OpenCore General Discussion

[miliuco]

1 minute ago, antuneddu said:

strange from recovery by opening the terminal: csrutil disable has always worked for me, however now everything is easier 

It worked for me too. What I mean is that csrutil status was returning disabled but with a warning of unknown state. Now it just returns disabled. And it is so much easier to do.

[Anto65]

51 minutes ago, 5T33Z0 said:

I have a Question about the new Tool csrutil.efi: do I need to have the OpenShell as well to get it working or is it standalon? Because it doesn't do anything when I try to run it.

You will only see when you select it that the icon changes from enable to disable or vice versa, you can check via terminal csrutil status  as @miliuco say

I was also expecting some shell screen or similar but none of that ... just see the chance of the icon   enable / disable 

[miliuco]

Summary for newcomers

 

csrutil and SIP

• Added optional Toggle SIP system boot menu option: Toggle SIP (Enabled) / Toggle SIP (Disabled). The operation is very simple. The tool is on / off style. By clicking on the icon, the status changes (Enabled > Disabled and vice versa). If csr-active-config has a value assigned, this is the setting that will be active at next boot and every new boot. If csr-active-config has an empty value, action performed on Toggle SIP is kept between boots.
• Added CsrUtil.efi tool, similar to Apple csrutil: it is an argument tool. You can pass argument in config.plist (active at every boot) setting it as Text mode tool or run it interactively from OpenShell. Argument can be: clear, enable value, toggle value, status.
  
  It is not required to have both tools active in the picker. Toggle SIP works fine even if CsrUtil.efi is disabled and not showing in the picker. And vice versa.
• Added Misc> Security> AllowToggleSip (Boolean) to enable or disable the new tool Toggle SIP. It's mandatory to download the new Labels folder included into OcBinaryData from Acidanthera. This folder now contains 2 new labels SIPEnabled and SIPDisabled, without them OpenCanopy falls back to text mode.

@eSaF this summary is specially for you, my friend 

Edited May 29, 2021 by miliuco

[miliuco]

But now I have a question. Well, SIP disabled by Toogle SIP or CsrUtil.efi. How to mount / in read-write mode? Because I get the same warning as before.

mount_apfs: volume could not be mounted: Permission denied
mount: / failed with 66

 

[ghost8282]

1 hour ago, miliuco said:

Added optional Toggle SIP system boot menu option: Toggle SIP (Enabled) / Toggle SIP (Disabled). The operation is very simple. The tool is on / off style. By clicking on the icon, the status changes (Enabled > Disabled and vice versa). Note: it is only used for this boot, on the next boot it will be Re-enabled by default.

Are you sure about this?Are you sure you don't have set the csr-active-config in your config.plist?

Because in my case it doesn't reset (as I think it should be) to "enabled" (with an empty string in csr-active-config).

 

Note: what you wrote "I have never been able to disable SIP in Big Sur to my satisfaction: it is a very laborious process and csrutil status returns unknown state." may be related to the setting of csr-active-config; if you have an empty string you will be able to enable/disable sip via terminal and check its status without having the "unknown state".

Edited May 28, 2021 by ghost8282

[ghost8282]

1 hour ago, miliuco said:

But now I have a question. Well, SIP disabled by Toogle SIP or CsrUtil.efi. How to mount / in read-write mode? Because I get the same warning as before.

mount_apfs: volume could not be mounted: Permission denied
mount: / failed with 66

 

You also need authenticated-root disabled, then you should be able to mount / in r/w and do your edits, after that you need to make a new snapshot.

Or tag an empty snapshot and boot from the live volume, this was possible in early big sur version, didn't test with latest.

Note that if you break the seal you will have issues with os updates, you will not be able to update, at least this was what happened to me in the past.

 

Edited May 28, 2021 by ghost8282

[Guest 5T33Z0]

I realy like how the new ToggleSIP Switch works! Solves a lot of headaches when having various macOS versions installed that you want to update, since they all use different csr-values. With this you just temporarily enable SIP, check update on whatever system you want and then it's disabled again after rebooting automatically to whatever value is stored in the config.

[GOOGE]

Trying 0.7.0 eb5cc3e, Open Canopy, just can't get my  ResetNVRAM.icns  to show up anymore on my boot screen?

 

Read the differences .pdf, still stumped. Anyone lead me into the right direction...

Edited May 28, 2021 by GOOGE

[Anto65]

10 minutes ago, GOOGE said:

Trying 0.7.0 eb5cc3e, Open Canopy, just can't get my  ResetNVRAM.icns  to show up anymore on my boot screen?

 

Read the differences .pdf, still stumped. Anyone lead me into the right direction...

updated label and font ? https://github.com/acidanthera/OcBinaryData

 

 

Edited May 28, 2021 by antuneddu

[GOOGE]

19 minutes ago, antuneddu said:

updated label and font ? https://github.com/acidanthera/OcBinaryData

 

 

Thank you antuneddu, that gets me the ResetNVRAM.icns visually back, but, when I use try and use it, it doesn't actually reset the NVRAM, just reboots, without a NVRAM reset... I'm so bad at reading docs... Thanks again!

