TheEnthusiast Posted October 13, 2013 Share Posted October 13, 2013 All of this is rumored and heresy until its actually implemented and even if it is we will figure a way around it. This is all that matters at this point in time. When it first noted that Apple was introducing kext signing, most went paranoid that it meant the end of hackintosh, etc. Yet, here we are, presumably a few weeks from the public release, and the process is the same as Mountain Lion, more or less. Speculation is honestly pointless because no one, outside of Apple, truly knows the reason why Apple has chosen to implement this concept; Apple hasn't even released any documentation about it. Plus, it doesn't affect hackintosh only because there are other third party kexts as well. Like Joe75 said, as I have said in the past as well, there is always a way. 3 Link to comment Share on other sites More sharing options...
peg4a Posted October 13, 2013 Share Posted October 13, 2013 at XanthraX Hi ! I just found something very interesting for anybody who has problem to install working kext from 10.8.4 to 10.9 The problem can come from an option : npci I had npci=0x3000 in my boot options for maverick to start. Now with maverick I don't need it anymore. If I keep it, my kexts just don't work (marvell yukon 80e8056 and ad2000b.kext). Since I delete the option everything works fine ! Hope it can help (I was searching for one week now...) Peg4a Asus p6t deluxe v2 Core i7 920 1 Link to comment Share on other sites More sharing options...
joe75 Posted October 13, 2013 Share Posted October 13, 2013 Agreed! This is not a hackint0sh issue it goes for any kexts used in osx and its hard to believe apple is going to break things like this. Kexts are a vulnerability in osx because they can connect at kernel level and this type of signing for security should have been made long ago. Without going into details, a kext can be made hidden and able to load without showing to the user or the system for purpose of exploit 1 Link to comment Share on other sites More sharing options...
Pike R. Alpha Posted October 13, 2013 Share Posted October 13, 2013 This is all that matters at this point in time. When it first noted that Apple was introducing kext signing, most went paranoid that it meant the end of hackintosh, etc. Yet, here we are, presumably a few weeks from the public release, and the process is the same as Mountain Lion, more or less. Speculation is honestly pointless because no one, outside of Apple, truly knows the reason why Apple has chosen to implement this concept; Apple hasn't even released any documentation about it. Plus, it doesn't affect hackintosh only because there are other third party kexts as well. Like Joe75 said, as I have said in the past as well, there is always a way. I don't think that anyone has said that kext signing would be the end of hackintosh community. At least not me. It will eventually make things a lot more difficult. That's for sure. And Apple did mention why they introduced it, in the already available documentation i.e. it is done to protect the kernel. Well. A first step that is. Also. When someone quotes Apple's own documentation, stating that /System/ will be locked down (in the near future) and that kexts in /Library/Extensions/ must be signed, or they refuse to load, that is far from speculation. I call that facts. 1 Link to comment Share on other sites More sharing options...
joe75 Posted October 13, 2013 Share Posted October 13, 2013 Funny that you are one of these main contributors of FUD! "We just have to wait and see when it happens, but if this is introduced (in whatever OS version that may be) then we are locked out and that means that editing plists and/or patching bin (executable) files of signed kexts will be impossible, and since there are plenty kexts that need a binary and/or plist patch." "The side effect is that it will stop people from using the latest and greatest aka OS X 10.9 Mavericks on a hack." You also go on to claim that this will all happen in 10.9 and now here it is and its still not an issue. Link to comment Share on other sites More sharing options...
The Real Deal Posted October 13, 2013 Share Posted October 13, 2013 well, installed this GM in a rush, as i was running a 100 metres USB key "manual method" Looks good so far, DSDT free. Patched AppleHDA + HDAEnabler embedded with cham Edited IO.. (WIFI) E1000.. (Ethernet) FakeSMC Native PM Etc,. 1 Link to comment Share on other sites More sharing options...
mendietinha Posted October 13, 2013 Share Posted October 13, 2013 Probably something to do with the trackpad driver. Which do you use? It's probably PM related... (driver power management) after all i solved by just changing the appleps2 kext for a voodoops2 kext from rehabman. thanks! 1 Link to comment Share on other sites More sharing options...
TheEnthusiast Posted October 13, 2013 Share Posted October 13, 2013 I don't think that anyone has said that kext signing would be the end of hackintosh community. At least not me. It will eventually make things a lot more difficult. That's for sure. And Apple did mention why they introduced it, in the already available documentation i.e. it is done to protect the kernel. Well. A first step that is. Also. When someone quotes Apple's own documentation, stating that /System/ will be locked down (in the near future) and that kexts in /Library/Extensions/ must be signed, or they refuse to load, that is far from speculation. I call that facts. Well, there was a thread a few months back in which there was mention of the potential end of hackintosh. In regards to protecting the kernel, I could have said that myself, but I'm willing to say that I am at fault here since I could have been more specific. And lastly, perhaps I didn't read closely enough, but I don't recall anyone referring directly to Apple's documentation. In other words, most of what has been said in this thread has been speculation, especially in regards to 10.10. Facts or not, still doesn't change another fact, there will be a way. Link to comment Share on other sites More sharing options...
