Kryptonite: TB1/2 Mac eGPU Support with FileVault, SIP, and ART Enabled
@netcho, As the instructions say, if you were using purge-wrangler, you must uninstall it and check that you can boot with SIP enabled before moving forward. It's mentioned in Step #2: https://github.com/mayankk2308/kryptonite
I also recommend reinstalling macOS if you're on macOS 11 and used purge-wrangler in that same step.
Additionally, by resetting NVRAM, you basically ensured that SIP and ART would switch to enabled, and thus boot failed. You could have fixed the issue by simply disabling SIP/ART. Also, not having a local recovery partition accessible already indicates separate issues with your setup.
I presume now you're back with purge-wrangler and in the same state as before - no security settings and a broken APFS volume seal (no ART and FileVault). You can try Kryptonite after uninstalling purge-wrangler and not enabling any security settings just to see if it works (@itsage already tested the 2015 15" MBP anyway) but it defeats the purpose. If you want full security, reinstall macOS and try with Kryptonite again (and I'd advise to sort out your other issues).
@mac_editor, Thanks as always for your advices. As far as I understand your suggestion I should uninstall Purge Wrangler, and if I want full security, I shall reinstall from recovery macos on top of mine and then do the Kryptonite? Was my string correctly plugged into the config file?
The recovery issue is very well known but there is no fix but to delete the drive and reinstall which I am not ready to do as I can live with USB Recovery for now.
Was my string correctly plugged into the config file?
Yes that looked correct to me. Even if invalid, it wouldn't prevent boot.
As far as I understand your suggestion I should uninstall Purge Wrangler, and if I want full security, I shall reinstall from recovery macos on top of mine and then do the Kryptonite ?
Yes. Reinstall before kryptonite = if you want full security. If you just want to try, just don't enable any security.
@mac_editor, I can now confirm all is functional. Many thanks for the advices. For future idiots like me one advice - follow the steps and do not skip!
- I did test Kryptonite without SIP enabled and all worked well.
- Then I rebooted and booted of -> Kryptonite -> Recovery 11.4 (which to my amusement worked. This is the build it recovery that I never got it working since 11.0.1 official first release.)
- Reinstalled the OS on top of what I have. It took double the time which I think is because it still went and got the installer from Apple server. Normally it takes about 35 min to install from my external USB recovery this time it took double. After installation first rebooted, it took a little manual labor to point the computer to continue from the install partition by holding Option key after each restart until there was no Install Partition.)
- After all that in point #3 when back to -> Kryptonite -> Recovery 11.4 and enabled SIP. Rebooted and all worked well.
All works well with FileVault, SIP and loading.
Disconnecting eGPU still gives headache so it is much better to close all the apps you had on that screen and unplug the cable or power off the eGPU.
Installation one first rebooted took a little manual labor to point the computer to continue from the install partition by holding Option key after each restart until there was no Install Partition.)
Not sure I understand. This shouldn't be required even if you set Kryptonite as your default boot disk.
@mac_editor, Sorry my brain was all over the place I guess. I have corrected the logic issues... You can freely delete your and this post. About manually pointing the install to complete - I have no clue but when Recovery rebooted to complete the installation, it went straight to log in so I thought this was unusual. Then I rebooted again and held Option and saw Install Partition there so I manually pointed it to it and it took 2 more manual actions like this to complete the install. Otherwise it went straight to login without completing the install.
I have noticed an issue with reconnecting to eGPU. Here is the scenario: 1. I will start the computer with Kryptonite and everything works fine. 2. I will shut down the eGPU which will produce the regular error notification from the OS. 3. When I decide to use it back again and power on eGPU, macOS brings the icon for eGPU but says no removable eGPU found. 4. Rebooting is the only option, while before with Purge Wrangler it work perfect reconnecting. Any ideas?
Update: I forgot it gave a panic when testing the "disconnect eGPU" and I never got back to Kryptonite.
2. I will shut down the eGPU which will produce the regular error notification from the OS.
3. When I decide to use it back again and power on eGPU, macOS brings the icon for eGPU but says no removable eGPU found.
Shut down eGPU?? You mean you power off your eGPU while it's plugged in? Or are you talking about shutting down macOS with the eGPU plugged in.
I don't exactly understand your issue, but if you mean this:
- After shutting down macOS that was booted via Kryptonite, kernel panic message/error showed up on next boot. This is unrelated to eGPU - it can happen just because macOS was booted via Kryptonite.
- During this boot eGPU did not work.
I expect this to be fixed in v1.0.0 of Kryptonite.
@mac_editor, Indeed, shutting down the eGPU to move only to my laptop is the only option when needed. So I have a laptop and use both laptop screen and a monitor. When I do not need the monitor if I use disconnect eGPU command from the macOS menu this will freeze the laptop and I have to force shut down. So the only option I have and have been using also with Purge Wrangler was to just turn off eGPU and all is good.
@netcho, if the software eject causes your system to crash - that's a macOS issue (and your setup already seems to have myriad issues to begin with).
So just unplug the TB cable for the eGPU (even with purge-wrangler) from the Mac without using the software disconnect? I don't understand all the "shut down eGPU" stuff. Anyway, I'll see if I can reproduce on my Mac when I have time, but besides the issue I mentioned above with the kernel panics and sleep/hibernation, I haven't seen much else. Both should be addressed in v1.0.0 (and before you ask, no I can't provide an estimated release date). Whether that will fix the issues for you, I don't know.