Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
The first post of this thread is a WikiPost and can be edited by anyone with the appropiate permissions. Your edits will be public.

dosdude1

macrumors 68030
Original poster
Feb 16, 2012
2,770
7,329
With fully disabled SIP including authenticated root (ARV), csr-active-config=w%08%00%00 is set in NVRAM, which corresponds to a value of 0x867 after boot.efi reads it (previously 0x67 on Catalina).

Knowing this, the new boot.efi patch is as follows:
- search for CSR:IN string and find the procedure that references it
- find and some_register1,0xffffffef ("some_register1" changes depending on the build but refers to the value loaded from NVRAM, this line is what explains the csr-active-config "w" (0x77) changing to 0x67)
- find the next line which should be mov dword[some_register3],some_register1 (saves the result, where it will be eventually passed to the kernel)
- copy a nearby line that looks like or byte[some_register2+6],0x8 (not honestly sure what this is for, but it's necessary -- presumably setting some flag in a structure which is checked later)
- copy the mov line and change it such that it's writing 0x867 rather than the previously read value
- overwrite the start of the function with those two lines and then ret

An example for DP1's boot.efi (file is also attached):
Code:
0x1f242: mov dword[rsi+0x498],0x867
or byte[rsi+6],0x8
ret

Most likely @dosdude1 and @parrotgeek1 may want this at some point for your patchers. One thing I noticed is that re-selecting the startup disk can cause boot.efi to be overwritten with the original copy -- probably a good idea to figure out where that "comes from" so it can be replaced as well, or automatically re-replace the file on shutdown. Otherwise, SIP may be randomly enabled after a while (I also had this issue on Cat).

Hope this is useful.
The boot.efi is overwritten by the one located in /usr/standalone/i386 when startup disk is set. Just replace it at that location as well, and that will no longer be an issue.
 

adamman648

macrumors newbie
Jun 12, 2019
10
19
Phoenix, AZ| New York City, NY
From the looks of it, this OS will be able to run on some older Macs, If a Redditor was able to get it onto a Chromebook, it can be installed on anything, we just will need to find out how to get it running on pre-2012 Macs. All this will take is time, it will be difficult, but im sure now that it can be done.
 
  • Like
Reactions: Danvan

ASentientBot

macrumors 6502a
Jun 27, 2018
863
3,421
SkyLight.framework
From the looks of it, this OS will be able to run on some older Macs, If a Redditor was able to get it onto a Chromebook, it can be installed on anything, we just will need to find out how to get it running on pre-2012 Macs. All this will take is time, it will be difficult, but im sure now that it can be done.
If you're referring to CoolStar's post, that (while it is awesome) doesn't have much relation to running BS on pre-Metal GPUs, since their Chromebook has an HD 4000.

I'm still investigating OpenGL accel, as most likely are others, but no success yet... wouldn't hold my breath if I were you.
 

KeithJohn

macrumors member
Aug 18, 2015
87
65
Glasgow
Thanks Dosdude1 for your great info as usual... I guess my Mac Mini Late 2012 is now going to be a test bed for Big Sur, had it apart yesterday gave it a good clean out and re-installed Catalina on a 500GB ssd and upped the memory from 8GB to 16GB. Looking forward to my trusty Mac Pro 3.1 being able to carry on and of course my MacBook Pro early 2015 will be upgradeable, I was thinking of getting rid of all of them and get a new Mac something or other as my wife says she is fed up of all the "rubbish" as she calls it in my man cave, but an offer of a new pair of shoes after lockdown ends a bit here in Scotland in July has calmed her down, plans for a new Mac are now off and I have been refurbing all my Macs.

Anyway good luck to all, and Dosdude1 and all the other guys working hard to keep old Macs still going, I salute you all. 😋
 

jackluke

macrumors 68040
Jun 15, 2018
3,321
8,068
That method won’t work, and results in a signature error when booting off the USB installer.

of course these
/Volumes/USBInstallerBigSur/BaseSystem/
/Volumes/USBInstallerBigSur/System/
/Volumes/USBInstallerBigSur/Library/

are hidden folders so you should show all files for example with " CMD+SHIFT+. " from Catalina Finder to patch them.

