Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
The first post of this thread is a WikiPost and can be edited by anyone with the appropiate permissions. Your edits will be public.
Would anyone know why I can't install security update 006?

It gave me the message "... can't be installed on this disk. This volume does not meet the requirements for this update."

It showed this for my main boot drive and all of the other hard drives I have connected....
I get the same message when I did a fresh reinstall of the OS. Just rebooted and re-update.
 
Enhanced the initial script to allow deactivating the locks if/when an official fix is issued, cover the spectrum of items needed and accommodate switching from the previous method in Post 82.

First thing to do is to take a backup that can be restored if required.

There are 2 stages. The first involves removing the revoked certs and reinstalling. If this works for you then you are good and will keep your Mac's security level at what it currently is. You do not need the second stage.

If the first stage does not work for you, or you are unwilling/unable to copy and paste the commands into Terminal, then move to the second stage where you just have to run a script that will degrade the security level to allow things to work.

STAGE 1: STRIP CERTS AND REINSTALL
  1. Run the following command in Terminal to fetch and run a script (from GitHub) for getting Nvidia Webdrivers directly from Nvidia: cd ~/Downloads && rm -fr ~/Downloads/Web-Driver-Toolkit && git clone https://github.com/corpnewt/Web-Driver-Toolkit && cd Web-Driver-Toolkit && chmod +x Run.command && ./Run.command
    1. The script will allow you to download Nvidia web drivers which will be saved in ~/Downloads/Web-Driver-Toolkit/Web Drivers.
      • Select the Download By Build Number option
      • While it may seem counterintuitive, to be absolutely sure the certificates are stripped out, DO NOT select the version of the driver matching your actual build number, but the build number before yours and then use the script option to patch this to what you need. The certificates will be stripped out as part of this patching.
        • To check your actual build number, run sw_vers -buildVersion in Terminal
    2. After the script is downloaded, use the Patch Install Package option in the script to patch the web driver. This will fully clear the revoked certificates from the package including from kexts used by the web driver.
  2. 
Download the relevant CUDA package and run the following in Terminal to strip the certificates: cd ~/Downloads && rm -fr ~/Downloads/cxda_tyzp && pkgutil --expand /FULL/PATH/TO/CUDA/PKG ~/Downloads/cxda_tyzp && rm -fr /FULL/PATH/TO/CUDA/PKG && pkgutil --flatten ~/Downloads/cxda_tyzp /FULL/PATH/TO/CUDA/PKG && rm -fr ~/Downloads/cxda_tyzp
    • Paste the command into TextEdit, amend /FULL/PATH/TO/CUDA/PKG to suit and run this in Terminal
    • You can get the full path to the CUDA pkg by dragging and dropping the file into Terminal
  3. 
Fully isolate your Mac from the web and boot into Safe Mode.
    1. Safe Mode will enable a basic GPU driver that will, while not accelerated, allow you to operate your Mac without web drivers. Importantly, booting into Safe Mode while disconnected from the web will purge several caches.
    2. To boot into Safe Mode, turn on or restart your Mac, then immediately press and hold the Shift key until you see the login window. Log in to your Mac (You might be asked to log in a second time).
    3. You can verify you are in Safe Mode as follows:
      • Go to About This Mac >> System Report >> Software
      • In the System Software Overview, look at the value listed next to the item labeled Boot Mode.
        • Safe: The Mac is using safe mode.
        • Normal: The Mac is not using safe mode.
    4. It might be a good idea to run crlrefresh rp in Terminal after logging in to ensure the caches are purged
  4. Install both the patched web and CUDA drivers
  5. Reconnect to the web, reboot into Normal Mode and activate the webdriver.
If this sorts out your issues, then you can stop here and live happily ever after. It doesn't matter whether Nvidia/Apple fix the certs or not, you are good for good without needing to compromise on security. Whatever the outcome however, pester Nvidia for a fix. If it did not sort out your issues, you need to try STAGE 2.

