is the driver they sent:

Google Drive - Virus scan warning

drive.google.com

This is how I contacted them.
I contacted them at https://nvidia.custhelp.com/app/ask
Signed in.
Product: Selected GeForce
Install/Uninstall
Put in my exact card
driver 387.10.10.10.40.140

FOr Question, I asked them to please send me a driver that doesn't have it's certificate revoked at apple's servers at ocsp.apple.com
I referenced the exact link to the driver. And also, page 16 of this thread where a couple people reported getting a driver directly from them.
----
So, I had a different 10.13.6 system that was not essential to me at the moment, so I unblocked trustd & ocspd in little snitch on that system and let it connect. (I did not run the latest script that was developed by Dayo on this system..used earlier method)
I restarted.
Of course, the frigging old drivers are still working.... I'll report back tomorrow if they ever fail....so I can then test the new driver they sent, and see if it actually works.

I can confirm the new driver does indeed fix the revoking of being launched to be installed at least.
Will report back if I can get my system to lock me out again...

Please post, if anyone has any success with these new drivers on a system that is currently revoked....

Thank you for posting the new software packages released by NVIDIA.

My initial testing shows that both the web driver and the CUDA software can be installed without changes to setup file quarantine settings (xattr -c ...). Both components seem to work without issues after installation and multiple reboots.

After removal of the locks of all /var/folders/.../.../.../com.apple.trustd

of /Library/Keychains/crls

and /private/var/db/crls

the driver plus CUDA software still work with trustd operating as intended - even after rebooting.
Hosts blocking/Little Snitch was not applied to my machine and is therefore not in effect. In summary, this new driver appears to be a solution for everyone running High Sierra 10.13.6 (17G14042).

 

[Demigod Mac]

Cat's out of the bag now, I suppose... So, originally Nvidia told us to not share or publicly discuss*. Not sure if that situation has changed or if we should still not be posting such material here. Just keep in mind that leaks could jeopardize their work.
(*a [hidden] reason why I encouraged everyone to log a support ticket with Nvidia)

 

[Fullerfun]

Thank you for posting the new software packages released by NVIDIA.

My initial testing shows that both the web driver and the CUDA software can be installed without changes to setup file quarantine settings (xattr -c ...). Both components seem to work without issues after installation and multiple reboots.

After removal of the locks of all /var/folders/.../.../.../com.apple.trustd

of /Library/Keychains/crls

and /private/var/db/crls

the driver plus CUDA software still work with trustd operating as intended - even after rebooting.
Hosts blocking/Little Snitch was not applied to my machine and is therefore not in effect. In summary, this new driver appears to be a solution for everyone running High Sierra 10.13.6 (17G14042).

Thank you for confirming! Great news! Can’t believe NVidia didn’t just issue the release on their own....

 

[Fullerfun]

Cat's out of the bag now, I suppose... So, originally Nvidia told us to not share or publicly discuss*. Not sure if that situation has changed or if we should still not be posting such material here. Just keep in mind that leaks could jeopardize their work.
(*a [hidden] reason why I encouraged everyone to log a support ticket with Nvidia)

They did not give me any concerns, instructions, or warnings about sharing it. Simply sent it to me. So, if they were concerned, they should’ve written so. I fail to see the reason for waiting so long to release this to the public(unless NVidia is doing something Apple might revoke again?)....they could’ve even said..use with caution..beta release...they didn’t. Meanwhile..we had to reverse engineer trustd...which I’m sure Apple and hackers ”love”....just so we could have working machines again......

 

[DTRX]

Cat's out of the bag now, I suppose... So, originally Nvidia told us to not share or publicly discuss*. Not sure if that situation has changed or if we should still not be posting such material here. Just keep in mind that leaks could jeopardize their work.
(*a [hidden] reason why I encouraged everyone to log a support ticket with Nvidia)

Wow, I do not think keeping the cat in the bag was really helpful for us

 

[majus]

@Fullerfun
Thanks so much for posting the info and link. I'll get caught up enough in a couple of days to try it and report any success or failure. It sounds like it is going to work though. Transparency from Nvidia would have been nice though, something like a public notice maybe.

 

[startergo]

Apple don't want us monkeying with the trustd and may have facilitated Nvidia in this respect. I am not sure what is holding Nvidia from posting it publicly.

 

[JoseAlberto298309]

In summary, this new driver appears to be a solution for everyone running High Sierra 10.13.6 (17G14042).

So this is the droid we're looking for?

Just to spell it out so my feeble mind can grasp, it's the same driver previously supplied - but now with a working certificate so we don't need any of the brilliant solves supplied by this channel? (I got Dayo's script working and am now so traumatized by all this to fiddle with anything haha...)

But we just run it again, select disable, and then... run this pkg from Nvidia and right as rain?

 

[Speedstar]

After reading all 25 Pages I am frightening to boot my 5,1 again ...

