Badruzeus Posted October 8, 2017 Share Posted October 8, 2017 I'm sorry, my friend but I don't quite understand what you mean by "we may better play safe". No more to explain, brother. I just follow what I think; is better. And even with simple explanation above, I also hard to understand. So, as what my friend told me; "There're players, supporters, a coach, some referees or a manager..", but I stand as "a popcorn seller" on a soccer match. #OffTopic, I even still du no how to hide some bonus entries on Clover GUI after converted my hSierra to APFS. Link to comment Share on other sites More sharing options...
mhaeuser Posted October 8, 2017 Share Posted October 8, 2017 Now, if you use AptioFix, then you NEED to have SIP config set to at least 0x67, whatever for AptioFix2, it shouldn't be affected if its working. So in other words it's a matter of the mechanism that is being used to prevent the OS from doing crazy stuff to your tables. AptioFix needs to be able to move the tables (this also probably breaks NVRAM that is SMM locked), so you can't enable restrictions in SIP because they will prevent the moving from being useful...Source/explaination please? Link to comment Share on other sites More sharing options...
tluck Posted October 8, 2017 Share Posted October 8, 2017 #OffTopic, I even still du no how to hide some bonus entries on Clover GUI after converted my hSierra to APFS. this is how I hide the Preboot partition find its GUID in the clover boot log and then name it so i can easily reference it - to hide it! <key>GUI</key> <dict> <key>Custom</key> <dict> <key>Comment</key> <string>Custom Entries</string> <key>Entries</key> <array> ... <dict> <key>FullTitle</key> <string>Preboot</string> <key>Hidden</key> <false/> <key>Volume</key> <string>CE105F19-A28D-4A84-83D5-CDF4D547E35A</string> </dict> </array> </dict> <key>Hide</key> <array> <string>Preboot</string> </array> ... 2 Link to comment Share on other sites More sharing options...
Badruzeus Posted October 8, 2017 Share Posted October 8, 2017 this is how I hide the Preboot partition find its GUID in the clover boot log and then name it so i can easily reference it - to hide it! OK, otw testing. Thanks for the guide @tluck. Link to comment Share on other sites More sharing options...
Cyberdevs Posted October 8, 2017 Share Posted October 8, 2017 #OffTopic, I even still du no how to hide some bonus entries on Clover GUI after converted my hSierra to APFS. You might also find what you are looking for here and here 1 Link to comment Share on other sites More sharing options...
Badruzeus Posted October 8, 2017 Share Posted October 8, 2017 You might also find what you are looking for here and here Great, as previously caused of non-functional search on this site; so I just get it recently. Thanks. 2 Link to comment Share on other sites More sharing options...
Badruzeus Posted October 8, 2017 Share Posted October 8, 2017 You might also find what you are looking for here and here Done! Thanks so much @tluck @cyberdev, & @fusion71au for the guides, it works. 2 Link to comment Share on other sites More sharing options...
Badruzeus Posted October 8, 2017 Share Posted October 8, 2017 OK, next release it will be. I think, you are right with "Other" folder instead of "10.13" @Slice (I mean with r4243)... Condition: 1. I placed my 3rd party kexts including FakeSMC on "/EFI/CLOVER/kexts/10.13/" dir 2. Updating 17A365 to 17A405 (APFS) 3. softwareupdate created a new "Entry Point" contains Install Datas 4. Booting new "Entry Point" with macOS: (Null) to complete update proccess 5. I got stuck with "kextstall AppleACPICPU, MCHC bla bla bla.." even using KextInject=Yes/Detect 6. I then force re-booting from Clover USB that contains FakeSMC & PS2Controller on "Other" dir 7. Repeat point 4 till Update succeeded. Sorry, for report only. I'm not sure if the only one who got this issue but, it never happened with prev. Legacy HFS+ install (/kexts/10.13/ dir). Thanks. Link to comment Share on other sites More sharing options...
fusion71au Posted October 9, 2017 Share Posted October 9, 2017 I think, you are right with "Other" folder instead of "10.13" @Slice (I mean with r4243)... Sorry, for report only. I'm not sure if the only one who got this issue but, it never happened with prev. Legacy HFS+ install (/kexts/10.13/ dir). Thanks. @Badruzeus, I don't think you're the only one. @Matgen84 here and @cecekpawon here found that Clover did not determine correct "GetOSVersion" from boot.efi if booting into 10.13 installer. Booting into an already fully installed 10.13 volume however is OK since in this scenario, Clover correctly detects 10.13.x is present. Personally, I never had that problem because I always place my "essential" kexts for booting (FaskeSMC, Networking kext and VoodooPS2Controller for laptop) in /Other so these are always injected for all OS's and installer/recovery. Those that have FakeSMC in /10.xx folders will have problems if Clover doesn't correctly determine the OS version. @cecekpawon's diff patch in post#14841 seems to have fixed it . @Slice, I can confirm bug reported by @MakAsus in post#14838. After you escape out of the Kext Inject Management screen (just looking at the contents of the kext folders without selecting anything), then return to the Main Clover Menu, select macOS volume and press <Enter>, kexts not injected. This does not happen if instead of returning to the Main Clover Menu, you select "Boot macOS with selected options" ---> everything works as expected and kexts are injected. Attached preboot.log for r4244 (after performing actions described above) seems OK but boot hangs. Clover_v2.4k_r4244_cecekpawon_patched.pkg.zip preboot_r4244.log.zip 4 Link to comment Share on other sites More sharing options...