XanthraX Posted October 14, 2013 Share Posted October 14, 2013 at XanthraX Hi ! I just found something very interesting for anybody who has problem to install working kext from 10.8.4 to 10.9 The problem can come from an option : npci I had npci=0x3000 in my boot options for maverick to start. Now with maverick I don't need it anymore. If I keep it, my kexts just don't work (marvell yukon 80e8056 and ad2000b.kext). Since I delete the option everything works fine ! Hope it can help (I was searching for one week now...) Peg4a Asus p6t deluxe v2 Core i7 920 Thank you, I will give it a try. I usually use now the GA-B57-D3H Hackintosh and it works flawlessly without any DSDT, but I don't want to think of a funeral for the Asus P5K-VM. I know it is an old MoBo, not many of us still use it if they have used, but this grandpa still has potential, I just don't find the right hack for it. Link to comment Share on other sites More sharing options...
TechGuru Posted October 14, 2013 Share Posted October 14, 2013 Z77x-ud3h is 100% working with my 7970 without using any Kexts only issue is the kext alert so if we could build it into the boot loader that be great also display port and my new retina display from hp works epic. On a side not anyway to fix the resolution error in the boot loader it's not 1080p unlike the USB boot loader Link to comment Share on other sites More sharing options...
Pike R. Alpha Posted October 14, 2013 Share Posted October 14, 2013 Funny that you are one of these main contributors of FUD! "We just have to wait and see when it happens, but if this is introduced (in whatever OS version that may be) then we are locked out and that means that editing plists and/or patching bin (executable) files of signed kexts will be impossible, and since there are plenty kexts that need a binary and/or plist patch." "The side effect is that it will stop people from using the latest and greatest aka OS X 10.9 Mavericks on a hack." You also go on to claim that this will all happen in 10.9 and now here it is and its still not an issue. Right. You cannot change the plist and/or patch the binary and expect it to get loaded from /Library/Extensions. All part of Apple's documentation, but you are right in saying that I was wrong when I said that it would be done in 10.9 Make that OS X 10.10 (or whatever version of OS X) but I simply forgot to change it. FUD is however something different as it will happen. Thanks for the heads up. Errors corrected in my blog. 1 Link to comment Share on other sites More sharing options...
jamiethemorris Posted October 14, 2013 Share Posted October 14, 2013 Does anyone know if the menu bar for the inactive display is drawn by the graphics card like the dock is? I have a feeling it is since obsidian menu bar doesn't affect it. Link to comment Share on other sites More sharing options...
dan542 Posted October 14, 2013 Share Posted October 14, 2013 "Impossible"? Certainly not... "A lot more difficult"? I doubt so. First, the kernel has to load Apple's public key from somewhere, right? So, we could just add another key, that everyone would generate themselves and sign their kexts with it... This is the cleanest solution, since you don't lose that extra bit of security added by kext signing nor do you have to modify the kernel. This is what I'll probably do with OS X 10.10. But, since many people don't want to do that, I'm pretty sure that there will be other solutions disabling the signature verification altogether. I think it's pretty likely that Apple will just add a kernel flag to disable it (if it's not already there, I haven't checked). In case they won't, it's not a problem either, as you can just change one je/jne to jmp/nop, so that the signature check always passes. Or you wait for the source code and do the same thing in a slightly cleaner way... 1 Link to comment Share on other sites More sharing options...
Andy Vandijck Posted October 14, 2013 Share Posted October 14, 2013 "Impossible"? Certainly not... "A lot more difficult"? I doubt so. First, the kernel has to load Apple's public key from somewhere, right? So, we could just add another key, that everyone would generate themselves and sign their kexts with it... This is the cleanest solution, since you don't lose that extra bit of security added by kext signing nor do you have to modify the kernel. This is what I'll probably do with OS X 10.10. But, since many people don't want to do that, I'm pretty sure that there will be other solutions disabling the signature verification altogether. I think it's pretty likely that Apple will just add a kernel flag to disable it (if it's not already there, I haven't checked). In case they won't, it's not a problem either, as you can just change one je/jne to jmp/nop, so that the signature check always passes. Or you wait for the source code and do the same thing in a slightly cleaner way... Signing with other key?Sure, if you are a paying dev you can generate the needed certificates and use those. The second option is to patch the kernel to always say the certificate is valid. Both should be possible Link to comment Share on other sites More sharing options...
joe75 Posted October 14, 2013 Share Posted October 14, 2013 Revenue from dev accounts and reassuring investors is what this all stems from IMHO. kext signing will go the way of the tpm chip.. Link to comment Share on other sites More sharing options...
tle88 Posted October 14, 2013 Share Posted October 14, 2013 ...kext signing will go the way of the tpm chip. Bad divination. - Maybe true. Then I leave myself in this point in even next 10 years, and start again after that. Like 10.6.8 is excellent tiny systems now days (I use it in my htpc which is 8 years old machine) early 10.8.5 is that too. And this 10.9 GM. After next 10 years I hope, that free bsd or something like that is satisfying working. Apple do what they do, so do I. Closed system is poison to me. And I do not buy poor hardware with expensive price only because I only like the operating system. This not happen. Fortunately... 10.6.8 , 10.8.5 and 10.9 gm works for ever and eternally. If Apple close operating systems in the future, I will only use current systems and replace only when something is finally better. This takes a lot of times, but I can wait. I have full working machines. T -.- I understand better and better R. Stallman. And I am not hippy. :-) 1 Link to comment Share on other sites More sharing options...
