Skip to main content

Disable Security Features to Dual Boot OS X - El Capitan

So, I've recently been working on updating/rebuilding my latest little friend (an 11" MacBook Air) to dual boot the latest OS X, El Capitan, and Kali. I'll go over everything in full detail as soon as I can finish the setup, but I wanted to get this out there for anyone else that may stumble upon any issues with setting up rEFInd on an updated mac.

To start, while on Yosemite, I downloaded El Capitan from the App Store, and copied the install files to a USB. From there I preformed my upgrade. This might not be a good option for some people, as I'm sure your mac might be your primary computer... For me, that's not a problem. I tend to keep my essentials on USB drives / cloud storage as I tend to need access from different devices (phone, computer, tablet, etc.).

After preforming a clean install of El Capitan, I headed over to the rEFInd website, download the program and ran the install.sh script... Now, that appears to work, like it did with pervious versions of OS X. However, on reboot...no joy... So, I started down the path to see what went wrong. I go though the manual steps (I won't detail them here because the folks at rEFInd do a good job with that), and I find that everything appears to be as it should be.

Now, the final step in the manual install says to issue the "bless" command. When I attempted to issue the "bless" command, the terminal promptly responded with "bless failed"... Super....

A quick Google took me over to a thread on GitHub where this same issue was seen on BootChamp (see below for the reference). In that thread, I find this little nugget of information pulled form Apple's website:
Note: To safeguard against disabling System Integrity Protection by modifying security configuration from another OS, the startup disk can no longer be set programmatically, such as by invoking the bless(8) command.
After reading though everything, I had my plan of attack:

  1. Boot to recovery using the USB install disk that I created prior to the upgrade (like I said, I like to start fresh)
  2. Pull open the terminal while in recovery mode
  3. Enter the following command
csrutil disable


Now, for some pics for those that may get lost at this point:

Terminal in recovery with command ready to go


From here, I restarted the machine, then finalized the install of rEFInd using the "bless" command (again, detailed in the Manual Install instructions from their website). After that finishes successfully, I run another restart and viola! I'm in business:



References:

rEFInd:
http://www.rodsbooks.com/refind/

GitHub BootChamp Reference:
https://github.com/kainjow/BootChamp/issues/19

Apple's System Integrity Protection:
https://developer.apple.com/library/prerelease/mac/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html

Comments

Popular posts from this blog

Using Python for GPG/PGP File Encryption - Part 2

Previously we looked at creating keys, importing public and private keys and the overall setup of gnupg with python. This time around, we're going to take a look at file encryption. Overall the file encryption process is fairly general/easy. But it lacks in the area of scaleablilty, ie to start, you'll only be encrypting one file at a time, which can be done outside of Python with ease. The idea of going over everything in Python, is that you can setup a script to encrypt multiple files in a folder (look for that in Part 3). Assumptions; you have python, and python-gnupg installed, and a public key from someone you want to encrypt and send files to imported to your keystore home (see Part 1 for more information here. Let's get started with Python file encryption. Start off by getting into your python shell, and enter the following: >>> import os >>> import gnupg >>> gpg_home = "/path/to/keyfile/.gnupg" >>> gpg = gnupg....

Getting Samsung Dex Configured to Work with Azure DevOps Repos

Recently, I upgraded my phone to the Samsung Galaxy Note 10+... I'm a big fan of big phones (a perk to being a big guy). I've always been intrigued with the idea of using one device for everything. Well, with the Samsung Dex application that comes built into these next gen phones, it might be possible...?  As a guy that spends a lot of time working on ARM Templates and PowerShell scripts for Azure management, I was curious to see if I could get my phone, using Dex, connected to my Azure DevOps environment and start working with repos.... Well, to my surprise, I was able to, and without much pain. So, in this post, I'll run through how I got my Dex environment setup and working with Azure DevOps Repos. Getting Started With Samsung Dex open, go to the Google Play store and install Termux ( https://play.google.com/store/apps/details?id=com.termux&hl=en_US ) Once that's installed, open it! Next, we need to gift Termux with permissions to a...

Facebook and Two-Factor Auth

So in this post, I'm going to go over a quick setup on how to turn of two-factor auth with Facebook. Facebook does some interesting things once you turn on two-factor auth. If you have the app installed on your device, it will push a login code to that device. You can also set this up with SMS and the DUO Mobile app. We'll go over all three here. For a more high-level document on 2-factor auth, see my post HERE . As I've said before, this is not meant to be an in-depth guide, but more of a how-to for those that wouldn't normally think of turning on additional security settings. With that, let's get started: 1) Fist off, log into your Facebook on a computer and go over to the little down arrow in the upper right corner and select Settings. In the settings area, you'll want to select "Security" on the left. 2) In the Security Settings, you'll need to select the Edit button in the "Login Approvals" section. You'll be presented wi...