STAGE 2: PURGE AND LOCK TRUSTD CACHES
  1. Fully isolate your Mac from the web and boot into Safe Mode.
    1. See STAGE 1 above for details on booting into Safe Mode.
  2. Download the attached file, unzip it and double click to open it in Script Editor built into MacOS
  3. Once in Script Editor, click on the obvious button to run the script.
  4. Select the script option to activate the workaround when presented.
    1. If the script asks for confirmation on the paths it will work on, check the listed paths and make sure they include either of:
      • /C/com.apple.trustd
      • /T/com.apple.trustd
    2. Click 'No' if any path does not include one of these paths and report the issue.
  5. Reconnect to the web after running the script, reboot and you should be up and running.
If not up and running after this, restore the backup you took at the very start and switch to AMD or wait for a fix from Nvidia and/or Apple. Whatever the outcome, pester Nvidia for a fix.


To revert the changes made by the attached script (if/when a proper fix is available), run the script in normal boot mode and select the option to deactivate the workaround. You might also want to do this if you do decide to switch to AMD.

CREDITS:
@DTRX for the trustd cache blocking
@Macschrauber for the initial cache block script
GitHub User CorpNewt for the Web-Driver-Toolkit
Misc Others for tips and feedback

SCRIPT EDITS:
01. Lock/Unlock folders instead of contents
02. Misc Fine Tune
03. Structural Tweaks
04. Remove OCSP blocks in hosts file, Handle /Library/Keychains/crls
05. Misc Tidy Up
06. Reintroduce OCSP blocks in hosts file, Download and patch WebDriver-387.10.10.10.40.140
07. Prefers disconnection from the web, Prefers running under Safe Mode
08. Fixes missing 'WebDriver' variable
09. Misc Tidy Up
10. Remove web driver download/patching added in v06
11. Improve resilience ... allows support for LoSierra/Earlier
12. Improve support for LoSierra/Earlier
13. Adjust Some Sqlite DB Handling
14. Flush DNS to improve deactivation process
Dayo: I have followed your direction and I am to a point I need a little more input from you. Let me try to explain: I have gotten the WebDriver downloaded and I have done the Patch, But what was not clear to me was which build number to use on the patch? My macs build no. is the last in the series of build numbers. so used the one before it as you instructed. And then selected the Patch command, and this also asked for a build number. My assumption was to use the true build number for the patch. However, I am not sure if I did this correctly. Could you please clarify? And thank you for taking the time to reply.
 
Last edited:
Dayo: I have followed your direction and I am to a point I need a little more input from you. Let me try to explain: I have gotten the WebDriver downloaded and I have done the Patch, But what was not clear to me was which build number to use on the patch? My macs build no. is the last in the series of build numbers. so used the one before it as you instructed. And then selected the Patch command, and this also asked for a build number. My assumption was to use the true build number for the patch. However, I am not sure if I did this correctly. Could you please clarify? And thank you for taking the time to reply.
Did you read the first post?
 
Could you please clarify?
You should no longer need the script in most cases as outlined in Post 1.

If you do still need it, such as if not on HiSierra or wanting to use a version of HiSierra that is not the fixed last version for whatever reason, then yes, the process is to first choose a build version before the one you need.

This Not-Actually-Wanted-Version then needs to be patched to the wanted version by selecting the build number that corresponds to the atually wanted target at the relevant step. The certificates will be removed as part of the patching process.
 
Since June 2 I have had the same experience as all others writing here, except -- I did not update or try to fix anything other than remove the offending video card and reinstall my original ATI card. Pressed for time, I was going to fix everything when I had the time.

On June 28 I moved to a new home. On July 1 I finally found time to set up my computer again. The only thing that changed in my setup was the service provider, formerly AT&T, now Cox.

Now to what has changed: my original Nvidia driver (WebDriver-387.10.10.10.40.128) may be OK now (Driver Manager works) and I once again get the CUDA panel at startup which tells me no GPU was detected. I downloaded the driver .pkg file to check and see if it was functioning and it wants to continue the install.

