Enable SIP without reboot?
Solution 1:
Generally, you can use sudo csrutil clear, follow by a reboot, to enable SIP. So the command enables SIP without a reboot, however this does not go into effect until the next reboot. This get it down to 3 reboots to enable/disable SIP.
You can get it down to two reboot by using rEFInd.
If you want to disable SIP with a single reboot, then install rEFInd. If you specify the --usedefault option when installing rEFInd, then rEFInd will be installed to the /EFI/BOOT folder in the EFI volume. This will allow rEFInd to appear in the Startup Manager. A boot to rEFInd is almost instantaneous, as opposed to macOS Recovery which is not. Once rEFInd is properly installed, changing the status of SIP can be done by the following steps.
- Reboot and hold down the option key to boot to the Startup Manager.
- Select to boot to rEFInd.
- From the rEFInd menu, select to enable or disable SIP.
- From the rEFInd menu, select to boot to macOS.
If you have Windows or another Linux installed which uses the /EFI/BOOT folder in the EFI partition, then you will need to create another small partition for rEFInd to boot from. This can be another EFI partition, a FAT32 formatted or ExFAT formatted partition. You can even put rEFInd on a flash drive, if you do not rEFInd installed on your internal drive.
I also should note that rEFInd now includes gdisk, which is a command that is easier to use than the gpt command included with macOS. So, if you need SIP temporarily disabled to edit the partitioning on disk0, you can do this in only 1 boot.