Badruzeus Posted October 9, 2017 Share Posted October 9, 2017 @Badruzeus, I don't think you're the only one. @Matgen84 here and @cecekpawon here found that Clover did not determine correct "GetOSVersion" from boot.efi if booting into 10.13 installer. Booting into an already fully installed 10.13 volume however is OK since in this scenario, Clover correctly detects 10.13.x is present. Personally, I never had that problem because I always place my "essential" kexts for booting (FaskeSMC, Networking kext and VoodooPS2Controller for laptop) in /Other so these are always injected for all OS's and installer/recovery. Those that have FakeSMC in /10.xx folders will have problems if Clover doesn't correctly determine the OS version. @cecekpawon's diff patch in post#14841 seems to have fixed it . OK, thanks. It seems like I missed this diff patch last night. 1 Link to comment Share on other sites More sharing options...
apianti Posted October 9, 2017 Share Posted October 9, 2017 Source/explaination please? Ah, realistically you probably only need 0x43, with unrestricted NVRAM being most important in this situation. Something to do with the filesystem because of the way unix treats everything as one filesystem. And then unsigned kexts because you have to inject FakeSMC at some point (even if it's only for the installer), which is not signed, but I think that for some reason this also causes problems with locked NVRAM that gets moved. Basically instead of failing to have working NVRAM, it's refusing to even boot without it - I guess that's secure, lol. Link to comment Share on other sites More sharing options...
Badruzeus Posted October 9, 2017 Share Posted October 9, 2017 Maybe I miss something.. clover rev 4243 kext management menu not available in clover option? FYi it' s available on menu entry details (Space) Link to comment Share on other sites More sharing options...
mhaeuser Posted October 9, 2017 Share Posted October 9, 2017 Ah, realistically you probably only need 0x43, with unrestricted NVRAM being most important in this situation. Something to do with the filesystem because of the way unix treats everything as one filesystem. And then unsigned kexts because you have to inject FakeSMC at some point (even if it's only for the installer), which is not signed, but I think that for some reason this also causes problems with locked NVRAM that gets moved. Basically instead of failing to have working NVRAM, it's refusing to even boot without it - I guess that's secure, lol. I didn't try HS yet, but no previous release needed SIP restrictions lifted for injecting kexts, the validity was always checked when compiling prelinkedkernel... Also idk why one would need unrestricted NVRAM because of AptioFix vs AptioFix2 Link to comment Share on other sites More sharing options...
MakAsus Posted October 9, 2017 Share Posted October 9, 2017 @Badruzeus, I don't think you're the only one. @Matgen84 here and @cecekpawon here found that Clover did not determine correct "GetOSVersion" from boot.efi if booting into 10.13 installer. Booting into an already fully installed 10.13 volume however is OK since in this scenario, Clover correctly detects 10.13.x is present. Personally, I never had that problem because I always place my "essential" kexts for booting (FaskeSMC, Networking kext and VoodooPS2Controller for laptop) in /Other so these are always injected for all OS's and installer/recovery. Those that have FakeSMC in /10.xx folders will have problems if Clover doesn't correctly determine the OS version. @cecekpawon's diff patch in post#14841 seems to have fixed it . @Slice, I can confirm bug reported by @MakAsus in post#14838. After you escape out of the Kext Inject Management screen (just looking at the contents of the kext folders without selecting anything), then return to the Main Clover Menu, select macOS volume and press <Enter>, kexts not injected. Kext Inject Management.png Other.png Return to Main Menu.png Clover Main Menu.png This does not happen if instead of returning to the Main Clover Menu, you select "Boot macOS with selected options" ---> everything works as expected and kexts are injected. Boot macOS with selected options.png Attached preboot.log for r4244 (after performing actions described above) seems OK but boot hangs. A small clarification: This does not happen if instead immediately boot from selected disk, you select boot from another disk, or entering to shell and type "exit", and only then boot from selected disk. 2 Link to comment Share on other sites More sharing options...
