** Hackintosh ** Tips to make a bare metal MacOS


Recommended Posts

Updated to beta 2 by downloading the beta 2 installer and making a dmg and running it. Took a long 4 reboots where I had to manually select the Mac installer selection in opercore to keep it going. Thought it frooze twice but it eventually finished. So be very patient...it's still going. 

  • Like 1
Link to comment
6 hours ago, david279 said:

Updated to beta 2 by downloading the beta 2 installer and making a dmg and running it. Took a long 4 reboots where I had to manually select the Mac installer selection in opercore to keep it going. Thought it frooze twice but it eventually finished. So be very patient...it's still going. 

eheh you are always ahead of me by 5-6 hours...damn time zone :D

Beginning the download now, better to try all to be prepared and take into account all the issues.

 

For mac os big sur, until now I found:
- issue with textedit: several crashes when opening existing txt files (crash complaining about layout, or something similar)

- preference panel icons of third party applications: not working well, icons disappear sometimes

- system preferences --> network: it takes long time to load the network panel

- control center: somehow slow when clicking on the control center icon (btw I hate the control center...and I can't wait to find a way to delete it)

- control center: from system preferences if you set to hide icons in control center it will not work, icons still there

- siri: though audio works siri always reply with "I don't understand that, Can you please repeat?", such as Siri can't identify the microphone.

Edited by ghost82
  • Like 1
Link to comment

Installed beta 2 (clean install) without hanging or forced reboots.

 

On 7/6/2020 at 10:19 AM, ghost82 said:

it was stuck at "Forcing CS_RUNTIME for entitlement: com.apple.rootless.restricted-block-devices": I needed a forced shutdown and a new boot pointing at the new partition (Mac-Os-Big-Sur)

 

I think it didn't hang, this time I left the process to continue (I had lunch in the meantime!) and it didn't lock, anyway on that step you could wait for 10-15+ minutes!

 

Updates:

- issue with textedit: some crashes when opening existing txt files (with beta 1 was several crashes)

- preference panel icons of third party applications: not working well, icons disappear if prepane installed in /System/Library

- system preferences --> network: it takes long time to load the network panel (only for the first time after a boot)

- control center: somehow slow when clicking on the control center icon

- siri: now working good (in beta 1 did not work replying with "can you repeat please?")

- Opencore: not able to boot into recovery (boot into recovery with JumpstartHotplug setting)

- Cannot change menu bar clock settings (all is greyed out)

- Languages: some strings are only in English

- Sharing panel not working well: some settings shows as greyed out but can be enabled, some graphical glitch

- Cannot mount / for read/write anymore with SIP disabledsudo mount -uw /

returns:

mount_apfs: volume could not be mounted: Permission denied
mount: / failed with 66

There should be a way to mount for r/w in recovery, but since opencore cannot mount recovery (not compatible), it's not possible for now and so my usb wifi is broken because I need to copy files in /System/Library (copying in /library doesn't work)

 

Edited by ghost82
Link to comment

You can use the following addition to the xml and have no need for FakeSMC or VirtualSMC.

<qemu:commandline>
    <qemu:arg value='-device'/>
    <qemu:arg value='isa-applesmc,osk="************************"'/>
</qemu:commandline>

 

Edited by pavo
Link to comment
54 minutes ago, david279 said:

Anyone want to pass a opencore qcow? Im trying to see if my Big Sur install disk is really corrupted or not.

Why use a qcow? Why not just a USB drive like normal and either passthrough the USB Controller or pass it through as a USB device.

Link to comment

Anybody knows how to completely disable SIP in Big Sur?In other words, which value to input in opencore to disable also authenticated-root, so to be able to mount in r/w /?
 

I tried /w8AAA== and dwkAAA== without any luck...

 

Can you confirm also that at the moment there's nothing to do to boot recovery?

Edited by ghost82
Link to comment
8 hours ago, ghost82 said:

Try the attached (new serial number for this image, imacpro1,1, audio disabled) :

https://mega.nz/file/Vn5FHQga#z9HJyjWtCjOUK-fIB7pn9_ZqIkmuC07w4bczbyheMfI

 

Anybody knows how to completely disable SIP in Big Sur?In other words, which value to input in opencore to disable also authenticated-root, so to be able to mount in r/w /?

I tried /w8AAA== and dwkAAA== without any luck...

 

Can you confirm also that at the moment there's nothing to do to boot recovery?

Disable SIP for Big Sur is FF0F0000 value and you can boot recovery if you enable JumpstartHotPlug under UEFI > APFS, but only use it to boot the Recovery, not normal boot.

  • Thanks 1
Link to comment
4 hours ago, pavo said:

Disable SIP for Big Sur is FF0F0000

I think it's hex?Translated to base64 is /w8AAA== but unfortunately it doesn't disable authenticated root :(

4 hours ago, pavo said:

if you enable JumpstartHotPlug under UEFI > APFS

Great! This works to boot in recovery, thank you!

However for some strange reason when I run:

csrutil authenticated-root disable

the system replies with:

csrutil: Failed to disable the authenticated root setting. This tool needs to be executed from the Recovery OS.

But damn....I'm booting into recovery... :(

 

I'm going to reinstall the os and try a thing, because with beta 1 I was able to mount / in r/w and i think I know why..

 

Edited by ghost82
Link to comment
5 hours ago, ghost82 said:

I'm going to reinstall the os and try a thing, because with beta 1 I was able to mount / in r/w and i think I know why..

ok, this was a coincidence happened during first installation of beta 1, when I noticed that I could mount / in read/write without any issue, but that was changed in beta 2.

It was not changed and I'm able to replicate it in beta 2.

 

During installation of the os, after booting from preboot, there's a step you can see:
Forcing CS_RUNTIME for entitlement: com.apple.rootless.restricted-block-devices

 

When you see this, instead of let it going on, force shutdown the system (btw, this is like an elephant in a glassware...), on reboot in picker choose your mac os volume to boot.

 

When first booting into the os now "sudo mount -uw /" works as in Catalina, instead of returning Failed with 66.

Interesting thing is that csrutil authenticated-root status returns "enabled", so I'm really not sure what's happening.

Edited by ghost82
Link to comment

I didn't try an update, so I don't know if there are issues during upgrading, most probably not..

I don't recommend the update, for two reasons: the os is still in early development, with some bugs and some non functioning things and opencore can inject kexts and patch the kernel but still not optimize and for sure it will receive updates, as the kexts developed by acidanthera.

Most (all?) of us are installing big sur only to test it, not to use it as a stable machine.

 

Link to comment
On 7/9/2020 at 7:35 AM, ghost82 said:

Translated to base64 is /w8AAA== but unfortunately it doesn't disable authenticated root

I make some progress on this but still have some problems.

Breaking installation at "Forcing CS_RUNTIME for entitlement: com.apple.rootless.restricted-block-devices" is not a good idea as it can break something, I noticed for example that recovery is no more accessible and who knows what else breaks...

However I was able to disable both SIP and authenticated-root.

First thing to do is to ensure that you don't have anything in the add section of NVRAM in the csr-active-config key (opencore): at the time of writing if you have some value in that field you will not be able to disable authenticated-root via recovery (if you boot into recovery with JumpstartHotPlug=true and give the command csrutil authenticated-root disable you will receive "csrutil: Failed to disable the authenticated root setting. This tool needs to be executed from the Recovery OS.").

So, csr-active-config should be set as:

<key>csr-active-config</key>
<data></data>

Then you can boot into recovery and disable SIP:

csrutil disable

and disable authenticated-root:

csrutil authenticated-root disable

You can verify with "csrutil status" and with "csrutil authenticated-root status".

This will be stored in nvram.

