Notifications
Clear all

Catalina: Is disabling SIP permanent, or just temporary while installing/upgrading?

 wpns
(@wpns)
New Member Customer

I've got the installation instructions for the drivers for Catalina, which involve disabling SIP.

Can I:

Disable SIP
Install (or upgrade) drivers
Enable SIP

Or do I have to leave SIP off forever?

Thanks!

Quote
Topic starter Posted : 19/12/2019 7:33 am
(@softraid-support)
Member Admin

Once you upgrade to Catalina 10.15.1 or later and have SoftRAID 5.8.1, there is no longer a need to disable SIP.

If you have a Mac with the T2 security chip, you need to disable Secure boot.

ReplyQuote
Posted : 19/12/2019 1:19 pm
 wpns
(@wpns)
New Member Customer

/*
If you have a Mac with the T2 security chip, you need to disable Secure boot.
*/

Is this always going to be a requirement, or will SoftRaid and Apple eventually find a way to load the appropriate drivers without disabling Secure Boot?

The downsides to disabling secure boot sound potentially scary...

Thanks!

ReplyQuote
Topic starter Posted : 19/12/2019 3:41 pm
(@softraid-support)
Member Admin

We are hoping for a solution with Apple. They gave us no notice, as the change was made after the final Catalina beta.

We found one way to resolve this but it is not optimal and are looking for a better solution.

ReplyQuote
Posted : 19/12/2019 4:04 pm
(@hikingwithcamera)
Active Member Customer

I found the information below on your website. Is that accurate? Can I re-enable Secure Boot after installing SoftRaid and/or updating it?

"Catalina prevents the SoftRAID driver from being installed or updated when Secure Boot, (System Startup Security) is enabled.
Click for instructions on how to disable Secure Boot to update/install the 5.8.1 SoftRAID driver."

from https://srforums.wpengine.com/pages/support/compatibility_notes.html#OS10.15_Catalina

ReplyQuote
Posted : 20/12/2019 4:04 pm
(@softraid-support)
Member Admin

Unfortunately, this is accurate and you need to leave Secure Boot disabled, until we can work out a solution with Apple.

Management is locking down the OS and this is hitting us. We have one option that we may resort to, but we do not like it yet.

ReplyQuote
Posted : 20/12/2019 9:42 pm
(@hikingwithcamera)
Active Member Customer

Unfortunately, this is accurate and you need to leave Secure Boot disabled, until we can work out a solution with Apple.

Management is locking down the OS and this is hitting us. We have one option that we may resort to, but we do not like it yet.

You just said "this is accurate" and "you need to leave Secure Boot disabled." Your website, as quoted above, says that Secure Boot needs to be disabled for installing and updating.

You're saying Secure Boot also needs to be disabled when I'm not installing or updating SoftRAID?

I totally get that Apple dropped a last minute change that is causing you guys to scramble. Totally appreciative of the situation you're in. I'm just confused by the contradicting information I keep finding on this topic. (I also get that this has been a somewhat moving target, so not trying to be critical, just trying to get an accurate picture of current state.)

ReplyQuote
Posted : 22/12/2019 11:35 pm
(@softraid-support)
Member Admin

Bottom line: Secure Boot must stay disabled.

What is happening is we license a limited version of SoftRAID (currently 5.6.8) with Mac OS. Apple added a new "feature" in Catalina that both SIP and Secure Boot force the "base extension" set to load. Since the 5.6.8 driver is in that set, it over-rides the updated driver version that should load. 10.15.1 fixed the SIP issue. the Secure boot problem has not been fixed and we are not sure if it will ever be fixed. it is something we are still working to find a solution with Apple.

Apple's management perspective is they are determined to eliminate root hacks, driver hacks/ viruses, etc., and this is one part of many changes in Catalina, including write protecting the system. The positive is Apple is pro-actively reducing the risks of intrusions and security holes. The downside for us is, even though we have a 20+ year history of the SoftRAID driver being safe and security conscious, and that the driver has been bundling with Mac OS since 10.3, we cannot get an "exemption" to this new behavior. Secure Boot will always override the installed extension and load the bundled version at startup. So it must be disabled.

I am not sure what the ultimate result will be, but we will find one eventually.

Hope this clears any ambiguity!

ReplyQuote
Posted : 23/12/2019 12:02 am
(@hikingwithcamera)
Active Member Customer

Bottom line: Secure Boot must stay disabled.

...

Hope this clears any ambiguity!

Yes it does, thank you. And I totally get it. I simultaneously appreciate what Apple is trying to do and how negatively their sudden decisions can impact companies that have sometimes been around for years offering valuable products to users. I really hope Apple is responsive and offers a helpful solution.

ReplyQuote
Posted : 23/12/2019 2:06 am
Share:
close
open