TRIM Support no longer 'easy' in Yosemite

[Gav Mack]

The "Yosemite issues" are not some kind of error in Trim Enabler.
It is a new security feature in Yosemite that prevents you to modify drivers.
Hence, the problems described on my website will occur regardless what method you are going to use.
Trim Enabler will allow you to disable this setting and go ahead and enable Trim. But further issues arise from doing that, all of which is described more in detail on the website.

A security feature they sure could have implemented better than having to boot to terminal to re enable unsigned drivers. Windows x64 has had this signed driver enforcement since Vista but it's pretty straightforward to disable it permanently. Though if they were to keep anykind of driver locked down for security purposes it should be the usb mass storage driver and not the ahci, I have plenty of experience with that driver being the prime factor in infecting Windows boxes in the first place and installing a rootkit!

I'm wondering is it going to brick the systems unless you revert before every OS X point update?

 

[flowrider]

^^^^I was a Public Beta Site and have been using Yosemite Since PB1. After Cindori updated Trim to work with Yosemite, I had no issues updating from PB2 up through PB6 then on the the Final Release.

Lou

 

[DPUser]

The "Yosemite issues" are not some kind of error in Trim Enabler.
It is a new security feature in Yosemite that prevents you to modify drivers.
Hence, the problems described on my website will occur regardless what method you are going to use.
Trim Enabler will allow you to disable this setting and go ahead and enable Trim. But further issues arise from doing that, all of which is described more in detail on the website.

I understand there is no error in your software and had previously reviewed your excellent description of the issue on your website. Thank you for helping so many in the Apple community use their SSDs most effectively.

I am disappointed with Apple's approach.

My questions stands, however: can we still use Terminal to manually enable Trim under Yosemite without altering kext settings?

 

[macthefork]

I understand there is no error in your software and had previously reviewed your excellent description of the issue on your website. Thank you for helping so many in the Apple community use their SSDs most effectively.

I am disappointed with Apple's approach.

My questions stands, however: can we still use Terminal to manually enable Trim under Yosemite without altering kext settings?

No.

Even with Terninal commands, you are turning off kext signing for the modified TRIM kernel extension to work. When you do this, you are turning off a major new security feature of the OS. Your system may function OK for a while. However, the kext settings are stored in NVRAM (PRAM). If the NVRAM is reset through routine maintenance or other means, this setting will be returned to it's default. You then will not be able to boot your Mac.

You can recover it by booting into the recovery partition and entering some Terminal commands (as shown on cindori's site) to turn it off again, or you can reinstall the OS to recover your system.

Cindori has an excellent write-up explaining this here: http://www.cindori.org/trim-enabler-and-yosemite/

 

[benguild]

Slightly off topic, but what about TRIM on USB externals?

 

[macthefork]

Slightly off topic, but what about TRIM on USB externals?

Not really off topic. I use TRIM on two external Thunderbolt SSD enclosures in Mountain Lion, which is what I brought up earlier in this thread. I don't think the USB-3 firmware in most external enclosures supports pass-through of TRIM commands yet.

 

[Gav Mack]

Apple have done this driver enforcement almost certainly to lock down OS X to prevent the worst possible type of malware/virus/Trojan; called a rootkit accessing the Mac OS as 'root' ie taking complete control of the system. A rootkit uses a device driver in the operating system to accomplish that and hides all its other bot tools from the OS, even from anti virus tools and apples malware protection too.

Looking at it with my windows security hat on I applaud them for doing it, the usb mass storage & ahci SATA driver are key weak points that plague Microsoft and give me work. It should be done.

Problem is that in also keeping the block on non Apple parts in storage devices and also those using newer apple parts to give their own Mac systems a boost, handoff/continuity for example, they lock their loyal enthusiast white hatted fan boys who tell all their friends to get a Mac out of the same protection that signed and locked down root access offers.

Here's my feedback posted shortly

Dear Apple

Please stick all the driver strings for third party ahci devices in your driver and relax the kext restrictions for upgraded genuine Apple parts which you never have to deal with cos they are out of warranty anyway. And give Cindori a really good job please.

Love

Macrumors

 

[flowrider]

Slightly off topic, but what about TRIM on USB externals?