XanthraX Posted October 14, 2013 Share Posted October 14, 2013 Tried the last advices either for network and sound. Still no luck. I connected another network card TP-Link TG-3269 (Based on RTL-8169 chip) and still no luck. This is my org.chameleon.Boot.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Default Partition</key> <string>hd(0,2)</string> <key>EthernetBuiltIn</key> <string>Yes</string> <key>GenerateCStates</key> <string>Yes</string> <key>GeneratePStates</key> <string>Yes</string> <key>Graphics Mode</key> <string>1680x1050x32</string> <key>GraphicsEnabler</key> <string>Yes</string> <key>Kernel</key> <string>mach_kernel</string> <key>Timeout</key> <string>5</string> <key>UseKernelCache</key> <string>Yes</string> </dict> </plist> Link to comment Share on other sites More sharing options...
joe75 Posted October 14, 2013 Share Posted October 14, 2013 sound should be working with voodoo, I'm not sure what the problem is there. try r1000 kext or the realtekrtl8111 kext for network. 1 Link to comment Share on other sites More sharing options...
dan542 Posted October 14, 2013 Share Posted October 14, 2013 Signing with other key? Sure, if you are a paying dev you can generate the needed certificates and use those. The second option is to patch the kernel to always say the certificate is valid. Both should be possible There is Apple's public key saved somewhere in your computer. In fact, I think there are more keys from Apple, at least one for verifying dev's keys and one for verifying Apple's own kexts. In a kext that is from a registered developer, there is a developer's public key along with Apple's signature of that key. When the kernel checks whether a signature is valid, it first checks whether the dev's public key is signed by Apple, if so, then it checks whether the signature of the kext itself is valid and if so, it loads the kext. As for Apple's own kexts, I think it just uses the Apple's key I was talking about earlier to verify the signature. So basically your computer trusts kexts that are signed either by Apple or by a dev whose key is in turn signed by Apple. Now, guess what happens if you generate a public/private key pair and replace the Apple's public key with the public key you've just generated? Yes, your computer now trusts kexts that are signed using YOUR, not Apple's, private key. Now you can just sign everything you want to run using your private key... IMO it's safer this way, because anybody, including virus makers, can buy a key signed by Apple, whereas nobody other than you can sign kexts using your private key. But if you want, I think it would be possible to have both the Apple's key and your own key in your computer, to that your computer runs kexts signed by Apple or registered devs too. Link to comment Share on other sites More sharing options...
XanthraX Posted October 14, 2013 Share Posted October 14, 2013 sound should be working with voodoo, I'm not sure what the problem is there. try r1000 kext or the realtekrtl8111 kext for network. I will give them a try tomorrow and I will post. All I got with voodoo is a pop sound when I shut the system down or at the restart, but still no output device in the sounds preference pane. Link to comment Share on other sites More sharing options...
The Real Deal Posted October 14, 2013 Share Posted October 14, 2013 Still no WPA encryption for create our own WIFI network.. WEP is so vulnerable. Sounds like a decrease? EDIT : do you have in energy saver : Allow to sleep by power button? (got it in ML though) EDIT2 : i made a quick video of a geekbench run 1 Link to comment Share on other sites More sharing options...
Dr. Hurt Posted October 14, 2013 Share Posted October 14, 2013 Has anyone noticed the screen flashing at the end of the boot process? I though it was just me, but a quick search revealed that real macs have that issue too. Link to comment Share on other sites More sharing options...
drnick Posted October 14, 2013 Share Posted October 14, 2013 I will give them a try tomorrow and I will post. All I got with voodoo is a pop sound when I shut the system down or at the restart, but still no output device in the sounds preference pane. this work fine for me on 10.9 http://lnx2mac.blogspot.com/p/realtekrtl81xx-osx-driver.html good luck 1 Link to comment Share on other sites More sharing options...
kun Posted October 15, 2013 Share Posted October 15, 2013 here is bcm57781 for 10.9 mavericks hi.. is this supposed to be working on 10.9 GM? Tried on mine, no dice. Z77 Extreme4 ;-( 1 Link to comment Share on other sites More sharing options...
Regi Yassin Posted October 15, 2013 Share Posted October 15, 2013 yes, its working 10.9gm its from 10.9 dp2 Link to comment Share on other sites More sharing options...
Recommended Posts