Just upgraded to el cap yesterday, as expected half of my tweaks (including my own haha) broke. no worries, just need to disable the 'rootless' thing and all is good, right?
not quite. for starters some 'genius' decided that you cannot do that from the running OS, need to boot into recovery to do that. but for some reason none of my macbooks can boot the recovery partition (not sure if el cap is to blame here, could have happened before as i never used the thing since lion or so). partition is there, but cmd-r goes into 'internet recovery' no matter what. had to put the elcap installer on a usb stick just to be able to disable the dreaded SIP, how fscked up is that?
if the UI in el cap did not run leaps around that slow POS that was yosemite i would probably have reverted the install by now.
anyway, now I know how the thing works, odd that I have not found this elsewhere. csrutil writes a key to the PRAM
csr-active-config w%00%00%00
which is read by the kernel and disables parts of the SIP thing... mine is as this now :
problem is, a PRAM reset will get you back to a crippled SIP-enabled IOSified system until you manage to boot into a recovery system to rewrite the pram key with the zeroes again (nvram will not work as there is a specific feature to protect it).
Is anyone working on an 'untether' for this, to make easier to have this SIP thing permanently disabled?
cheers
not quite. for starters some 'genius' decided that you cannot do that from the running OS, need to boot into recovery to do that. but for some reason none of my macbooks can boot the recovery partition (not sure if el cap is to blame here, could have happened before as i never used the thing since lion or so). partition is there, but cmd-r goes into 'internet recovery' no matter what. had to put the elcap installer on a usb stick just to be able to disable the dreaded SIP, how fscked up is that?
if the UI in el cap did not run leaps around that slow POS that was yosemite i would probably have reverted the install by now.
anyway, now I know how the thing works, odd that I have not found this elsewhere. csrutil writes a key to the PRAM
csr-active-config w%00%00%00
which is read by the kernel and disables parts of the SIP thing... mine is as this now :
Code:
System Integrity Protection status: enabled (Custom Configuration).
Configuration:
Apple Internal: disabled
Kext Signing: disabled
Filesystem Protections: disabled
Debugging Restrictions: disabled
DTrace Restrictions: disabled
NVRAM Protections: disabledproblem is, a PRAM reset will get you back to a crippled SIP-enabled IOSified system until you manage to boot into a recovery system to rewrite the pram key with the zeroes again (nvram will not work as there is a specific feature to protect it).
Is anyone working on an 'untether' for this, to make easier to have this SIP thing permanently disabled?
cheers