I downloaded scripts :
1.NvidiaWebdriverRevocationWorkaround_v13
2.com_apple_trustd_delete_and_lock
3.com_apple_trustd_just_for_listing_the_commands
etc.

I also tried to patch Webdriver with https://github.com/corpnewt/Web-Driver-Toolkit
with WebDriver-378.05.05.25f19.pkg

1st Question: Is there a workaround for Sierra 10.12.6 (16G2136) ?

after booting CUDA prefpane opens (no GPU found), menu is set to Nv-driver but prefpane from Nvidia is still
broken.Next time CUDA pref also can't launch anymore ...

2.nd Question: I have also RAID Sierra 12.4 running , CUDA is old now I fear to update.what's next?

3rd Question: I am also using HighSierra 13.2 because of multiGPU 378.10.10.10.25.106 driver
and I want to recover this old image but last time I was not able to run Davis Dubois's github webdriver script
( does not exist anymore :https://vulgo.github.io/nvidia-drivers/) to install special version on 13.2 HighSierra is
there also a way to sign specific webdriver version ?

4th Question? and last question could we make a final Tutorial page with how-tos and scripts
from this topic in one place ?

Thank you all for keeping our old good Macs alive with CUDA software !!!

 

[pxlpshr22]

I contacted NVidia on June 9th. Got a response back today, June 14th.
Amazingly! They sent me a driver to try today. The same one 2 other people reported getting from them last week.
So, go ahead try this and/or contact them directly yourself if you'd like.

They sent me a new driver for 10.13.6 (17G14042) (all latest security updates installed)
387.10.10.10.40.140
This is the driver they sent:

Google Drive - Virus scan warning

drive.google.com

This is how I contacted them.
I contacted them at https://nvidia.custhelp.com/app/ask
Signed in.
Product: Selected GeForce
Install/Uninstall
Put in my exact card
driver 387.10.10.10.40.140

FOr Question, I asked them to please send me a driver that doesn't have it's certificate revoked at apple's servers at ocsp.apple.com
I referenced the exact link to the driver. And also, page 16 of this thread where a couple people reported getting a driver directly from them.
----
So, I had a different 10.13.6 system that was not essential to me at the moment, so I unblocked trustd & ocspd in little snitch on that system and let it connect. (I did not run the latest script that was developed by Dayo on this system..used earlier method)
I restarted.
Of course, the frigging old drivers are still working.... I'll report back tomorrow if they ever fail....so I can then test the new driver they sent, and see if it actually works.

I can confirm the new driver does indeed fix the revoking of being launched to be installed at least.
Will report back if I can get my system to lock me out again...

Please post, if anyone has any success with these new drivers on a system that is currently revoked....

Confirm! This works for me! Extended the life of this 12 year-old Mac for a little longer.

MacPro 5,1
macOS 10.13.6 (17G14042)
NVIDIA GeForce GTX 980
Boot ROM Version: 144.0.0.0.0

HUGE thank you to @DTRX and @Dayo! Really appreciate you guys working so hard to get a fix. Can't thank you enough, so many were left to dangle when the certificate was revoked.

Thank you to @Fullerfun for contacting NVIDIA and sharing the driver package.

 

[Demigod Mac]

(unless NVidia is doing something Apple might revoke again?)

That's my main concern. Apple (or Nvidia, even) could revoke the new certificate in retaliation and end efforts to work on the issue any further, then all of us would forever have to resort to using hacks instead of having a properly working driver to last the rest of our old Macs' lifetimes.

Wow, I do not think keeping the cat in the bag was really helpful for us

(see above) Short-term benefit but potential long term loss. Worth it if in the end they publicly publish a working driver and don't revoke it. Also did not want to betray their technician's trust.

They did not give me any concerns, instructions, or warnings about sharing it. Simply sent it to me. So, if they were concerned, they should’ve written so.

Fair enough - indeed they should have said if it were still meant to stay secret (with tech support reps your mileage may vary). Given that two of us were told to not share it, it's possible the third rep simply forgot to mention it.
(hopefully, it doesn't matter to them anymore)

I am not sure what is holding Nvidia from posting it publicly.

Hope I'm wrong about this, but they could be taking a half-measure and are only providing the driver link to people who log a support ticket, in hopes the issue will quietly fade away and it won't attract unwanted attention from Apple.

I don't really see a logical reason why they can't publish it right away unless they're still working out something with Apple, especially in light that the certificate was revoked because of a security breach. Apple may be requiring Nvidia to prove that their certificate store is secured before they will permit publicly publishing any new signed software.

 

[startergo]

Apple may be requiring Nvidia to prove that their certificate store is secured

Not sure sure what would that proof contain? The purpose of security certificate is to be the "proof" of security. The only way to find if it is not secure is to find illegitimate software using that certificate (i.e private key stollen). It is like the presumption of innocence. The burden is on the prosecution (Apple) to prove guilt (certificate not secure).

