Sequoia’s spctl and csrutil
On macOS Sequoia, running the [
sudo spctl –global-disable] command to disable Gatekeeper produces the following output:Globally disabling the assessment system needs to be confirmed in System Settings.
This seems to be an intentional change—security through preventing automation.
Today I learned that I can no longer change the startup security policy or disable System Integrity Protection (SIP) on any of the boot volumes.
[…]
When I open Terminal app in the recovery volume and enter
csrutil disableto disable SIP, I get the following error:csrutil: Failed to update security configuration for "Sequoia": Failed to create paired recovery local policy
I’m not sure what’s happening here. It seems like installing Sequoia changed something in his Mac’s firmware so that csrutil no longer works with previous macOS versions, either.
Previously:
5 Comments RSS · Twitter · Mastodon
Issues like this drive me insane. Recently I wasted hours pulling my hair out because I couldn't get macOS to install or update on my external drive, only to discover that there's one USB-C port on every mac where if you try to boot an external drive off of it, it'll boot, but all sorts of things will silently fail, or fail loudly with totally inscrutable error messages that say nothing as to what the actual problem is. It so happened I was plugged into that port.
This is kind of crap that didn't happen on intel macs, or PPC macs for that matter. It used to not matter what port you plugged things into. It also used to be that macs weren't so overburdened with pointless half-baked half-broken security that you could expect things like csrutil to work as expected, without there having to be an elaborate puzzle of data and features aligned *exactly right* in order for them to function, and if anything is slightly off, it all flies apart at the seams. It distresses me to no end that this is becoming the typical experience of using a mac.
I can't help but perceive this to be a deliberate tactic to slowly turn macOS into something like iOS where Apple's goal is to be ultimately in control regarding what App you are allowed to launch, and what telemetry they want on this process. With the long list of things that Apple is doing to the platform that I find totally off putting, I am slowly asking myself when it is enough. If this does not get fixed, maybe this is it.
Thomas, like the story with the frog, they are boiling you so slowly, that you’ll just accept it as easier than changing platforms.
I really like my m-series Macs but I have to confess that I have concerns over the direction of some things with the new hardware.
Examples: complexity of the hard drive layout, a true clean install of MacOS requires a second Mac, and "erase and reset" require an online authorization from Apple. I also feel that backups are now more critical than ever because there is no way to remove the hard drive and recover data from it.
I've already decided that my next main computer is going to run Linux. I'm not at all happy with that decision, because even Linux now in 2024 can't compete with the ease, good design and capabilities that OS X had in, say 2012 or so. But I simply can't abide having a computer where I'm not the one in control.
The trouble will be that my professional work involves doing lots of macOS and Windows development, so I'm going to need some way of working in all three. And virtualization is no longer an option! It's a puzzle I've yet to solve.
