May the father of understanding guide us
0x00 Background Reference: Technical Note TN2459: Secure Kernel Extension Loading In macOS High Sierra, Apple introduced Secure Kernel Extension Loading (aka Kext User Consent) feature to require user confirmation before loading a signed kext. Note that this restriction only apply to valid signed kexts. Unsigned kexts would be taken care… Read moreSecure Kernel Extension Loading in macOS High Sierra
OS X El Capitan introduced lots of changes, most of them are not easy to be found since they are not on the GUI level. Well, SIP can be one of them but this post will not talk about it once again. Here are some changes/hacks I found. 1. Hibernate… Read moreSome Hidden Changes in OS X El Capitan
Begin with OS X 10.11 El Capitan, a set of security mechanism, System Integrity Protection(SIP), has been enforced and it can only be configured or turned off in the recovery environment like “Recovery HD”. In the “normal environment”, SIP configuration will not be permitted even with root privilege. If so,… Read moreOS X NVRAM Restriction Bypassed
09/18 Update: Begin with 10.11.1, the Apple Internal flag won’t allowed to be set. This Apple Internal status provided by csrutil tool shall always be “Disabled” even if you set this bit in your csr-active-config. 08/19 Update: An updated csrutil tool has been released with the DP7 of 10.11 El… Read moreUsage of csrutil and Standalone OS X 10.9 Recovery HD Backup
About SIP/Rootless: SIP/Rooless Internal in El Capitan In order to check the status of all security mechanisms provided by SIP/Rootless, a tiny little kext was built. WARNING: This kext is for testing purpose ONLY. Download: SIPCheck.command.zip Requirements: 1. OS X 10.11 for the SIP status check; bootargs flags check would be… Read moreKext to check SIP/Rootless status on El Capitan
As many people already found out, the next OS X El Capitan introduced a new mechanism of system security policy called “Rootless”, which officially named “System Integrity Protection” (SIP). According to the security session in WWDC2015, the rootless is a complete infrastructure built for the OS X security and it contains three… Read moreSIP/Rootless Internal in El Capitan and later
For many years (since 10.6.8 maybe), the IOAHCIBlockStorage.kext driver in the OS X only allows TRIM to be enabled on Apple SSD. Such behavior blocks all 3rd party SSD to enable this essential technology while running OS X. Although it was possible to patch the IOAHCIBlockStorage binary to force enable TRIM on… Read moreHOW OS X open the gate for TRIM on 3rd party SSD
About half a month ago we discussed how to simulate NVRAM on Hackintosh, especially for those PC without UEFI support. Let’s figure out a little more about NVRAM. As for NVRAM module, lots of data are stored there:
“Your Mac stores certain settings in a special memory area even if it is turned off. On Intel-based Macs, this is stored in memory known as NVRAM” —-from Apple Support site: About NVRAM and PRAM But on Hackintosh, there is no compatible NVRAM can be utilized by OS X. Thus, some functions… Read moreNVRAM on Hackintosh
之前已经在Mac OS X下使用脚本实现了Ramdisk: 在Mac OS X上利用脚本实现RAM Disk 其中提到了在用户注销时自动打包dmg镜像对整个ramdisk进行数据备份的方法. 该方法配合asr restore命令可以非常方便地实现备份与恢复. 并且在数台机子上测试均能正常工作. 然而近日, 在研究如何将桌面以及Finder中碍眼的Ramdisk磁盘图标隐藏时, 发现了一些纠结的问题: