Setup & Software Discussions
[SCRIPT] PurgeWrangler: AMD + NVIDIA eGPUs for all Thunderbolt Macs
 

[SCRIPT] PurgeWrangler: AMD + NVIDIA eGPUs for all Thunderbolt Macs  

 of  39
  RSS

nsgr
 nsgr
(@nsgr)
Active Member
Joined: 1 week ago
 

mac_editor

Can you take a SIP test?

High Sierra 10.13.2 does not have Active Monitor -> Window -> GPU History.
I can't do a more elaborate test until I install a High Sierra update.

- Macbook Pro 15" Early 2011 with failed AMD GPU - Intel HD 3000 and AMD Radeon HD 6750M
- AKiTiO Thunder 2 Box
- ZOTAC GeForce GTX 1050 Mini - 2GB - Nvidia Pascal
- Thunderbolt 1
- High Sierra 10.13.2 (17C88)

Only used: purge-wrangler.sh (Version: 6.0.0)

 

Maybe, I said maybe, the problem of SIP enable with eGPU Nvidia is:
Kext Signing is natural to disable (change original kext).
The File System can be tested on rootless.conf. It would not be necessary to completely disable SIP.

Kext Signing: disable

Filesystem Protections: enable


SIP File System config file: 

/System/Library/Sandbox/rootless.conf

Test: OpenGL Extensions Viewer.app show Nvidia eGPU.
Macbook Pro 2011 with Smart TV Samsung -> mirror SAMSUNG -> About this Mac -> Graphics: NVIDIA GeForce GTX 1050 2 GB

Disable SIP partially:

1 - Boot Recovery Mode.

2 - Menu Utilities -> Terminal

csrutil enable --without kext --without fs

reboot now

3 - Boot normal:

csrutil status
System Integrity Protection status: enabled (Custom Configuration).
Configuration:
Apple Internal: disabled
Kext Signing: disabled
Filesystem Protections: disable
Debugging Restrictions: enabled
DTrace Restrictions: enabled
NVRAM Protections: enabled
BaseSystem Verification: enabled

show restricted (SIP FileSystem Enable) and hidden files, directories (ls -O -> Capital O letter)

ls -laO /
total 61
drwxr-xr-x  27 root  wheel  sunlnk              864 Aug 13 17:23 .
drwxr-xr-x  27 root  wheel  sunlnk              864 Aug 13 17:23 ..
-rw-rw-r--   1 root  admin  -                 18436 Aug 14 21:19 .DS_Store
d--x--x--x   9 root  wheel  -                   288 Aug 14 21:19 .DocumentRevisions-V100
drwx------   5 root  wheel  -                   160 Aug 13 14:35 .Spotlight-V100
----------   1 root  admin  -                     0 Oct  2  2017 .file
drwx------  70 root  wheel  -                  2240 Aug 14 21:15 .fseventsd
drwxr-xr-x   2 root  wheel  hidden               64 Oct  2  2017 .vol
drwxrwxr-x+ 42 root  admin  sunlnk             1344 Aug 14 20:51 Applications
drwxr-xr-x   3 root  wheel  -                    96 Aug 13 14:24 DisableExtensions
drwxr-xr-x+ 63 root  wheel  sunlnk             2016 Aug 13 18:48 Library
drwxr-xr-x   2 root  wheel  hidden               64 Oct  2  2017 Network
[email protected]  4 root  wheel  restricted          128 Dec  1  2017 System
drwxr-xr-x   6 root  admin  -                   192 Aug 13 14:43 Users
drwxr-xr-x+  3 root  wheel  hidden               96 Aug 14 21:23 Volumes
[email protected] 38 root  wheel  restricted,hidden  1216 Dec  1  2017 bin
drwxrwxr-t   2 root  admin  hidden               64 Oct  2  2017 cores
dr-xr-xr-x   3 root  wheel  hidden             4333 Aug 14 21:19 dev
[email protected]  1 root  wheel  restricted,hidden    11 Aug 13 14:07 etc -> private/etc
dr-xr-xr-x   2 root  wheel  hidden                1 Aug 14 21:29 home
-rw-r--r--   1 root  wheel  hidden              313 Oct  5  2017 installer.failurerequests
dr-xr-xr-x   2 root  wheel  hidden                1 Aug 14 21:29 net
drwxr-xr-x   6 root  wheel  sunlnk,hidden       192 Aug 13 14:08 private
[email protected] 63 root  wheel  restricted,hidden  2016 Aug 13 14:07 sbin
[email protected]  1 root  wheel  restricted,hidden    11 Aug 13 14:07 tmp -> private/tmp
[email protected]  9 root  wheel  restricted,hidden   288 Dec  1  2017 usr
[email protected]  1 root  wheel  restricted,hidden    11 Aug 13 14:07 var -> private/var


1 - RadmindTfix4SIP

https://github.com/execriez/RadmindTfix4SIP

2 - File System Protections
https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/FileSystemProtections/FileSystemProtections.html#//apple_ref/doc/uid/TP40016462-CH2-SW1

3 - Sierra’s System Integrity Protection (SIP): beyond root
https://eclecticlight.co/2017/04/28/sierras-system-integrity-protection-sip-beyond-root/

4 - Why does my `rootless.conf` not always affect SIP’s choice of which files get the `restricted` flag treatment?
https://apple.stackexchange.com/questions/269813/why-does-my-rootless-conf-not-always-affect-sip-s-choice-of-which-files-get-th

5 - How to Manage System Integrity Protection (aka rootless) on Mac OS Sierra
https://www.shoutpedia.com/enable-disable-system-integrity-protection-rootless-mac-os/

Photo: High Sierra 10.13.6 - Now I have High Sierra 10.13.2.

