Jump to content

Mavericks - to be locked down (in the future)?


frankiee
 Share

101 posts in this topic

Recommended Posts

In short, the poster claims that: "The /System directory will be locked in the near future and kext in /Library/Extensions must be signed. But more importantly. Kext editing (plists and bin files) will simply be impossible"

I bolded the bin part on his post because that is one thing that scares me: With all the recent work that is done with the Intel HD Graphics Framebuffer, it may go down the drain...because the only way to get it done is to patch the bin file with a hex editor (or use Vertek's built patcher) of AppleIntelHDGraphicsFB.kext, otherwise, we'll be stuck in the dark with an empty screen.  Just curious: Will this be a problem?  DSDT hacks are useless until you get the framebuffer working!

 

Although I will say seeing FakeSMC in the exception list is a bit ironic for Apple!  That sure would serve a really useful purpose on a legit mac!!  Soon, they'll be starting their own Hackintosh help-line!!!   :hysterical:  :hysterical:  :hysterical:

Link to comment
Share on other sites

I tried this, I added the list to fakesmc, added my kexts to the list and it's not worked. Could you tell us how you exactly did that?

 

 

Edit: I edited the AppleKextExcludeList info.plist and added my modified kexts, then I added the AppleKextExcludeList too into itself, and not a single "WARNING" message on kextcache creation :D

 

attachicon.gifgsg.png

awesome..... :thumbsup_anim:

Link to comment
Share on other sites

 

Although I will say seeing FakeSMC in the exception list is a bit ironic for Apple!  That sure would serve a really useful purpose on a legit mac!!

I wonder if Apple is considering a very generous donation to the forum (who knows, even Tony can get a buck of two, if Apple be generous enough) :hysterical:

Link to comment
Share on other sites

I'm sure there are Apple engineers that read InsanelyMac and other hackintosh forums. I mean how else did Apple get that list? What I do believe is that as long as people pay for the operating system, they wouldn't really care. I mean that's extra money for them.

 

As for the discovery for the exclusion list, it could mean that Apple does indeed support hackintosh and wants it alive. They created a list so that there is no difficulty in installing and loading them up at startup. The only benefit would just be for security purposes. In case some person creates a malicious application and wants to install a malicious kext with it, then they will not be able to do that.

 

But the problem is when you have to modify an official Apple kext. I'm not sure what would happen there.

Link to comment
Share on other sites

That would make sense. This whole thing is confusing... There's no way Apple would purposefully allow these kexts... Are you guys sure it doesn't mean the opposite? That these are kexts that aren't allowed?

Link to comment
Share on other sites

Wow! How strange.

Also, I'm curious... If you have a developer account and wanted to sign your own kext, does Apple have to approve that, or would you just do it?

 

The article also mentioned that /system would be locked though, which would mean you couldn't modify the exception kext... The only thing is I don't see how it's possible to lock out the root user... Maybe I'm misunderstanding.

 

Link to comment
Share on other sites

Wow! How strange. Also, I'm curious... If you have a developer account and wanted to sign your own kext, does Apple have to approve that, or would you just do it?

When you make the codesign for it, it communicate with apple servers and then the server gives you a token or something and then xcode build that into your kext/app. So you can't "just" sign it.

 

 

The article also mentioned that /system would be locked though, which would mean you couldn't modify the exception kext... The only thing is I don't see how it's possible to lock out the root user... Maybe I'm misunderstanding.

Now that is the thing I don't understand as well...

 

***

 

I read on another forum, someone tried to put modified (so codesign broken) kexts into Extra/Extenisons/ and osx loaded all of them from there without any message at kext cache creation  :lol:  They said, System/Extensions/ will be locked... but what about Extra/Extensions/? :P

  • Like 3
Link to comment
Share on other sites

 

I read on another forum, someone tried to put modified (so codesign broken) kexts into Extra/Extenisons/ and osx loaded all of them from there without any message at kext cache creation

Yet another curious (in scope of allow/forbid hackintoshing) feature :)

Link to comment
Share on other sites

I read on another forum, someone tried to put modified (so codesign broken) kexts into Extra/Extenisons/ and osx loaded all of them from there without any message at kext cache creation  :lol:  They said, System/Extensions/ will be locked... but what about Extra/Extensions/? :P

OSX don't care about kexts there, it's a Chameleon thing only. And I think you don't see the warnings because they won't be included into the kext caches. (not sure, anyone?)

Link to comment
Share on other sites

OSX don't care about kexts there, it's a Chameleon thing only. And I think you don't see the warnings because they won't be included into the kext caches. (not sure, anyone?)

yeah that's true. It would make or boot really slow though without the cache.
Link to comment
Share on other sites

I wonder if Apple is considering a very generous donation to the forum (who knows, even Tony can get a buck of two, if Apple be generous enough) :hysterical:

Well, one thing I noticed when editing AppleKextExcludeList.kext's Info.plist is, well...

		<key>com.tidalpoolsoftware.macproxy.kext</key>
		<string>2.0.5</string>
		<key>com.tonymacx86.AHCI_3rdParty_SATA</key>
		<string>1111.0</string>
		<key>com.tonymacx86.AHCI_3rdParty_eSATA</key>
		<string>0.3</string>
		<key>com.tonymacx86.ALC8xxHDA</key>
		<string>1111.0</string>
		<key>com.tonymacx86.ATI48xxController</key>
		<string>9.0.2</string>
		<key>com.tonymacx86.JMicron36xSATA</key>
		<string>0.8</string>
		<key>com.tonymacx86.JMicron36xeSATA</key>
		<string>0.8</string>
		<key>com.tonymacx86.Legacy889HDA</key>
		<string>0.3</string>
		<key>com.tonymacx86.ati6570pm</key>
		<string>3.0</string>
		<key>com.tootoosoft.driver.Intel82566MM</key>
		<string>1111.0</string>

This forum may not support him, but Apple sure supports tonymacx86!!

  • Like 2
Link to comment
Share on other sites

Well, one thing I noticed when editing AppleKextExcludeList.kext's Info.plist is, well...

This forum may not support him, but Apple sure supports tonymacx86!!

I can't believe this is happening!!! Next thing we know will be the official announcement of Apple buying Tony's (serious) business :hysterical:

Link to comment
Share on other sites

What happens if we patch a signed kext with clover's on-the-fly kextpatching? Then we can add anything to the applekextexcludelist without losing it's codesign?

I was wondering this too. Couldn't you also add any kext to that list, whether or not it actually exists natively, and then it wouldn't need a codesign?

Link to comment
Share on other sites

Apple isn't supporting anyone. This list was generated from support data.Wait for it to be removed. Like everything hack related.

I have no doubts that Apple isn't supporting anyone, it's just quite curious to see such a thing in the officially provided OS X versions (not some distro). Though it is only a DP (early) version (not yet the public release), but still why bother with the list (even if it's a trivial thing to make)? For security reasons? I guess Apple could create something much more complicated then this, if they would be all about security.

 

May be it's just to have more beta testers with very different hardware (more then only genuine Macs could offer)?

Link to comment
Share on other sites

 Share

×
×
  • Create New...