So something has been changed/fixed, either by Nvidia or Apple. I don't have enough time right now to reinstall my GTX 1070 to test it (maybe next week). I just wanted to mention this in case others have more time to look into it and verify the change.
I can also confirm a similar result. It's been 2 months since I've been able to get time to address this issue. I've been monitoring this thread to get my plan of action. My rig has been off for 2 months basically. Today was the day. I reviewed the thread again and saw your post and figured I'd try just booting up....and viola! Nvidia web drivers are working and say up to date. Nvidia control panel works fine. I had one more High Sierra 10.13.6 update to apply to attempt the driver reinstall so my OS is not fully updated (17G14033) (& its been at this version for a long time). Current Nvidia driver is 387.10.10.10.40.139...CUDA says there is an update available (currently 387.178 - update says 418.163) Anyone think there would be an issue updating CUDA now that the display drivers are working?

So in summary, I did nothing to my rig at all and everything seems to be okay now. I booted up normally with internet connected. So hopefully this is good news for anyone that hasn't tried to fix this yet. And hopefully it remains functional.
 
  • Like
Reactions: garibaldo
...I had one more High Sierra 10.13.6 update to apply to attempt the driver reinstall so my OS is not fully updated (17G14033) (& its been at this version for a long time). Current Nvidia driver is 387.10.10.10.40.139...CUDA says there is an update available (currently 387.178 - update says 418.163) Anyone think there would be an issue updating CUDA now that the display drivers are working?
My system updates are older than yours (10.13.6 (17G7024) 387.10.10.10.40.128) and before all this trouble started I was using CUDA 418.163 with no problems. I still haven't reinstalled my GPU yet but when I do I expect everything will just work again.

So I think you would be OK with the CUDA update.
 
Thanks everyone! I was finally able to go from Sierra 12.6 to High Sierra 13.6, and fix this issue!
In the interim, I had to revert back to my old ATI Radeon HD 5770 GPU and a single monitor (glad I kept this GPU in my machine and my wife happened to still have an unused monitor with DVI still). But the step by step process worked perfectly, and now I have multiple monitors again, and can edit in After Effects much faster with my working NVIDIA GTX Titan X.

  1. Before upgrading my OS from 10.12 to 10.13, I cloned my bootable drive to do all my upgrades/testing on there just in case.
    1. Since Disk Utility doesn't natively allow you to clone a bootable drive, I had to do it by restarting in Recovery Mode (I used this walkthrough) and cloned it from there.
      NOTE: My 3rd Party mechanical keyboard wouldn't work to boot into recovery mode (didn't recognize CMD+R from that keyboard), so I had to borrow a friend's old Apple/Final Cut Keyboard to finally get this to work.
  2. Then after I downloaded High Sierra from the App Store using the support link from Apple, I ran the install.
  3. After the restart and full install of 10.13, I waited for the "Optimizing Your Mac" to complete in the background before then doing the exact same process, but with each of the two Security Updates (2020-005 & 2020-006) with multiple restarts in the process.
  4. At this point I installed the Re-Signed NVIDIA drivers they provided, and then shut down.
  5. Opened up my unit, and reinstalled my NVIDIA GTX Titan X (that my cat had knocked off a shelf, 4 feet down onto a hard floor while I was away on vacation - hoping it was still functional).
  6. Powered on - and VOILA! Everything fixed and back to normal.
No Safe Mode needed.
No Terminal Commands or Scripts Needed.
Simply going through the GUI install interfaces for all OS updates and NVIDIA Driver Updates.

Thanks everyone! This thread has been a lifesaver. Thanks to @Nermal for making the first post a wiki so that it was easy as ever to come back and follow the steps without getting lost.
 
Last edited:
You should no longer need the script in most cases as outlined in Post 1.

If you do still need it, such as if not on HiSierra or wanting to use a version of HiSierra that is not the fixed last version for whatever reason, then yes, the process is to first choose a build version before the one you need.