I guess to use USBLegacyInjector.kext (currently I can't prelink it because machine that I am testing using the stock IOUSB so the kext is not added) the "prelinkedkernel" used for USB BigSur Installer is this:

/Volumes/USBInstallerBigSur/System/Library/KernelCollections/BootKernelExtensions.kc

so it should be external to the BaseSystem.dmg that could remains stock (740 MB) at least to boot the "BigSur Recovery" with mouse and keyboard, or maybe patching internally the "invalid signature checks" in some way that I ignore.
 

Japenxiamen

macrumors newbie
Jun 24, 2020
5
14
MacBook Pro (Retina, 15-inch, Early 2013) successfully installed macOS Big Sur with Wi-Fi working.

Thanks to Andrey Viktorov(https://medium.com/@andv/making-wif...d-macs-with-failed-with-66-error-36c98e3f7965). According to your step, I get the Wi-Fi working properly.
1.jpg


2.jpg
 

jackluke

macrumors 68040
Jun 15, 2018
3,321
8,068
After another install seems currently I still can use "sudo mount -uw /" so can't replicate the mounting error that many have of "snapshots booting" (I also don't have any snapshot either on Catalina and BigSur), I am booting directly from the APFS BigSur Preboot (from apple startup manager), but sometime I also boot only the APFS System avoiding the Preboot, using the refind bootloader, because it lets to boot an APFS Volume targeting directly the System (AFAIK opencore can't do this)

/Volumes/BigSurLabel/System/Library/KernelCollections/BootKernelExtensions.kc

(while instead the one used from Preboot is at
/Volumes/Preboot/UUID-BigSur/boot/System/Library/KernelCollections/BootKernelExtensions.kc)

but before doing this to avoid any annoying "platform not supported (verbose message)" or prohibitory symbol, I removed these files (equivalent to "-no_compat_check"):

/Volumes/Preboot/UUID-BigSur/System/Library/CoreServices/PlatformSupport.plist
/Volumes/BigSurLabel/System/Library/CoreServices/PlatformSupport.plist

My BigSur installation are currently on external USB SSD, I am not planning to install it internally, so not sure if installing it on internal hard disk, hence sharing with it the same EFI Volume and Preboot Volume might be the issue, because on external disk I have external EFI Volume, Preboot, Recovery and mostly an independent APFS container.

Also but surely many already knew, if booting BigSur with CMD+S , and from single user mode type "mount -uw /" then "exit", the BigSur system files folders after login are already writeable.
 
Last edited:

Helghast59

macrumors member
Jun 23, 2020
37
71
Thank you for the tip. I'm currently not able to boot, even in recovery mode, it ends up with this -2002F error, I might need to re-install via a USB stick.
View attachment 927321
Sorry, i can't help here. Google says it's dns failure. I have 1005F error, but it's because i've changed wifi card.
 
Last edited:

ASentientBot

macrumors 6502a
Jun 27, 2018
863
3,421
SkyLight.framework
Hey everyone, I made a new version of the installer patch, adding (1) a quasi-graphical interface and (2) hopefully disabling all the sealing/snapshot stuff at install time using an internal OSInstaller option. If some of you who are struggling with the install/error 66 crap could test this, that would be awesome!

It's obviously still very far from a full patcher, and I have no intent to update it further. Actual user friendly tools are not my strong suit. But I hope this'll help with getting a working, modifiable OS, so we can focus on the stuff that matters.

Edit: don't use this, it doesn't work.

Edit 2: well, it does work to disable sealing. Just not snapshots, which are a difficult beast to get under control. My later posts address this in more detail.
 

Attachments

  • Hax2.zip
    11.5 KB · Views: 295
Last edited:

joanbcn91

macrumors member
May 2, 2015
93
85
Barcelona, Spain
Hey everyone, I made a new version of the installer patch, adding (1) a quasi-graphical interface and (2) hopefully disabling all the sealing/snapshot stuff at install time using an internal OSInstaller option. If some of you who are struggling with the install/error 66 crap could test this, that would be awesome!

It's obviously still very far from a full patcher, and I have no intent to update it further. Actual user friendly tools are not my strong suit. But I hope this'll help with getting a working, modifiable OS, so we can focus on the stuff that matters.

With this, i will open "Hax2.app" and setup macOS Big Sur installation. I not do other things or commands before, no?
 

jackluke

macrumors 68040
Jun 15, 2018
3,321
8,068
With this, i will open "Hax2.app" and setup macOS Big Sur installation. I not do other things or commands before, no?

