Root Volume Writable

[nicolaselhani]

Previously on Catalina, I was able to make the root volume writable by:

1. Going into Recovery mode's Terminal and disabling SIP
2. Back in macOS's Terminal sudo mount -t apfs -wu /dev/disk1s5 /Volumes where disk1s5 is the Root Volume
3. Go back into Recovery Mode and re-enable SIP

I used this so that I could go ahead and change Alias Folder Icons, Login Screen Wallpapers, mainly aesthetic changes.

In Monterey it seems that disabling SIP is no longer enough and that we need to create a 'Snapshot' of your system, but I wasn't able to find a comprehensive way to get this to work it's been all over the place. If someone has any tips or resources it would be greatly helpful.

Also finally would SIP have to stay disabled for this to keep working (on Catalina re-enabling SIP was fine since the changes were written directly to a the root volume).

Thanks

 

[Mike Boreham]

Previously on Catalina, I was able to make the root volume writable by:

1. Going into Recovery mode's Terminal and disabling SIP
2. Back in macOS's Terminal sudo mount -t apfs -wu /dev/disk1s5 /Volumes where disk1s5 is the Root Volume
3. Go back into Recovery Mode and re-enable SIP

I used this so that I could go ahead and change Alias Folder Icons, Login Screen Wallpapers, mainly aesthetic changes.

In Monterey it seems that disabling SIP is no longer enough and that we need to create a 'Snapshot' of your system, but I wasn't able to find a comprehensive way to get this to work it's been all over the place. If someone has any tips or resources it would be greatly helpful.

Also finally would SIP have to stay disabled for this to keep working (on Catalina re-enabling SIP was fine since the changes were written directly to a the root volume).

Thanks

Good luck with that!

Big Sur and Monterey go a step further than Catalina and verify that the snapshot used to boot from is unaltered, and if it fails, you are prompted to reinstall macOS.

Read more here "Big Sur’s Signed System Volume: added security protection"

Note this sentence:
"The seal is verified each time your Mac starts up, by the boot loader before the kernel is loaded, and during installation and update of macOS system files. If verification fails, startup is halted and the user prompted to re-install macOS before proceeding".

 

[nicolaselhani]

Good luck with that!

Big Sur and Monterey go a step further than Catalina and verify that the snapshot used to boot from is unaltered, and if it fails, you are prompted to reinstall macOS.

Read more here "Big Sur’s Signed System Volume: added security protection"

Note this sentence:
"The seal is verified each time your Mac starts up, by the boot loader before the kernel is loaded, and during installation and update of macOS system files. If verification fails, startup is halted and the user prompted to re-install macOS before proceeding".

Thanks for taking the time to break it down. It's absolutely crazy.

I used to edit the /System/Library/CoreServices/Dock.app/Contents/Resources/LaunchPadLayout.plist and put App's Bundle ID's under the ignore section so that they wouldn't show up on my LaunchPad if I didn't want them there.

I don't get the lengths to which Apple goes in the name of security, surely privacy is extremely important but to be able to edit and customize our OS shouldn't be in conflict with that...

The one relatively good news in the article you posted is it seems there's a way to boot from the snapshot of the root but that apparently needs authentication to be completely off as well as filevaut if I understand correctly, which is pretty insane in of itself.