{"id":45068,"date":"2024-09-23T15:09:06","date_gmt":"2024-09-23T19:09:06","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=45068"},"modified":"2024-09-25T15:28:36","modified_gmt":"2024-09-25T19:28:36","slug":"sequoias-spctl-and-csrutil","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2024\/09\/23\/sequoias-spctl-and-csrutil\/","title":{"rendered":"Sequoia&rsquo;s spctl and csrutil"},"content":{"rendered":"<p><a href=\"https:\/\/derflounder.wordpress.com\/2024\/09\/23\/spctl-command-line-tool-no-longer-able-to-manage-gatekeeper-on-macos-sequoia\/\">Rich Trouton<\/a>:<\/p>\n<blockquote cite=\"https:\/\/derflounder.wordpress.com\/2024\/09\/23\/spctl-command-line-tool-no-longer-able-to-manage-gatekeeper-on-macos-sequoia\/\">\n<p>On macOS Sequoia, running the [<code>sudo spctl &#x2013;global-disable<\/code>] command to disable Gatekeeper produces the following output:<\/p>\n<blockquote><p>Globally disabling the assessment system needs to be confirmed in System Settings.<\/p><\/blockquote>\n<\/blockquote>\n<p>This seems to be an intentional change&mdash;security through preventing automation.<\/p>\n\n<p><a href=\"https:\/\/lapcatsoftware.com\/articles\/2024\/8\/9.html\">Jeff Johnson<\/a> (<a href=\"https:\/\/mastodon.social\/@lapcatsoftware\/113171573818199877\">Mastodon<\/a>):<\/p>\n<blockquote cite=\"https:\/\/lapcatsoftware.com\/articles\/2024\/8\/9.html\">\n<p>Today I learned that I can no longer change the startup security policy or disable System Integrity Protection (SIP) on any of the boot volumes.<\/p>\n<p>[&#8230;]<\/p>\n<p>When I open Terminal app in the recovery volume and enter <code>csrutil disable<\/code> to disable SIP, I get the following error:<\/p>\n<blockquote><code>csrutil: Failed to update security configuration for \"Sequoia\": Failed to create paired recovery local policy<\/code><\/blockquote>\n<\/blockquote>\n<p>I&rsquo;m not sure what&rsquo;s happening here. It seems like installing Sequoia changed something in his Mac&rsquo;s firmware so that <code>csrutil<\/code> no longer works with previous macOS versions, either.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2024\/09\/16\/macos-15-sequoia\/\">macOS 15 Sequoia<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2024\/07\/05\/sequoia-removes-gatekeeper-contextual-menu-override\/\">Sequoia Removes Gatekeeper Contextual Menu Override<\/a><\/li>\n<\/ul>\n\n<p id=\"sequoias-spctl-and-csrutil-update-2024-09-25\">Update (2024-09-25): <a href=\"https:\/\/derflounder.wordpress.com\/2024\/09\/24\/managing-gatekeeper-with-configuration-profiles-on-macos-sequoia\/\">Rich Trouton<\/a>:<\/p>\n<blockquote cite=\"https:\/\/derflounder.wordpress.com\/2024\/09\/24\/managing-gatekeeper-with-configuration-profiles-on-macos-sequoia\/\">\n<p>Now that the spctl tool can no longer separately manage Gatekeeper, management profiles are the best way to manage Gatekeeper on macOS Sequoia. For more details, please see below the jump.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Rich Trouton: On macOS Sequoia, running the [sudo spctl &#x2013;global-disable] command to disable Gatekeeper produces the following output: Globally disabling the assessment system needs to be confirmed in System Settings. This seems to be an intentional change&mdash;security through preventing automation. Jeff Johnson (Mastodon): Today I learned that I can no longer change the startup security [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2024-09-23T19:09:09Z","apple_news_api_id":"879a24ff-3e83-488f-88ac-c00f63b12f36","apple_news_api_modified_at":"2024-09-25T19:28:39Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAA==","apple_news_api_share_url":"https:\/\/apple.news\/Ah5ok_z6DSI-IrMAPY7EvNg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1850,465,30,2598,1746,48,2019,1235],"class_list":["post-45068","post","type-post","status-publish","format-standard","hentry","category-technology","tag-apple-configurator","tag-gatekeeper","tag-mac","tag-macos-15-sequoia","tag-mobile-device-management-mdm","tag-security","tag-startup-security-utility","tag-system-integrity-protection"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/45068","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=45068"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/45068\/revisions"}],"predecessor-version":[{"id":45100,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/45068\/revisions\/45100"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=45068"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=45068"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=45068"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}