Pre-requirements to install BigSur on unsupported Mac using ASentientBot Hax.dylib (or his new Hax2.app) are:

1) Booting with CMD+R or from an USB Catalina Installer or any macOS Installer (minimum El Capitan), open a recovery terminal and type exactly this:
Code:
nvram boot-args="-no_compat_check amfi_get_out_of_my_way=1"
csrutil disable
reboot

2) Having already downloaded the 9,56 gb "Install macOS Beta.app" and moving it in Catalina (or Mojave) Applications folder

Otherwise Hax.dylib can't insert on your Catalina (or Mojave), and you get also nvram "iokit errors", because starting from Catalina (maybe Mojave too) to modify the nvram directly from system you need SIP disabled, while to insert a dynamic library you need AMFI disabled.
 
Last edited:

HiImWeird

macrumors newbie
Jun 5, 2019
29
57
Hey everyone, I made a new version of the installer patch, adding (1) a quasi-graphical interface and (2) hopefully disabling all the sealing/snapshot stuff at install time using an internal OSInstaller option. If some of you who are struggling with the install/error 66 crap could test this, that would be awesome!

It's obviously still very far from a full patcher, and I have no intent to update it further. Actual user friendly tools are not my strong suit. But I hope this'll help with getting a working, modifiable OS, so we can focus on the stuff that matters.
Just got done finished installing on my mid 2010 macbook using this, went into single user to remove telemetry but still go the permission denied error 66
 

joanbcn91

macrumors member
May 2, 2015
93
85
Barcelona, Spain
Hey everyone, I made a new version of the installer patch, adding (1) a quasi-graphical interface and (2) hopefully disabling all the sealing/snapshot stuff at install time using an internal OSInstaller option. If some of you who are struggling with the install/error 66 crap could test this, that would be awesome!

It's obviously still very far from a full patcher, and I have no intent to update it further. Actual user friendly tools are not my strong suit. But I hope this'll help with getting a working, modifiable OS, so we can focus on the stuff that matters.

I tried to install on my iMac 27" late 2012 but the error 66 cotinue appearing :(
My disk: (disk0s2 = macOS catalina / BigSur = macos Big Sur Beta).
Captura de pantalla 2020-06-25 a las 11.54.00.png
Captura de pantalla 2020-06-25 a las 12.00.25.png
 
Last edited:
  • Like
Reactions: TimothyR734

jackluke

macrumors 68040
Jun 15, 2018
3,321
8,068
Just got done finished installing on my mid 2010 macbook using this, went into single user to remove telemetry but still go the permission denied error 66

You should make with createinstallmedia a stock USB BigSur Installer (that doesn't contain telemetry), then booting from it open its recovery terminal:
Code:
diskutil list, diskutil mount your BigSur diskXsY (even if I guess it's already mounted)
cd /Volumes/YourBigSurLabel/System/Library/UserEventPlugins/
rm -R com.apple.telemetry.plugin

If you want an easy way to boot the stock Installer without nvram or what else, after you have an USB BigSur Installer, show all hidden files, and edit this file /Volumes/USBInstallerBigSur/Library/Preferences/SystemConfiguration/com.apple.Boot.plist
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Kernel Flags</key>
    <string>root-dmg=file:///BaseSystem/BaseSystem.dmg -no_compat_check cs_enforcement_disable=1 cs_debug=1 amfi_allow_any_signature=1 amfi_get_out_of_my_way=1</string>
</dict>
</plist>
 

HiImWeird

macrumors newbie
Jun 5, 2019
29
57
You should make with createinstallmedia a stock USB BigSur Installer (that doesn't contain telemetry), then booting from it open its recovery terminal:
Code:
diskutil list, diskutil mount your BigSur diskXsY (even if I guess it's already mounted)
cd /Volumes/YourBigSurLabel/System/Library/UserEventPlugins/
rm -R com.apple.telemetry.plugin

If you want an easy way to boot the stock Installer without nvram or what else, after you have an USB BigSur Installer, show all hidden files, and edit this file /Volumes/USBInstallerBigSur/Library/Preferences/SystemConfiguration/com.apple.Boot.plist
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Kernel Flags</key>
    <string>root-dmg=file:///BaseSystem/BaseSystem.dmg -no_compat_check cs_enforcement_disable=1 cs_debug=1 amfi_allow_any_signature=1 amfi_get_out_of_my_way=1</string>
</dict>
</plist>
Tried the steps you gave but still was a read-only file system in the installer, so after mounting it read-write and deleting it still kernel panic, so even after using Hax2 snapshots are still enabled for me.
 