Now I can mount the root partition in read and write mode (from the recovery):

diskutil mount diskXsY
mount -uw /Volumes/MacOsVolumeName

and you can modify stuff in /System/Library/Extensions for example (in my case I need to add a kext there and other files in /System/Library)

 

Here issues start again: I followed 2 guides:

First one:
- generate and tag a new snapshot:

sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs_systemsnapshot -s "Mysnapshot" -v /Volumes/MacOsVolumeName
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs_systemsnapshot -r "Mysnapshot" -v /Volumes/MacOsVolumeName

- Reboot

 

However after a reboot all I have is a kernel panic complaining about that the filesystem seal is broken

 

Second one:

After modification, I run this command (from recovery):

bless --folder /Volumes/MacOsVolumeName/System/Library/CoreServices --bootefi --create-snapshot

But again same kernel panic about broken seal.

---------------------------

 

Another guide added some more steps for guide 1:
- installing kext after the copy (from recovery):

kmutil install --update-all --volume-root /Volumes/MacOsVolumeName

Again generate and tag a new snapshot:
 

sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs_systemsnapshot -s "Mysnapshot" -v /Volumes/MacOsVolumeName
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs_systemsnapshot -r "Mysnapshot" -v /Volumes/MacOsVolumeName

- Copying updated BootKernelExtensions to the Preboot:

Mount Preboot:

diskutil mount diskZsX

Copy BootKernelExtensions to Preboot:

cp /Volumes/MacOsVolumeName/System/Library/KernelCollections/BootKernelExtensions.kc /Volumes/Preboot/<UUID>/boot/System/Library/KernelCollections
cp /Volumes/MacOsVolumeName/System/Library/KernelCollections/BootKernelExtensions.kc.elides /Volumes/Preboot/<UUID>/boot/System/Library/KernelCollections

- Reboot

 

And again same kernel panic...

 

img_20200711_180710(2).thumb.jpg.77b63e1a497e7d41500f893a01be2195.jpg

 

I'm running out of ideas...it seems I'm missing the last step, like seal again the volume or disable the seal check (I was thinking that SSV is disabled by authenticated-root....).

 

Anyone with ideas?

Edited by ghost82
Link to comment
On 7/11/2020 at 9:40 PM, ghost82 said:

And again same kernel panic...

Further progress on this, now able to mount in read and write, do modifications and boot without kernel panic.

Steps:
1- Enable JumpstartHotPlug in opencore config.plist (needed to boot into recovery)

2- Delete any data in csr-active-config field in open core plist (add section of NVRAM)

<key>csr-active-config</key>
<data></data>

3- Boot into recovery, disable SIP and Authenticated-root (update: 2 reboots into recovery maybe required, csrutil is not disabled if the following 2 commands are given during the same boot, if this is the case reboot into recovery and disable csrutil again)

csrutil disable
csrutil authenticated-root disable

4- Reboot and boot again into recovery, verify SIP and authenticated-root are disabled

csrutil status
csrutil authenticated-root status

5- List disks, unmount Mac OS, identify Mac OS disk and mount it in r/w

diskutil list
diskutil umount /Volumes/MacOsVolumeName
diskutil mount diskXsY (replace X and Y)
mount -uw /Volumes/MacOsVolumeName

6- Tag an empty string snapshot to boot from the live disk

/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs_systemsnapshot -v /Volumes/MacOsVolumeName -r ""

7- List and delete all other snapshots

diskutil apfs listSnapshots diskXsY (replace X and Y)
diskutil apfs deleteSnapshot diskXsY -uuid UUIDHERE (Replace X, Y and UUIDHERE)

8- Reboot to Mac OS and mount / in r/w

sudo mount -uw /

Now instead of failed with 66 you can mount / in r/w and do your modifications and reboot without kernel panic.

 

Now the missing step is how to seal again everything? Because now every time you boot into Mac OS you can mount / in r/w (in other words, once I finished I'd want back the failed with 66!!)

Edited by ghost82
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.