This Not-Actually-Wanted-Version then needs to be patched to the wanted version by selecting the build number that corresponds to the atually wanted target at the relevant step. The certificates will be removed as part of the patching process.
Yes, finally I read the first Post and I am up and running. I did not read the first post at first because a friend sent me the link I was working off of which was a long way down the thread. Thanks for the help.
 
Hi everybody,
I am happily announcing that after not using my mac pro for the whole summer, i just tried one more time to install the nvidia driver and it was a success.
I did nothing extra to fix things. It seems that Nvidia or Apple, after a lot of complains, fixed the issue?
(10.13.6 (17G14033) webdriver 387.10.10.10.40.139.
 
Really Sorry Guys, but I need a little help here.

I'm running into huge problems with Cinema 4D R20 and Octane and the overall stability of the system. I've had black screens in C4D and restarts sometimes taking 15 minutes where the mac sounds like it's trying to load the graphics card like a monitor high pitched electrical switching noise.

On the plus side I got my mac up to macOS 10.13.6 (17G14042)
I installed NVidia 387.10.10.10.40.140
I run Octane 2020.2.5-R3

I suspect there's bits of the old drivers that lost their certificate that NVidia didn't uninstall or those kexts, permissions and certificates I keep hearing about but don't know what they are. Is there a a script that will uninstall everything NVidia then I can start again with the NVidia 387.10.10.10.40.140 on a clean system? You'll notice I have a plain GT120 mac system card I can pop a plain vanilla lower rez monitor on so I can see what I'm doing while the 980Ti is down.

I nearly gave up and bought a newer mac, but surely unless it's M1 I'll run into the same problems and I simply can't afford it. Massive thanks in advance. I know it's going over old ground but there's quite a few variants of advice on the prior 32 pages, so just wondered if there was a consensus.



Screen Shot 2022-10-08 at 19.52.48.png
 
Really Sorry Guys, but I need a little help here.

I'm running into huge problems with Cinema 4D R20 and Octane and the overall stability of the system. I've had black screens in C4D and restarts sometimes taking 15 minutes where the mac sounds like it's trying to load the graphics card like a monitor high pitched electrical switching noise.
Post #662 on page 27 has the answer you are looking for. Not a script, but how to do it manually
 
Post #662 on page 27 has the answer you are looking for. Not a script, but how to do it manually
Thank you so much!!!!! So I guess when I boot in safe mode none of the NVidia drivers will load so I'll need to plug a lower rez monitor in to the standard graphics card to perform the fix? That's the only question. Thanks again @majus - amazing.
 
Thank you so much!!!!! So I guess when I boot in safe mode none of the NVidia drivers will load so I'll need to plug a lower rez monitor in to the standard graphics card to perform the fix? That's the only question. Thanks again @majus - amazing.
First page has the answer and the link to the drivers. No safe mode needed.
 
  • Like
Reactions: majus
Hey guys I'm dragging up this thread as I've had an annoying issue since updating.
I was one of the first to follow this thread and update to the newly signed drivers.
I'm on build 17G14042 with driver 387.10.10.10.40.140.

Since this upate I have a problem with GUI scaling in some apps making certain things unusable.

I have a 4k monitor, and as is very common I set the UI scale to 'looks like 2560x1440' in the sys pref display settings.
However this throws out some apps like the GUI for some plugins in Pro Tools. The scale is all out of whack for these and extends way past where the limits of the window are and makes changing settings impossible. Also things like the project loading/welcome screen in Adobe Premiere is all messed up.

If I choose no scaling in sys prefs everything returns to function as normal but the UI is so tiny that's it's a real strain on the eyes.

Photoshop doesn't want to use my GPU anymore either and throws crazy artifacts all over the screen but that's a different issue to the UI scaling.

Does anyone know if I revert back to my old driver (and possibly OS build if required) if the driver signing issue will be resolved automatically?

Reading here it seems like some people who waited for it all to blow over never had to change anything at all and things just started working again...

Thanks!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.