Post #11 on the preceding page:

^^^^I don't know about TB, but on the USB 3.0 ports, Trim is not supported under any circumstances that I am aware of

Lou

 

[flowrider]

Pulled this from the Mac Mini Forum:

http://www.angelbird.com/en/prod/ssd-wrk-for-mac-929/

Thread:

https://forums.macrumors.com/threads/1809973/

Lou

 

[Cindori]

Pulled this from the Mac Mini Forum:

http://www.angelbird.com/en/prod/ssd-wrk-for-mac-929/

Thread:

https://forums.macrumors.com/threads/1809973/

Lou

I have commented on the Angelbird SSD before:

While I don’t know for certain, I am pretty sure that these SSD’s are fooling the Apple Trim driver by identifying themselves as APPLE SSD’s. If so, it is quite a bold move by Angelbird, seeing as Apple could change this mechanism, essentially leaving Angelbird’s customers with a product that does not work as advertised.

 

[Gav Mack]

I have commented on the Angelbird SSD before:

While I don’t know for certain, I am pretty sure that these SSD’s are fooling the Apple Trim driver by identifying themselves as APPLE SSD’s. If so, it is quite a bold move by Angelbird, seeing as Apple could change this mechanism, essentially leaving Angelbird’s customers with a product that does not work as advertised.

I would imagine and am surprised that Apple haven't took countermeasures yet either legally or via software updates - iirc didn't Blackberry try to mimic an iPhone device to fool iTunes into thinking it was an Apple device ages ago?

Having to mimic an Apple device is brazen - though if Apple do not relent by sticking third party strings in the AHCI stack I would love to have Samsung and Crucial utilities to change mine. Though I would much prefer that Apple let their enthusiasts into the signed drivers henhouse with storage and upgraded cards like for Handoff, with the only regret I have is that they will affect your income unfortunately Cindori

 

[AidenShaw]

Apple have done this driver enforcement almost certainly to lock down OS X to prevent the worst possible type of malware/virus/Trojan; ...

LOL, and only coincidentally does it prevent a very useful feature from working on SSDs that weren't purchased from Cupertino.

Other modern operating systems which support TRIM simply check to see if the drive reports that is supports TRIM. If the drive says "yes", the OS enables TRIM support on the drive. End of story - no special drivers, no security issues, you have TRIM if the drive says that it can handle it.

Only Apple restricts TRIM support to drives purchased from Apple.

....though if Apple do not relent by sticking third party strings in the AHCI stack I would love to have Samsung and Crucial utilities to change mine...

In other OSs it's not done by having a list of drives that support TRIM - the drive reports that it supports TRIM in a "get drive features" API..

 

[Gav Mack]

LOL, and only coincidentally does it prevent a very useful feature from working on SSDs that weren't purchased from Cupertino.

Other modern operating systems which support TRIM simply check to see if the drive reports that is supports TRIM. If the drive says "yes", the OS enables TRIM support on the drive. End of story - no special drivers, no security issues, you have TRIM if the drive says that it can handle it.

Only Apple restricts TRIM support to drives purchased from Apple.



In other OSs it's not done by having a list of drives that support TRIM - the drive reports that it supports TRIM in a "get drive features" API..

I'm not laughing, I don't believe for one second that Apple have locked down the drivers to spite the enthusiasts it's more like consequently we have to have more vulnerable systems to use non Apple parts to harden OS X against a rootkit, just like iOS which every male who switches their iPad Safari into private browsing mode late at night can testify to being pretty secure.

Apple should enable TRIM for third party access to the AHCI stack and every single one of us using non apple storage should be sending feedback to Apple saying so along with the kext restrictions lifted for genuine Apple upgrade parts. They could include graphics cards while they are at it from AMD and Nvidia

I have seen pretty much the rise of malware on Windows; from the early days in the mid 90's of BHO's using Adaware and Spybot, Trojanhunter going all the way through to hidden processes via the appinit_dll registry key and now the rootkit era which is a right royal PITA to remove 100%. I have to run three separate removal tools, one in console mode just to clean them up and in bad cases I have to parse the data through a Mac to make sure I bring nothing hidden in NTFS ADS before I zero the drive and re flash the bios as a precaution. Trust me when I say Apple should not go there!

So even though it's also a right royal PITA having to run unsigned drivers even for me imo they had to do it for the sake of everyone else and the security of OS X. Annoying thing is that they could let us back into the walled garden that is signed drivers for boot quite easily and thats what many of the users in this forum should be sending them feedback should be asking for.

