MP 1,1-5,1 Cannot install or use Nvidia Webdrivers anymore!

[camat73]

I did a fresh install of Sierra(16G29) on a separate drive with Unibeast and Multibeast. I installed Nvidia drivers for that build (378.05.05.25f01) while offline without problems. Then I connected back to the internet and everything seems to be working fine for this configuration. Rebooted multiple times and no issues.

Then I upgraded to Sierra(16G2136) and updated the Nvidia driver through the NVIDIA Driver Manager. This gave rise to the same issues from High Sierra.(Drivers not working, and NVIDIA Driver Manager inaccessible). I have a GTX 970 card.

 

[hoanglong]

have you successfully installed it for highsierra?

 

[hoanglong]

I tried block ocsp but it still doesn't work

 

[The Buggman]

However the install fails at the end. Don’t know what local data I need to delete next to be able to complete the installation. Anyone have any ideas?

Is it just this pkg or all pkg's which fail for you?
I would suggest the simplest solution of resetting your SMC and NVRAM and then running the steps again.

 

[Ivan Shpak]

I did a huge number of resets in different sequences with different hardware configurations of the system disks of the boards, etc., but it's all the fault of the Internet, through which all kexts are blocked at a very low level.

i wrote a post on the developers forum it is a bit lyrical but i would like everyone to follow the link and express your indignation and what you had to face in these last two days

Nvidia Web Driver For MAC OS for "Volta" Architecture

Hey everyone, I’m a graphics and publishing and art production professional, but I’m also a fan of Nvidia products. A few years ago, Nvidia did not share something with Apple, and users were deprived of full support for Nvidia products. Full-fledged drivers were left to unlock the potential of...

forums.developer.nvidia.com

 

[dutchyonabike]

After messing around for hours, I removed my GTX 980, restarted my 2012 MacPro 5,1 (10.13.6) without any video card. Then I put the card back in the machine, restarted it and now everything works like normal. The preferences pane for Nvidia and Cuda work like normal.

 

[poof86]

After messing around for hours, I removed my GTX 980, restarted my 2012 MacPro 5,1 (10.13.6) without any video card. Then I put the card back in the machine, restarted it and now everything works like normal. The preferences pane for Nvidia and Cuda work like normal.

What else did you do (block?) before this worked?

 

[Ivan Shpak]

After messing around for hours, I removed my GTX 980, restarted my 2012 MacPro 5,1 (10.13.6) without any video card. Then I put the card back in the machine, restarted it and now everything works like normal. The preferences pane for Nvidia and Cuda work like normal.

Internet connected, before or after?
Give me some more details please

OpenVNC without Any GPU

 

[AngusYoung]

Following, I am in the same boat as you all.

 

[bllx]

I have the problem also: lost nearly half a day diagnosing but at least I found this thread before reinstalling the OS.
2010 Mac Pro 5,1 10.13.6 and a GTX970.
Put my Radeon 5770 back in alongside the 970, so I can run macOS with the 5770 and then the 970 on Windows. The PCIE fan runs loudly while gaming in Windows, trying to cool the 970 when there's a big fat 5770 right next to it. Overall though temps are ok; I just re-pasted my Northbridge and CPU which has helped a lot.
Let's hope this gets resolved soon. Quite eerie having a working installation self-destruct due to secret conversations elements of the software have with certificate authorities, esp as it looks like Little Snitch etc can't really stop it. Leaves you feeling powerless.

BTW I should add that for me it happened gradually: I first dismissed some reported error concerning the Nvidia pref pane a week or 2 ago; then I noticed streaks on moving windows a few days ago (ie unaccelerated); then on 1 June v early am VLC refused to play things full screen video (the sound was there).

Am I right in thinking I could somehow insert a boot arg thus enabling me to use macOS with the 970 unaccelerated?

 

[flyproductions]

So, it just seems to work again! 30 or something reboots without any issues.

I still don't know what made it. Blocked ocsp with Little Snitch as well as with the terminal command and deleted caches. Also blocked trustd.

I hope i have successfully blocked any certificate validating "service" for all time by now and they all can put their "certificates" to where the sun don't shine for all coming times. I don't want to experience a "nice surprise" like that ever again! It costed me two whole working days and would have put me into serious trouble if happened in the middle of a time critical projekt. I really don't get the point of limiting the time vital parts of my system - which worked for years - can be run "safely". And i don't ever want someone somewhere on the net to decide and pull the plug as they like.

I whish everybody the best of luck in getting this fixed too!

 

[Ivan Shpak]

So, it just seems to work again! 30 or something reboots without any issues.

