Hacker News new | past | comments | ask | show | jobs | submit login

Hackintosh user here: this has literally no impact on anything.

If you turn off SIP, you can run unsigned kernel extensions without issue, both on a Hackintosh and on a real Mac†.

If you're a Hackintosh user, but for some strange reason you want to leave SIP enabled, you can inject unsigned kernel extensions via the Clover bootloader. (I think you may need to temporarily disable SIP during setup or something like that, I don't fully remember. I just turn SIP off.)

† I actually find this much easier than Windows, which is a royal pain in the neck if you want to install unsigned drivers.




You can have partially enabled SIP. With CSR = 0x01, SIP is fully enabled except kext signing, more secure then disabled SIP.


I mean, if you want SIP, you can leave it fully enabled and load all custom kernel extensions with Clover, as I mentioned.

As I see it, if you're the kind of user who's installing Hackintosh, you're also probably savvy enough to not grant root permission to just any software. I want to have full control over my computer.


Selectively disabling parts of SIP is unsupported, FYI


What do you mean? You can always check: 'csrutil status'. I have all items enabled except kext signing.


Does csrutil status not give you the "This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state." warning?


Warning, not error. And it shows the rest of protections enabled, good enough for me.


I guess if you’re willing to live dangerously it can’t hurt :)


It is hackintosh. All guides tell you to disable SIP, so I live rather cautiously :)


So are Hackintoshs?


Apple shames you for doing that instead of telling you it's unsupported.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: