How to disable SIP when Big Sur is installed in a VMware Fusion Player virtual machine

firmware efi big-sur virtualization vmware

I have Big Sur installed in a VMware Fusion Player virtual machine. I desire to disable SIP. With an actual physical Mac, the usual method would involve first booting to internal macOS Recovery, then entering the command given below in a Terminal window.

csrutil disable

However, booting to internal macOS Recovery does not seem possible. The holding down the +R key combination at startup does not work. The Mac Startup Manager does not appear to exist. I can restart to firmware, but the Recovery volume does not have a boot.efi which can be chosen to boot from.

I realize the SIP setting is stored in the 4 byte NVRAM variable given below.

7C436110-AB2A-4BBB-A880-FE41995C9F82:csr-active-config

The firmware does allow booting to a built‑in EFI 1.0 shell. However, this shell does not appear to have any commands which can modify this variable. In fact, the variable does not even currently exist in the virtual machine NVRAM. I tried entering the command below in a macOS Terminal window.

 sudo nvram csr-active-config=%7f%00%00%00

The result was the error message given below.

nvram: Error setting variable - 'csr-active-config': (iokit/common) not permitted

What procedures can be used used to disable SIP?

I am using the current free version of VMware Fusion Player (Version 12.1.0).

Host Stats Guest Stats
iMac (21.5-inch, Late 2013) Mac
macOS Catalina version 10.15.7 macOS Big Sur version 11.6.1
Memory: 16 GB Memory: 4 GB
Quad-Core Intel Core i5 2 processor cores
2.9 GHz 2.76 GHz
USB 3 (5 Gb/s) Samsung T7 SSD SATA HDD

Below are a links to sites with procedures that either I could not get to work or only work with previous versions of macOS.

Can I initiate a MacOS restart to Recovery mode solely from the command line?
how to disable SIP (system integrity protection) in vmware fusion 12 for macOS big sur?


Follow the steps below to disable System Integrity Protection (SIP).

  1. Start by booting to macOS Big Sur and opening a Terminal application window. Next, enter the command given below. This will create a NVRAM variable with the desired value, but misspelled variable name. This misspelling will be corrected in a later step.

    sudo nvram Asr-active-config=%7f%00%00%00

  2. Shutdown macOS. In the Setting window for the virtual machine, select Startup Disk. Hold down the option key and select the Restart to Firmware… button, as shown below.

    Select the EFI Internal Shell, as shown below.

    If desired, enter the command below to get full use of the window.

    mode 128 40

  3. Set the current filesystem to the EFI volume. This should be the mapped fs0 filesystem, so you would enter the following

    fs0:

    Next, verify the label is EFI by entering the command below.

    vol

    If wrong, then try fs1:, fs2:, fs3:, ....

  4. Enter the command below to save the Asr-active-config variable to the file csr.bin.

    dmpstore Asr-active-config -s csr.bin

    Note: For more information on this command enter help -b dmpstore.

    Next, enter the command below to edit the csr.bin file. You will need to correct the spelling by replacing the letter A with the letter c. The can be done by typing a 63 over the 41 on the first line.

    hexedit csr.bin

    The corrected file will appear as shown below. When finished save the changes and exit.

    Note: The value of the variable is stored in the last 4 bytes of this file.

    Enter the command below to create the csr-active-config variable in NVRAM.

    dmpstore -l csr.bin

    SIP will now be disabled on the next boot of Big Sur. If desired, enter the command below to remove the Asr-active-config variable from NVRAM.

    dmpstore -d Asr-active-config

  5. Enter the command below to leave the command shell.

    exit

    From the Boot Manager, select Mac OS X to boot Big Sur.

Format of the csr.bin File

Offset in Hex Size in Decimal Description
00-03 4 Length of variable name
04-27 36 Variable name stored as null terminated UTF-16LE string
28-37 16 GUID of the variable
38-3B 4 Attributes stored as 4 byte integer (See below)
3C-3F 4 Length of the data
40-43 4 The 4 byte integer that comprises the data
Attribute Value Description
NV 1 Non-volatile
BS 2 Boot service Access
RT 4 Runtime Access
HR 8 Hardware Error Record

While this answer does provide a method for disabling SIP, I consider the method to be overly complicated, if sole purpose is to disable SIP. Also, the time need to boot is longer than booting to an EFI or UEFI shell. However, if there are other tasks that also need to be performed from a macOS Recovery environment, then this method may be preferred over simpler methods.

On a actual Mac, SIP can be disabled by entering the command csrutil disable in a Terminal window while booted from a USB flash drive macOS installer. Apple has a website providing the instructions for creating this USB flash drive macOS installer. VMware Fusion Player does not offer virtual USB drives. However, a virtual second internal drive can be substituted. The steps needed to create this virtual drive are given below.

Note: For the better view of the images, either click on the image or open the image in a new window.

  1. Aquire the installer application: If the Install macOS Big Sur application does not already exist in the Applications folder on the host, then download the application or transfer a copy from another Mac. This answer assumes the macOS version is 11.6.1.

  2. Create the installer disk image: On the host, open the Disk Utility. From the Disk Utility menu bar, select File>New Image>Blank Image…. In the popup choose the following, the select the Save button.

    After the disk image creation operation completes successfully, select the Done button. Next, open a Terminal application window on the host and enter the command below.

    sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/MyVolume

    When finished creating the Install macOS Big Sur volume, use the Disk Utility to eject all disk images. Quit the Disk Utility and Terminal applications.

  3. Set up sharing: With the client shutdown, open the Sharing pane of the Settings for the client. Check off the box labeled Enable Shared Folders and add your Desktop folder, as shown below.

  4. Create new internal HDD: With the client still shutdown, add a new hard disk. Use the settings shown below.

  5. Separate the new HDD from the client: This is an optional step which is useful if you what to share the new HDD with other virtual machines.

    Note: This sharing assumes only one client at a time with be using this drive. Otherwise, this drive should be mounted read-only. (This may be possible by editing the /etc/fstab file.

    First, remove the new HDD from the client. When the pop below appears, select the Keep File button.

    Use the Finder application to move the Virtual Disk 2.vmdk file from the client folder to the parent folder named Virtual Machines. Next, rename the file to BigSur11.6.1Installer.vmdk. Finally, add this new HDD to the client as an existing HDD. When selecting the file, be sure the Share this virtual disk with the virtual machine that created it button is selected, as shown below.

  6. Initialize the new HDD: Start up the client virtual machine. When the popup below appears, select the Initialize… button. The Disk Utility application should open.

    Highlight the new uninitialized VMware Virtual SATA Hard Drive Media and then select the Erase button. Make the selections shown below, then select the Erase button.

    Quit the Disk Utility.

  7. Install VMware Tools: If VMware Tools is already installed, then skip to the next step. From the VMware Fusion menu bar, select Virtual Machine>Install VMware Tools. Proceed to install. If either of the two windows below requests a Restart, do not do so.

    The system software from developer "VMware, Inc." will be blocked from loading. You should select the Allow button from the Security & Privacy pane of System Preferences, when this happens. Afterwards, when the window shown below requests a Restart, then you should do so.

  8. Restore to the new drive: From the client, open your Desktop folder stored on the host, then open the BigSur11.6.1Installer.dmg file. On the client, open the Disk Utility application and highlight the MyVolume volume. From the top of the Disk Utility window, select Restore. In the popup, select to restore from Install macOS Big Sur, then select the Restore button.

    Note: On my Mac, the restore took about 8 minutes.

    When finished, select the Done button. From the Disk Utility, eject the Disk image with the Install macOS Big Sur volume, then quit the Disk Utility. Close any open Finder windows.

  9. Cleanup: From the host, move the BigSur11.6.1Installer.dmg file from your Desktop folder to the Trash. If desired, restore Shared Folders to its original state.

To boot from new macOS installer drive, take the following steps.

  1. Shutdown the client.
  2. From the host, open the Startup Disk pane of the Settings for the client.
  3. Highlight the HDD icon labeled Hard Disk 2 (SATA).
  4. Select the Restart… button.

Alternative Way to Boot in Recovery Mode with Big Sur

Just to share my tryout after reading first post of David Anderson who helped me to find this.

The environment it's little different from VMW Fusion, actually it is this:
Guest OS: Big Sur 11.6
Host OS: Big Sur 11.6 on MBA 2020 (Intel)
Hypervisor: Virtual Box 6.1.28

I have tried every way to boot in Recovery Mode, either using nvram, or through EFI Internal Shell, all with no success (within my environment).

  • sudo nvram "recovery-boot-mode=unused" ==> With this old (Catalina) var, I even get “Error setting variable” in Big Sur.
  • sudo nvram internet-recovery-mode=RecoveryModeDisk ==> when rebooting GuestOS, seems variable to be ignored as MBA don't actually boot in Recovery Mode.
  • dmpstore -l csr.bin ==> returns “No matching variable found.”

And also booting in EFI Internal Shell and looking for CoreServices/boot.efi, I searched through all FSN: mapping table entries (all vols/partitions of local internal Disk of MBA), with no success. It seems System/Library/CoreServices is hidden or encrypted (SSV?)

Then, as suggested by t0rr3sp3dr0 here in GitHub, tried to look for CoreServices boot.efi, this way and I did as follow:

  • In VirtualBox under VM Settings —> Storage, mount Big Sur Installation image. And check “Live CD/DVD” option.
  • Start VM and press ESC key
  • Choose Boot Manager —> EFI Internal Shell
  • Look for Recovery Partition, in my environment under FS7, type:
    FS7:
    vol
    to check for HFS+.
  • Type:
    cd System/Library/CoreServices
    boot.efi
    ENTER

enter image description here

Finally, my GuestOS (BigSur 11.6) boots in Recovery Mode!
Hope might help.

Related

Keyboard shortcut to switch screens on split view
Paste files to multiple destinations
Mojave quicklook stuck at loading
Script for setting Safari window position
Older relative knows but cannot type her iCloud password correctly
Found a 52.1GB file related to google in mac 'private' folder. can I delete this?
iMac (Retina 5K, 27-inch 2020) RAM Upgrade
ImportError: No module named pip
Scale Image to fill ImageView width and keep aspect ratio
How to add 'libs' folder in Android Studio?
Change cursor to hand when mouse goes over a row in table
Ripple effect on Android Lollipop CardView