I still don't know what made it. Blocked ocsp with Little Snitch as well as with the terminal command and deleted caches. Also blocked trustd.

I hope i have successfully blocked any certificate validating "service" for all time by now and they all can put their "certificates" to where the sun don't shine for all coming times. I don't want to experience a "nice surprise" like that ever again! It costed me two whole working days and would have put me into serious trouble if happened in the middle of a time critical projekt. I really don't get the point of limiting the time vital parts of my system - which worked for years - can be run "safely". And i don't ever want someone somewhere on the net to decide and pull the plug as they like.

I whish everybody the best of luck in getting this fixed too!

Absolutely agree!
This hit my deadlines, in the project, I just reinstalled and restored from backup 4 times and every time I sat until 5AM in the morning)

Please write what list of actions you got and their order, it may be needed.

I even got a backup computer for experiments because I am now working without the Internet on the main computer, and I transfer files using the USB drive. In general, this is complete hell!

 

[mattspace]

the most generous interpretation I can think of with this, it may have a similar cause to the iCloud High Sierra issue of the last month or so - there's probably a person responsible for legacy security certificate management, as one aspect of their job, who is being hammered with other stuff in the lead-up to WWDC.

 

[takovej]

Until I'll find better solution, I'm blocking ocsp/ocsp2 apple servers @ hosts-file level. Seem to work fine so far (1day, ~5 restarts)

 

[poof86]

It’s not working for me

I was able to re-install the drivers by removing the pkg signing with https://github.com/etrepum/strip_pkg_signature

but when I enable the Nvidia web drivers I can’t boot in

should I remove the codesign on all kext that are installed? Won’t that just give another signing error on boot?

 

[Syncretic]

I don't have a WebDriver-relevant NVidia card, and the oldest MacOS I have handy is Catalina, so the following may be useless - but there are a few command-line (Terminal) tricks you folks might find helpful (if they work in HS):

(You may or may not need to add sudo to the beginning of these commands, and you will definitely need to adjust the paths/filenames for your system and .pkg version. The example name I'm using here is WebDriver-387.10.10.10.40.140.pkg, and I'm assuming you've chdir-ed into the folder containing it; otherwise, just prepend /the/path/to/your/file/ to the filename.)

• You should be able to get rid of the Quarantine attribute that keeps you from opening the .pkg file in Pacifist or other programs, as follows:

  xattr -r -d com.apple.quarantine WebDriver-387.10.10.10.40.140.pkg

• You should be able to remove the signature from the WebDriver .pkg file by expanding and flattening it, as follows:

  pkgutil --expand WebDriver-387.10.10.10.40.140.pkg /tmp/FlatNVIDIA.pkg
  pkgutil --flatten /tmp/FlatNVIDIA.pkg WebDriver-387.10.10.10.40.140_NoSignature.pkg

  This should allow installation of the _NoSignature version, at least.
• Whether you do the expand/flatten trick or not, you should be able to bypass the bad signature and get the drivers installed (even if they'll fail later), as follows:

  installer -allowUntrusted -verbose -pkg WebDriver-387.10.10.10.40.140.pkg -target /

I wish I still had a High Sierra setup to test this, because it feels like there should be a reasonably straightforward workaround without completely disabling trustd (which seems like a Bad Idea™). You should be able to either forcibly trust the revoked certificate, or simply remove the driver signing altogether. In any case, good luck!

 

[funckdren]

Some over in the MacProUpgrade group on Facebook are reporting that their Nvidia cards are running fine (not sure what OS yet) on systems with existing drivers. One thing I do know is that that I first noticed this problem after zapping my PRAM running High Sierra, which for some reason always tanks my Nvidia drivers. I went to do a simple reinstall of drivers and all hell broke loose. Before I figured out the problem, I booted to a back-up OS running Sierra, and everything booted up fine, so I know that the problem did not show up on a different startup disk with drivers already installed. Right now I'm tinkering now with a Time Machine back-up to see if I can get back to where I was on High Sierra before zapping PRAM, but does anyone know where Nvidia drivers and accompanying files are located, and if there's anyway to copy them at the finder level from a back up of your OS?

 

[funckdren]

Also, FWIW, the card that continued to work on Sierra was a flashed card from MacVidCards.

 

[poof86]

Here's a list for you... I self signed all the kext files, but this didn't help. It seemed as if the prefpane was about to open, but it crashes with an error that I should reinstall the drivers.

 

[adriandegar]

There’s a lot of references in this thread to codesign which seems useless for packages.

