Hey:
I've grepped through Apple Documentations and found no hint about how to boot my macOS VM into 1TR to disable SIP and whatnot in a Virtualized macOS with Apple Silicon's Virtualization.framework.
Any hint on how to implement this feature?
Entering 1TR with Virtualization.framework?
What is “1TR” in this context?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Basically, I'm hoping to disable EVERY SINGLE security feature in my Apple Silicon macOS VM, the most important ones are as following:
- Loading unsigned kernel extension
- Ability to read and write (Optionally, create new executable memory region) in kernel space.
- Read-Write to root filesystem
.....
I've tried to boot into recovery using private APIs in Apple Silicon's Virtualization.framework and executed the following:
csrutil disable
bputil -p -k -c -a -s
spctl --master-disable
spctl kext-consent disable
However when I switched back to macOS in the VM:
- Changes done by spctl is not preserved
- Changes done by bpctl is preserved, but KIP status is shown as
Customized (sip0): 7f csrutil statussays disabled but I still can't write to/- Loading unsigned kext results infinite
Must reboot to use new extensionin User-Approved Kernel-Extension Loading