avz

macrumors 68000
Oct 7, 2018
1,828
1,895
Stalingrad, Russia
After another install seems currently I still can use "sudo mount -uw /" so can't replicate the mounting error that many have of "snapshots booting" (I also don't have any snapshot either on Catalina and BigSur), I am booting directly from the APFS BigSur Preboot (from apple startup manager), but sometime I also boot only the APFS System avoiding the Preboot, using the refind bootloader, because it lets to boot an APFS Volume targeting directly the System (AFAIK opencore can't do this)

/Volumes/BigSurLabel/System/Library/KernelCollections/BootKernelExtensions.kc

(while instead the one used from Preboot is at
/Volumes/Preboot/UUID-BigSur/boot/System/Library/KernelCollections/BootKernelExtensions.kc)

but before doing this to avoid any annoying "platform not supported (verbose message)" or prohibitory symbol, I removed these files (equivalent to "-no_compat_check"):

/Volumes/Preboot/UUID-BigSur/System/Library/CoreServices/PlatformSupport.plist
/Volumes/BigSurLabel/System/Library/CoreServices/PlatformSupport.plist

My BigSur installation are currently on external USB SSD, I am not planning to install it internally, so not sure if installing it on internal hard disk, hence sharing with it the same EFI Volume and Preboot Volume might be the issue, because on external disk I have external EFI Volume, Preboot, Recovery and mostly an independent APFS container.

Also but surely many already knew, if booting BigSur with CMD+S , and from single user mode type "mount -uw /" then "exit", the BigSur system files folders after login are already writeable.

Yes, it appears that since you are using BS installation on an external SSD, apfs snapshots are not causing you any issues since I believe they only work on internal HDD/SSD.
 

jackluke

macrumors 68040
Jun 15, 2018
3,321
8,068
Don't use the new installer hack I posted, it's broken. I'm not sure what's going on. I apologize for wasting people's time.

Because when you read the nvram boot-args I guess you can't if first the user doesn't disabled SIP from a recovery (and amfi), otherwise it seems to work , anyway don't worry, you have nothing to apologise, since your Hax.dylib is the only method to install BigSur on any unsupported Mac, and this is a remarkable work.

edit:
Except opencore spoofing to a supported Mac, or cloning from a supported BigSur Mac, but your method is great and safe.
 

HiImWeird

macrumors newbie
Jun 5, 2019
29
57
Because when you read the nvram boot-args I guess you can't if first the user doesn't disabled SIP from a recovery (and amfi), otherwise it seems to work , anyway don't worry, you have nothing to apologise, since your Hax.dylib is the only method to install BigSur on unsupported Mac, and this is a remarkable work.
I'm happy to "waste" my time if it means helping get more life out of these older machines
 

Semmo

macrumors member
Jun 23, 2020
33
18
So I have my Macbook Pro Retina Mid-2012 15" All setup and working with Wifi. thank you for everyone's help and knowledge in this forum.

I have re enabled SIP as well as Authenticated-root and have had no problems with my Install.

Screen Shot 2020-06-25 at 21.22.45.png

the only 2 bugs I can see is on this machine and my new 16" 5600m is that my password works for everything apart from unlocking users & groups and also unlocking the Date & Time menu bar clock settings
 
Last edited:

jackluke

macrumors 68040
Jun 15, 2018
3,321
8,068
Tried the steps you gave but still was a read-only file system in the installer, so after mounting it read-write and deleting it still kernel panic, so even after using Hax2 snapshots are still enabled for me.

Probably because the BigSur snapshot from where is booting still contains the telemetry.plugin , while you removed it from the non-snapshot system volume, you could try the @libneko method, with the difference that instead of replacing the Wifi kext, you going to replace com.apple.telemetry.plugin/Contents/MacOS/com.apple.telemetry (only its exec) with the HighSierra one that doesn't produce any kernel panic using it on Mojave and later.

Or better using the stock BigSur telemetry.plugin but adding to kextcache the telemetrap.kext from @Syncretic that prevents or blocks the com.apple.telemetry loading from kernel on Mojave, Catalina and later.

I recall that com.apple.telemetry is only an issue for Penryn Core2duo cpus.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.