As I understand it productsign it will only work with a developer account but would be able to solve the deeper issues with the pkg and underlying files.

Is getting a developer account to sign the pkg not a viable solution here?

 

[drifeppelin]

So now I'm going to just wait and see what happens... I've restarted a couple times already and so far things are working, but like before it's hard to say if it will remain that way.

Just giving another update. Another day has passed and everything is still working completely as it did before it broke, minus whatever I'm losing for blocking ocspd and trustd.

If anyone missed it, Dayo put together instructions for a permanent fix back on page 4 which has worked for me and a few others: https://forums.macrumors.com/thread...re.2346445/page-4?post=31142878#post-31142878
Of course since it involves blocking connections it's still less than ideal, but it has been working for me.

I second others when I say this whole thing has been super disruptive! I'm also in the middle of a big project and gosh that is not what you like to see.

 

[takovej]

I believe there were some security features introduced by nVidia in 387.10.10.10.40.140 drivers where it does not load properly if not signed. Maybe you may give it a try 387.10.10.15.15.108 version and override OS build requirements.
I'm not sure about this, it is just my assumption. What I did I've just restored timemachine backup from May (without connecting to internet), modify the hosts file (I think it's better idea to use 0.0.0.0 instead of 127.0.0.1 but both should work here) and connected it back online. Works fine so far.

However, I hope somebody will came with better idea than blocking ocsp

Catalina is no-go for me (dosdude1 patch does not support 4 monitors but only 3 per GPU, moreover I still use some 32-bit apps too) and still I prefer HS over Mojave (no CUDA, no AFP, no HDMI Audio without SIP disabled AFAIK?).

 

[adriandegar]

I don't have a WebDriver-relevant NVidia card, and the oldest MacOS I have handy is Catalina, so the following may be useless - but there are a few command-line (Terminal) tricks you folks might find helpful (if they work in HS):

(You may or may not need to add sudo to the beginning of these commands, and you will definitely need to adjust the paths/filenames for your system and .pkg version. The example name I'm using here is WebDriver-387.10.10.10.40.140.pkg, and I'm assuming you've chdir-ed into the folder containing it; otherwise, just prepend /the/path/to/your/file/ to the filename.)

• You should be able to get rid of the Quarantine attribute that keeps you from opening the .pkg file in Pacifist or other programs, as follows:

  xattr -r -d com.apple.quarantine WebDriver-387.10.10.10.40.140.pkg

• You should be able to remove the signature from the WebDriver .pkg file by expanding and flattening it, as follows:

  pkgutil --expand WebDriver-387.10.10.10.40.140.pkg /tmp/FlatNVIDIA.pkg
  pkgutil --flatten /tmp/FlatNVIDIA.pkg WebDriver-387.10.10.10.40.140_NoSignature.pkg

  This should allow installation of the _NoSignature version, at least.
• Whether you do the expand/flatten trick or not, you should be able to bypass the bad signature and get the drivers installed (even if they'll fail later), as follows:

  installer -allowUntrusted -verbose -pkg WebDriver-387.10.10.10.40.140.pkg -target /

I wish I still had a High Sierra setup to test this, because it feels like there should be a reasonably straightforward workaround without completely disabling trustd (which seems like a Bad Idea™). You should be able to either forcibly trust the revoked certificate, or simply remove the driver signing altogether. In any case, good luck!

Unfortunately this doesn’t work. Like Ashok mentioned in the other thread, the installed kexts won’t load properly. Running kextutil in recovery on the NVDAStartUpWeb.kext shows a signature error:

kext signature failure override allowing invalid signature -67045 0xFFFFFFFFFFFEFA1B for kext "/System/Library/Extensions/NVDAStartupWeb.kext"

Basically booting with the kexts like this looks exactly how it did on June 01 shortly after rebooting my computer. See attached photo, my screen became a pixelated mess.

Checking the install log when I open the original driver pkg I think there’s some deep local data of the com.nvidia.web-driver revocation stored in the system. It’s not a pkg receipt, not in keychain access, and it’s not in the crl db. This is driving me nuts. Really considering just signing up for a developer account to resign the pkg

 

[funckdren]

modify the hosts file (I think it's better idea to use 0.0.0.0 instead of 127.0.0.1 but both should work here)

takovej – Can you briefly explain how to modify hosts file like you've done?

 

[paulcons]

The title of this thread is not exactly correct. I have a HS cMP/980 and it continues to work just fine for the days since the issue surfaced. Back in October, I got and installed WebDriver-378.10.10.10.15.114.