[eSaF]

22 minutes ago, antuneddu said:

updated label and font ? https://github.com/acidanthera/OcBinaryData

 

 

That is strange, I too updated to the latest OC version as well as the latest OC Binary Resources,

Spoiler

didn't have to do anything special apart from loading my Icon preferences pack and all was well.

[miliuco]

2 hours ago, ghost8282 said:

Are you sure about this?Are you sure you don't have set the csr-active-config in your config.plist?

Because in my case it doesn't reset (as I think it should be) to "enabled" (with an empty string in csr-active-config)...

What I mean is that, even with empty string in csr-active-config, every new boot the icon shown is Toggle SIP (Enabled) and macos command csrutil status gets SIP enabled, not saving previous action onto Toggle SIP. Al least is what happens now in my system. I don't know for now why it doesn't happen as in your system.

 

1 hour ago, ghost8282 said:

You also need authenticated-root disabled, then you should be able to mount / in r/w and do your edits, after that you need to make a new snapshot.

Or tag an empty snapshot and boot from the live volume, this was possible in early big sur version, didn't test with latest...

Yes, I have also authenticated-root disabled, plus SIP disabled from OC menu, csrutil status in macOS say disabled and even so when I write sudo mount -uw / I get the failed with 66 error.

Edited May 28, 2021 by miliuco

[ghost8282]

12 minutes ago, miliuco said:

What I mean is that, even with empty string in csr-active-config, every new boot the icon shown is Toggle SIP (Enabled) and macos command csrutil status gets SIP enabled, not saving previous action onto Toggle SIP. Al least is what happens now in my system. I don't know for now why it doesn't happen as in your system.

Yes, I have also authenticated-root disabled, plus SIP disabled from OC menu, csrutil status in macOS say disabled and even so when I write sudo mount -uw / I get the failed with 66 error.

 

Oh that's strange, in my case it's the opposite, it's persistent until I change it again.

 

About authenticated-root note that you are probably booting from a snapshot and not from /, so it's not possible to have / in r/w.

This is possible (? --> at least with previous versions of big sur) if you tag an empty snapshot, so that you can boot from the real volume.

Or in recovery, by mounting the real volume.

 

These were my notes to boot from the real volume; please understand that I have absolutely no idea how to go back after these modifications, so operate at your risk  :

Spoiler

1. Delete any data in csr-active-config field in open core plist (add section of NVRAM)

2. Boot into recovery, disable SIP and Authenticated-root (2 reboots into recovery maybe required)

3. Reboot and boot again into recovery, verify SIP and authenticated-root are disabled

4. List disks, unmount Mac OS, identify Mac OS disk and mount it in r/w

diskutil list
diskutil umount /Volumes/MacOsVolumeName
diskutil mount diskXsY (replace X and Y)
mount -uw /Volumes/MacOsVolumeName

5. Tag an empty string snapshot to boot from the live disk

/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs_systemsnapshot -v /Volumes/MacOsVolumeName -r ""

6. List and delete all other snapshots

diskutil apfs listSnapshots diskXsY (replace X and Y)
diskutil apfs deleteSnapshot diskXsY -uuid UUIDHERE (Replace X, Y and UUIDHERE)

7. Reboot to Mac OS and mount / in r/w

sudo mount -uw /

Now instead of failed with 66 you can mount / in r/w and do your modifications and reboot without kernel panic.

 

Edited May 28, 2021 by ghost8282

[Matgen84]

2 hours ago, antuneddu said:

updated label and font ? https://github.com/acidanthera/OcBinaryData

 

 

 

2 hours ago, eSaF said:

That is strange, I too updated to the latest OC version as well as the latest OC Binary Resources,

  Reveal hidden contents

didn't have to do anything special apart from loading my Icon preferences pack and all was well.

Hi @antuneddu@eSaF

Right @eSaF ResetNvram is embedded with Opencore, ToogleSip too. It suffices, unless I am mistaken, to activate them in the config.plist: llowNvramReset and llowToggleSip (Boolean). Some can use csrutil, the standalone, under Shell. If it is installed.

[Anto65]

26 minutes ago, Matgen84 said:

 

Hi @antuneddu@eSaF

Right @eSaF ResetNvram is embedded with Opencore, ToogleSip too. It suffices, unless I am mistaken, to activate them in the config.plist: llowNvramReset and llowToggleSip (Boolean). Some can use csrutil, the standalone, under Shell. If it is installed.

Yes, in the last commit you have to update ocbinarydata due to the new ToogleSip labels otherwise you have a text menu at boot

Edited May 28, 2021 by antuneddu

[eSaF]

20 minutes ago, Matgen84 said:

It suffices, unless I am mistaken, to activate them in the config.plist: llowNvramReset and llowToggleSip (Boolean). Some can use csrutil, the standalone, under Shell. If it is installed.

Correct - I forgot to mention that you need to activate the settings in the config.plist.