mhaeuser Posted October 9, 2017 Share Posted October 9, 2017 No need to take OSVersion from loaded boot.efi if we already have valid OSVersion grabbed from plist. We can apply OSVersion value from loaded boot.efi to all OSTYPE_OSX (not just installer) with no OSVersion as a last attempt. Do yourself a favor and use a single value that will never ever lie... instead of guessing maybe just use the kernel version thats available ? Link to comment Share on other sites More sharing options...
cecekpawon Posted October 9, 2017 Share Posted October 9, 2017 +1. I totally agree with you and of course lord bs0d (really missed him). I also remember he suggest to convert version string to int for easy compare (in case of micky macos patch filter based on os version). It requires lot of work. To read kernel macho on this project seems on progress (I hope). The problem is, Clover decide to do some kexts filtering right on GUI far before boot.efi being loaded 2 Link to comment Share on other sites More sharing options...
mhaeuser Posted October 9, 2017 Share Posted October 9, 2017 Clover decide to do some kexts filtering right on GUI far before boot.efi being loaded Why? o_o Link to comment Share on other sites More sharing options...
arsradu Posted October 9, 2017 Share Posted October 9, 2017 Hi guys, is Clover supposed to be able to do kext injection with SIP enabled? In other words, should you still be able to boot with SIP enabled? Not complaining. ) Just wondering. Cause, for as far as I know, in order for kexts to load, you need at least CsrActiveConfig 0x3. Apparently you can boot just fine with CsrActiveConfig 0x0. Which is great, cause otherwise I don't know how the heck I would have been able to install the Nvidia Web Driver with SIP enabled today. Please, forgive my ignorance and correct me if I'm wrong. I just remember that we weren't able to boot with SIP enabled (since FakeSMC wasn't loaded anymore). That's why I found it interesting that somehow I was able to do that now. And also curious if something has changed in the meantime. Link to comment Share on other sites More sharing options...
WinstonAce Posted October 9, 2017 Share Posted October 9, 2017 Yes, you can boot with sip enabled and fakesmc (and other kexts) are injected (from EFI) 1 Link to comment Share on other sites More sharing options...
MICKHAEL Posted October 9, 2017 Share Posted October 9, 2017 Yes, you can boot with sip enabled and fakesmc (and other kexts) are injected (from EFI)Strange) always use osxaptiofixdrv with csr 0x67, changed to osxaptionfix2drv and csr to 0x3/0x0. On first reboot/boot all ok, but after shutdown - no more, just hanging to crossed circle... any idea? Sent from my Nexus 4 using Tapatalk Link to comment Share on other sites More sharing options...
apianti Posted October 9, 2017 Share Posted October 9, 2017 Yeah, don't change SIP restrictions. Change it back to 0x67. I didn't try HS yet, but no previous release needed SIP restrictions lifted for injecting kexts, the validity was always checked when compiling prelinkedkernel... Also idk why one would need unrestricted NVRAM because of AptioFix vs AptioFix2 It's not linking a prelinked kernel... It's pushing them onto the datahub to be loaded by the kernel, it should be checking them, or SIP is not working. AptioFix breaks NVRAM if it is SMM locked. Link to comment Share on other sites More sharing options...
mhaeuser Posted October 9, 2017 Share Posted October 9, 2017 It's not linking a prelinked kernel... It's pushing them onto the datahub to be loaded by the kernel, I was talking about macOS, not Clover... as I said, I never heard hat SIP influences kext injection, while it does influence which kexts end up in the prelinkedkernel AptioFix breaks NVRAM if it is SMM locked. Well, it uses the exact same logic as AptioFix2 to prevent that, never heard of it not working but AptioFix2 working. Link to comment Share on other sites More sharing options...
apianti Posted October 9, 2017 Share Posted October 9, 2017 It's effectively like loading a kext from the terminal, which are checked when linked just as when prelinked. I have non-working NVRAM with AptioFix but not with AptioFix2... Link to comment Share on other sites More sharing options...
mhaeuser Posted October 9, 2017 Share Posted October 9, 2017 I have non-working NVRAM with AptioFix but not with AptioFix2... tbh, that's a bug, isn't it? Checked the Memory Maps of both? Maybe restoring the kernel to its original position on entry is what screws it up? Link to comment Share on other sites More sharing options...
necross Posted October 9, 2017 Share Posted October 9, 2017 Clover version R4243 does not seem to install (upgrade) on 10.13 (17A405). Installation fails with error (console) authd: MacOS error: -67050, cert[2]: AnchorTrusted =(leaf)[force]> 0 has anyone else experienced the same error? Link to comment Share on other sites More sharing options...
Recommended Posts