 

[AidenShaw]

I'm not laughing, I don't believe for one second that Apple have locked down the drivers to spite the enthusiasts it's more like consequently we have to have more vulnerable systems to use non Apple parts to harden OS X against a rootkit, just like iOS which every male who switches their iPad Safari into private browsing mode late at night can testify to being pretty secure.

Apple should enable TRIM for third party access to the AHCI stack and every single one of us using non apple storage should be sending feedback to Apple saying so along with the kext restrictions lifted for genuine Apple upgrade parts. They could include graphics cards while they are at it from AMD and Nvidia

I have seen pretty much the rise of malware on Windows; from the early days in the mid 90's of BHO's using Adaware and Spybot, Trojanhunter going all the way through to hidden processes via the appinit_dll registry key and now the rootkit era which is a right royal PITA to remove 100%. I have to run three separate removal tools, one in console mode just to clean them up and in bad cases I have to parse the data through a Mac to make sure I bring nothing hidden in NTFS ADS before I zero the drive and re flash the bios as a precaution. Trust me when I say Apple should not go there!

So even though it's also a right royal PITA having to run unsigned drivers even for me imo they had to do it for the sake of everyone else and the security of OS X. Annoying thing is that they could let us back into the walled garden that is signed drivers for boot quite easily and thats what many of the users in this forum should be sending them feedback should be asking for.

You seem to think that I said that signed drivers was bad. Not so, what is bad is that Apple is checking the device ID to decide whether to enable TRIM, rather than asking the device if it supports TRIM. Third party access to the storage stack isn't needed on Linux and Windows.

 

[Gav Mack]

You seem to think that I said that signed drivers was bad. Not so, what is bad is that Apple is checking the device ID to decide whether to enable TRIM, rather than asking the device if it supports TRIM. Third party access to the storage stack isn't needed on Linux and Windows.

You laughed so I assumed you seemed to think it was locking enthusiasts out was why they've done it when it obviously was for the 'greater good'.

I think some good will come out of this. Disabling trim and messing around with kext model types was something they could always ignore but they have changed the game locking us out of the walled garden. Hence why I think feedback to Apple is required to ask nicely before an inevitable class action fair use suit comes their way. Perhaps also sending feedback to Nvidia to make a gtx 980 Mac edition may also help on the GPU front, they are maintaining web driver support for the 980 after all and keeps them working on compatibility while seemingly they are being shut out for the rest of range with every new model that comes out. And naturally we upgrade our GPU

 

[thefredelement]

Alternatively, Apple could willingly sign a 3rd party driver for this purpose if they don't want to write it into their software.

 

[DPUser]

Thanks for the info guys and gals.

I'm currently avoiding the issue by staying on ML. Digital Performer 8.07 is running beautifully in my studio. I am completely unmotivated to move to Mavericks or Yosemite. Just making sure that I don't move to iCloud Disk on my iOS devices...

 

[GimmeSlack12]

I found out the hard way.

Posted about it a few days ago:
https://forums.macrumors.com/threads/1806839/

 

[Cindori]

Alternatively, Apple could willingly sign a 3rd party driver for this purpose if they don't want to write it into their software.

No, you see, the issue is that you can not create such a driver. The AHCI driver stack is hidden. From my website:

"Have you ever wondered why disk manufacturers like Corsair, Samsung etc. have never written a Trim driver for OS X? Or why they never offer firmware update software to OS X? (The only firmware updates they offer for Mac is a MS-DOS boot CD)

The reason is that Apple is keeping the AHCI driver private, making it impossible for anyone, even these big companies, to create a driver for SSD’s.
So the issue is not that Apple “doesn’t allow Trim Enabler”, but that they don’t allow anyone to create AHCI drivers.
If they made public the AHCI driver, I would be able to make Trim Enabler “legit”. Right now, it is impossible."

 

[thefredelement]

No, you see, the issue is that you can not create such a driver. The AHCI driver stack is hidden. From my website:

"Have you ever wondered why disk manufacturers like Corsair, Samsung etc. have never written a Trim driver for OS X? Or why they never offer firmware update software to OS X? (The only firmware updates they offer for Mac is a MS-DOS boot CD)

The reason is that Apple is keeping the AHCI driver private, making it impossible for anyone, even these big companies, to create a driver for SSD’s.
So the issue is not that Apple “doesn’t allow Trim Enabler”, but that they don’t allow anyone to create AHCI drivers.
If they made public the AHCI driver, I would be able to make Trim Enabler “legit”. Right now, it is impossible."