OpenGL Extensions Viewer 5.2.3
This post was modified 6 days ago

- Macbook Pro 15" Early 2011 with failed AMD GPU - Intel HD 3000 and AMD Radeon HD 6750M
- AKiTiO Thunder 2 Box
- ZOTAC GeForce GTX 1050 Mini - 2GB - Nvidia Pascal
- Thunderbolt 1


ReplyQuote
mac_editor
(@mac_editor)
Noble Member Moderator
Joined: 2 years ago
 

@nsgr

I am aware that SIP without filesystem and kext protections is sufficient to run patches. However, given how significant these protections are (arguably the largest compromise vectors), and to avoid any complications in the future (I do modify NVRAM in another script, for example), it was easier (for the general user) to recommend completely disabling SIP. You may find this user’s experience interesting: https://github.com/mayankk2308/purge-wrangler/issues/23

Post-patches, it may be possible to keep SIP enabled and rebuild kext cache every boot in the worst case. Do try.

I’ll read through your links once I have some time, thank you. Also, thank you for testing v6.0.0 of the script. While it is not ready for public release, it’s close, so would appreciate it if you find any oddities while using it (including odd/bad console output and the like) and report it in the issues section of the repository. 

This post was modified 6 days ago

purge-wrangler.shpurge-nvda.shset-eGPU.shautomate-eGPU EFI Installer
2018 MacBook Pro 15" RP560X + Vega 64 [Sonnet Breakaway 350 -> 600W]


ReplyQuote
nsgr
 nsgr
(@nsgr)
Active Member
Joined: 1 week ago
 

mac_editor

I read the link you indicated but the user karek314 did not say which version of macOS was installed.

New procedure:

0 - SIP enable and Akitio Thunder 2 Box and Nvidia eGPU GTX 1050 mini always connected to power force and connected to Macbook Pro 2011 (mini Display Port).

1 - I did a fresh / clean install of High Sierra 10.13.6 and then updated SecUpdate 2019-004_july-29-2019 -> High Sierra 10.13.6 (17G8030).

2 - Install Nvidia web driver 387.10.10.10.40.130 -> restart Macbook Pro 2011.

3 - Install CUDA driver 418.163 -> restart Macbook Pro 2011.

4 - Change Info.plist files -> Page 38 - 38 -August 12, 2019 11:13 pm

5 - Rebuild Prelinkedkernel file

sudo kextcache -v 1 -i /
sudo reboot

6 - purge-wrangler.sh (Version: 6.0.0) -> Setup eGPU -> Will you be using an external monitor?  -> NO

7 - Restart Macbook Pro 2011.

8 - Open GL Extension Viewer -> Nvidia GeForce GTX 1050 0 -> Tests
Active Monitor -> Window -> GPU History -> NVIDIA GeForce GTX 1050 -> show blue activity
Samsung Smart TV connected HDMI -> Nvidia GTX 1050
Displays icon menu bar -> Mirror Built-in Display

9 - Restart Macbook Pro.

10 - Enable SIP

csrutil --without kext
reboot

11 - Boot normal -> log in user with Standard permissions -> step 8 -> OK

csrutil status
System Integrity Protection status: enabled (Custom Configuration).
Configuration:
Apple Internal: disabled
Kext Signing: disabled
Filesystem Protections: enabled
Debugging Restrictions: enabled
DTrace Restrictions: enabled
NVRAM Protections: enabled
BaseSystem Verification: enabled

  
System Information -> PCI ->NVIDIA GeForce GTX 1050 -> Tunnel Compatible: No -> GeForceWeb.kext -> no IOPCITunnelCompatible inside Info.plist .

Add:

<key>IOPCITunnelCompatible</key>
<true/>

sudo kextcache -v 1 -i /
sudo reboot

System Information -> PCI ->NVIDIA GeForce GTX 1050 -> Tunnel Compatible: Yes

HS 10.13.6 17G8030 MacbookPro15 2011 Nvidia GTX1050 Mini
This post was modified 3 days ago

- Macbook Pro 15" Early 2011 with failed AMD GPU - Intel HD 3000 and AMD Radeon HD 6750M
- AKiTiO Thunder 2 Box
- ZOTAC GeForce GTX 1050 Mini - 2GB - Nvidia Pascal
- Thunderbolt 1


ReplyQuote
mac_editor
(@mac_editor)
Noble Member Moderator
Joined: 2 years ago
 
Posted by: @nsgr

I read the link you indicated but the user karek314 did not say which version of macOS was installed.

@nsgr they were using macOS 10.14.4.

purge-wrangler.shpurge-nvda.shset-eGPU.shautomate-eGPU EFI Installer
2018 MacBook Pro 15" RP560X + Vega 64 [Sonnet Breakaway 350 -> 600W]


ReplyQuote
nsgr
 nsgr
(@nsgr)
Active Member
Joined: 1 week ago
 

@mac_editor

It was right in front of me.

"System Configuration OS: 10.14.4"

- Macbook Pro 15" Early 2011 with failed AMD GPU - Intel HD 3000 and AMD Radeon HD 6750M
- AKiTiO Thunder 2 Box
- ZOTAC GeForce GTX 1050 Mini - 2GB - Nvidia Pascal
- Thunderbolt 1


ReplyQuote
 of  39