[HenryV]

5 hours ago, ghost8282 said:

You also need authenticated-root disabled, then you should be able to mount / in r/w and do your edits, after that you need to make a new snapshot.

Or tag an empty snapshot and boot from the live volume, this was possible in early big sur version, didn't test with latest.

Note that if you break the seal you will have issues with os updates, you will not be able to update, at least this was what happened to me in the past.

 

for tagging unnamed snapshots as bootable?

 

/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs_systemsnapshot -r "" -v /Volumes/your_Big_Sur_volume_name

 

Regarding updates after modifications:

 

You can modify the system files and make a new snapshot and still update, but with the full updater, not the incremental smaller "delta type" updates.    Tested with 11.4 beta.

Edited May 28, 2021 by HenryV
add info

[miliuco]

4 hours ago, ghost8282 said:

Oh that's strange, in my case it's the opposite, it's persistent until I change it again.

 

About authenticated-root note that you are probably booting from a snapshot and not from /, so it's not possible to have / in r/w.

This is possible (? --> at least with previous versions of big sur) if you tag an empty snapshot, so that you can boot from the real volume.

Or in recovery, by mounting the real volume.

 

These were my notes to boot from the real volume; please understand that I have absolutely no idea how to go back after these modifications, so operate at your risk  ...

 

I thought you only need SIP Disabled + authenticated-root disabled + mount / in read-write mode from within the booted system. I see that it is not that simple. I will study your notes to find out more about this process. Thanks.

[deeveedee]

Can someone explain the use case(s) for setting ACPI>Quirks>ResetLogoStatus = True?  Thank you.

 

EDIT: I am still trying to isolate the cause of a boot anomaly where occasionally, the HP and Apple logos are not visible (at boot, OC picker is not displayed - display is blank until macOS progress bar and then the system boots normally). I have observed this on my rig for as long as I have been testing OC, so it may have something to do with the fact that I am using DP->DVI video adapters.  This is not a critical issue, since my rig boots normally even when the HP and Apple logos don't appear.  I have not yet determined whether ResetLogoStatus has anything to do with this issue (and I don't know what ResetLogoStatus is intended to address/fix).

 

EDIT 2: The phrase "polishing the deck chairs on the Titanic" is taking on a new meaning for me.

Edited June 8, 2021 by tonyx86

[Andrey1970]

12 hours ago, tonyx86 said:

Can someone explain the use case(s) for setting ACPI>Quirks>ResetLogoStatus = True?  Thank you.

To see bios logo when loading uefi windows (as would be without Open Core), instead of a logo windows.

Also for other OS (not macOS).

Edited June 8, 2021 by Andrey1970

[Matgen84]

Hi @all

Sorry for my stupid question: Opencore 0.7 / Big Sur 11.5 Beta 2

On the Big Sur session, I click shutdown, but the hack does not turn off completely. The top backlit button of the case remains on. I have to press manually to stop the power supply. 

Any ideas. Please.

[Matgen84]

2 minutes ago, MifJpn said:

Hello
I apologize in advance because it may not be the answer.
Did you have any problems since 0.7.0?
I'm sorry if you've already done the following:
Intel 300 series has a problem with NVRAM. So do you forget to include SSDT-PMC.aml ,don't you?
If you forget this, you will have problems shutting down.
Thank you.

 

Thanks. I've got a SSDT-PMC.aml. You're right: I re-check if it's a good one.

[deeveedee]

@Matgen84 It seems strange that this behavior would start after upgrading to OC 0.7.0 / 11.5 Beta 2 (although I haven't tested 11.5).  Without seeing your EFI (unless you want to post it), any suggestions would be a wild guess.  The only time I've seen something similar to your described behavior is on a laptop where I had to add the well-known _PTS fix:

If (0x05 == Arg0)
{
   SLPE = Zero
   Sleep (0x10)
}

If you want to post your EFI, it might help diagnose the problem.

[Matgen84]

4 minutes ago, tonyx86 said:

@Matgen84 It seems strange that this behavior would start after upgrading to OC 0.7.0 / 11.5 Beta 2 (although I haven't tested 11.5).  Without seeing your EFI (unless you want to post it), any suggestions would be a wild guess.  The only time I've seen something similar to your described behavior is on a laptop where I had to add the well-known _PTS fix:

If (0x05 == Arg0)
{
   SLPE = Zero
   Sleep (0x10)
}

If you want to post your EFI, it might help diagnose the problem.

I will post in MP. Thanks in advance.

[deeveedee]

EDIT: Please post advice here if you have any suggestions.  Thank you.

 

I was thinking of replacing EFICheckDisabler.kext with RestrictEvents.kext; however, when I tested RestrictEvents.kext, it appears that eficheck driver still loads, so I'm not sure that eficheck is blocked.  When using RestrictEvents.kext, should I see EFICheck driver attached to LPCB in IORegistry?

 

When using RestrictEvents.kext:

Spoiler

 

When using EFICheckDisabler.kext:

Spoiler

 

Thank you.

Edited June 11, 2021 by tonyx86