The upgrade process on High Sierra is a little bit tricky (this prediction based on DP1 to DP2 and DP2 to DP2u1 updates):
- firstly we need to mitigate the hardware check on the App Store.app. For this i wrote a small dylib that inject "VMM" flag to CPU information. This fools App Store it's not a real Mac, instead it's a virtual machine.
- If App Store can download the update, place it in the /Library/Updates folder, and executes the upgrade process.
(new) - Not only the App Store.app, now the upgrade process checks the permission of the upgrade. After the firmware upgrade checks, the upgrade process (suhelpertool) executes /usr/libexec/atomicupdatetool to create the installation environment. This fails when the update process (DP1 to DP2) shows 15-17 minutes left and the machine reboots itself. To mitigate this, we need to apply the same patch (DYLD things) that we apply to the App Store. If the atomicupdatetool can finish, it's create a preboot environment from the Recovery partition (/macOS Install Data).
- The created recovery partition contains files (PlatformSupport.plist, SystemVersion.plist, boot.efi, com.apple.Boot.plist and the prelinkedkernel) extracted from the BaseSystem.dmg that is not patched. When the mac try to boot to this preboot environment, the boot fails, and crossed circle showed on the screen. Patching method is to replace the prelinedkernel to make USB working and patch PlatformSupport.plist (insert boardid and modelid) and/or modify com.apple.Boot.plist to ignode device check on the boot process.
- After we can boot the preboot environment, we found that before this preboot environments begin installing updates, it's check the permissions again. So to successfully install this update we need to patch BaseSystem.dmg on the Recovery partition to contains the fully working preboot environment for future updates.
I am found a script and knowledge on Pike's blog that can create an installer installable pkg from system updates, and installed the DP2u1 update via the modified script. The process is simply, download all files (distribution and packages) to one directory and with productbuild command create a package. That package can be installed with installer command when my DYLIB is loaded.
Pike's blog record about this script:
https://pikeralpha.wordpress.com/2017/06/22/script-to-upgrade-macos-high-sierra-dp1-to-dp2/
This script is mainly works with DP1 to DP2 (the only thing is need to DYLD_INSERT_LIBRARIES=/where/is/the/SUVMMFaker.dylib) to update DP2 to DP2u1, need to modify the url of the update, and the file names, and insert the dylib.
When DP3 come out, i'm try to find a method to modify the BaseSystem.dmg