That sucks then, I don't see them making a change for us cMP users anytime soon... You'd have to hope sooner or later they wouldn't care to disable trim for 3rd party SSDs as the likelihood of installing any on their newer devices is probably extremely low. It would be more efficient to just support trim if it's available instead of comparing anything.

 

[Gav Mack]

No, you see, the issue is that you can not create such a driver. The AHCI driver stack is hidden. From my website:

"Have you ever wondered why disk manufacturers like Corsair, Samsung etc. have never written a Trim driver for OS X? Or why they never offer firmware update software to OS X? (The only firmware updates they offer for Mac is a MS-DOS boot CD)

The reason is that Apple is keeping the AHCI driver private, making it impossible for anyone, even these big companies, to create a driver for SSD’s.
So the issue is not that Apple “doesn’t allow Trim Enabler”, but that they don’t allow anyone to create AHCI drivers.
If they made public the AHCI driver, I would be able to make Trim Enabler “legit”. Right now, it is impossible."

After what I've described what's happened from the Windows side of my work I personally do think that keeping their AHCI stack private is beneficial for OS X security. But Apple by enabling driver enforcement have made our upgraded Macintosh equipment with third party storage less secure which for 'fair use' purposes certainly puts them in a much weaker legal position than they were pre 10.10 when they could simply ignore it. Similarly also does the kext restrictions on models and types using upgraded but nevertheless genuine Apple parts.

So petitioning Apple with feedback to ask nicely to add the third party strings for Samsung, Crucial, OWC, Corsair etc into its AHCI driver to enable TRIM support for non Apple storage devices and lifting the kext blocks for Apple upgrade parts by everyone submitting feedback I think would be a good start.

If they do nothing a class action will soon follow and even the mighty Apple will have a problem defending their position in a court.

 

[matthewtoney]

Trim Enabler with a bad Shutdown

So I've been using the new Trim Enabler with Yosemite with good results (and I have a recovery partition that I can get into if I need to redo the boot-args after a pram reset, etc.) but the other day I saw something strange:

I had something going on where trying to do a shutdown in Yosemite was causing a bad restart message and restarting rather than actually shutting down. When I finally got it to successfully shutdown (well it did and turned off this time anyway) the next time I booted I got the no-boot condition like I had done a pram reset. I booted into my recovery and checked the nvram settings (and even deleted them and redid them) and it would still give me the no-boot sign. I was able to finally just boot into recovery and follow Cindori's instructions on manually uninstalling the Trim Enabler kext from his site and it once again was able to boot, although when it came up finally it complained about it being started from an unsuccessful shutdown, etc.

I don't know enough about how the boot process changes after one of those (if it does at all) to know the answer - was the unsuccessful shutdown the reason why the Trim Enabler kext was locked out even though the dev flag was still set? I assume that now that I have it shutting down properly again I could re-enable Trim Enabler and it would be fine but it was not how I expected it to work.

 

[jljue]

I wonder if it would be wise to keep a small Mavericks partition on my 500GB Samsung 840 Evo SSD that I'll boot into every once in a while to allow "Trim" to do it's thing while leaving Trim turned off in Yosemite until something gets figured out. I currently have a small Yosemite public beta partition on this SSD for testing while I my main partition is Mavericks.

 

[matthewtoney]

I wonder if it would be wise to keep a small Mavericks partition on my 500GB Samsung 840 Evo SSD that I'll boot into every once in a while to allow "Trim" to do it's thing while leaving Trim turned off in Yosemite until something gets figured out. I currently have a small Yosemite public beta partition on this SSD for testing while I my main partition is Mavericks.

Hmmm, thats a good idea - wish I'd thought of it. So IF I had a small Mavericks partition on my system to sometimes boot into (with Trim enabled in there) is there something you can do/run that *makes* trim do its thing?

 

[crjackson2134]

Hmmm, thats a good idea - wish I'd thought of it. So if I had a small Mavericks partition on my system to sometimes boot into (with Trim enabled in there) is there something you can do/run that *makes* trim do its thing?

Once Macericks is booted, and Trim is enabled, you can open up Disk Utility and select the disk you want to Trim, then run Disk Repair. This will run the Trim routine near the end, and all unused areas of the SSD will be Trimmed.