 

[Demigod Mac]

Not sure sure what would that proof contain? The purpose of security certificate is to be the "proof" of security. The only way to find if it is not secure is to find illegitimate software using that certificate (i.e private key stollen). It is like the presumption of innocence. The burden is on the prosecution (Apple) to prove guilt (certificate not secure).

It'd be due diligence on Apple's part. They'd at least want to know (at a high level) how the breach happened, assurance that the attacker no longer has access to Nvidia's environment, and what remediation measures Nvidia took to prevent it from happening again. For all Apple knows, the attacker could still have access and would use replacement certs to digitally sign Mac malware. Nvidia would have contacted a cybersecurity firm to conduct a forensic audit, and waiting on the conclusion of that investigation may be what's holding Nvidia up on releasing any more signed Mac software. (all of this just speculation on my part... but it would make the most sense to me as to why they haven't published the replacement driver yet when it seems like it'd be so easy)

 

[startergo]

It'd be due diligence on Apple's part. They'd at least want to know (at a high level) how the breach happened, assurance that the attacker no longer has access to Nvidia's environment, and what remediation measures Nvidia took to prevent it from happening again. For all Apple knows, the attacker could still have access and would use replacement certs to digitally sign Mac malware. Nvidia would have contacted a cybersecurity firm to conduct a forensic audit, and waiting on the conclusion of that investigation may be what's holding Nvidia up on releasing any more signed Mac software. (all of this just speculation on my part... but it would make the most sense to me as to why they haven't published the replacement driver yet when it seems like it'd be so easy)

Breach happened with an insider physically installing remote monitoring/access software on company premises .

 

[TedsterTheSecond]

Okay, so it all sounds very clandestine. So with the NVidia supplied updated driver, would I be best binning everything labelled NVidia or CUDA on the system 'as is' first, or is there an uninstaller, or does the installer do that housekeeping?

Sorry I used to just use Benjamin Dobells Github script to install NVidia.

 

[DTRX]

1st Question: Is there a workaround for Sierra 10.12.6 (16G2136) ?

2.nd Question: I have also RAID Sierra 12.4 running , CUDA is old now I fear to update.what's next?

3rd Question: I am also using HighSierra 13.2 because of multiGPU 378.10.10.10.25.106 driver
and I want to recover this old image but last time I was not able to run Davis Dubois's github webdriver script
( does not exist anymore :https://vulgo.github.io/nvidia-drivers/) to install special version on 13.2 HighSierra is
there also a way to sign specific webdriver version ?

4th Question? and last question could we make a final Tutorial page with how-tos and scripts
from this topic in one place ?

To 1: We tried to find a solution for "Low" Sierra by locking a different set of folders. Dayo should have implemented it in his script. Give it a try and report to eventually help others.

To 2: Do not update. Try Dayo's script. It is not bound to a particular version of CUDA. Although there might be small differences in trustd's implementation for different subversions of Sierra. The info about which folders to lock to break trustd was taken from the latest version of Sierra (10.12.6). I'd still give the script a try and test if it works for you.

To 3: I am not sure if a different package could ever be re-signed with a new certificate, if there is no access to NVIDIA's development resources. IMHO the possibility of re-signing new packages by anyone should break the principles of software security of signed code. But maybe we have some experts around us to comment more on that?

To 4: Since information that new drivers were out there was hidden from some users active in this thread, I am sorry but at least I am not willing to invest more time.

Okay, so it all sounds very clandestine. So with the NVidia supplied updated driver, would I be best binning everything labelled NVidia or CUDA on the system 'as is' first, or is there an uninstaller, or does the installer do that housekeeping?

Sorry I used to just use Benjamin Dobells Github script to install NVidia.

Software removal is not necessary. Just install the new software.

 

[TedsterTheSecond]

To 1: We tried to find a solution for "Low" Sierra by locking a different set of folders. Dayo should have implemented it in his script. Give it a try and report to eventually help others.

To 2: Do not update. Try Dayo's script. It is not bound to a particular version of CUDA. Although there might be small differences in trustd's implementation for different subversions of Sierra. The info about which folders to lock to break trustd was taken from the latest version of Sierra (10.12.6). I'd still give the script a try and test if it works for you.

To 3: I am not sure if a different package could ever be re-signed with a new certificate, if there is no access to NVIDIA's development resources. IMHO the possibility of re-signing new packages by anyone should break the principles of software security of signed code. But maybe we have some experts around us to comment more on that?

To 4: Since information that new drivers were out there was hidden from some users active in this thread, I am sorry but at least I am not willing to invest more time.


Software removal is not necessary. Just install the new software.

Thanks @DTRX as ever for so much genuinely appreciated work on this, thanks @Fullerfun for the link.