I have Big Sur installed in a VMware Fusion Player virtual machine. I desire to disable SIP. With an actual physical Mac, the usual method would involve first booting to internal macOS Recovery, then entering the command given below in a Terminal window.
csrutil disable
However, booting to internal macOS Recovery does not seem possible. The holding down the ⌘+R key combination at startup does not work. The Mac Startup Manager does not appear to exist. I can restart to firmware, but the Recovery volume does not have a boot.efi which can be chosen to boot from.
I realize the SIP setting is stored in the 4 byte NVRAM variable given below.
7C436110-AB2A-4BBB-A880-FE41995C9F82:csr-active-config
The firmware does allow booting to a built‑in EFI 1.0 shell. However, this shell does not appear to have any commands which can modify this variable. In fact, the variable does not even currently exist in the virtual machine NVRAM. I tried entering the command below in a macOS Terminal window.
sudo nvram csr-active-config=%7f%00%00%00
The result was the error message given below.
nvram: Error setting variable - 'csr-active-config': (iokit/common) not permitted
What procedures can be used used to disable SIP?
I am using the current free version of VMware Fusion Player (Version 12.1.0).
| Host Stats | Guest Stats |
|---|---|
| iMac (21.5-inch, Late 2013) | Mac |
| macOS Catalina version 10.15.7 | macOS Big Sur version 11.2 |
| Memory: 16 GB | Memory: 4 GB |
| Quad-Core Intel Core i5 | 2 processor cores |
| 2.9 GHz | 2.76 GHz |
| USB 3 (5 Gb/s) Samsung T7 SSD | SATA HDD |
Below are a links to sites with procedures that either I could not get to work or only work with previous versions of macOS.
Can I initiate a MacOS restart to Recovery mode solely from the command line?
how to disable SIP (system integrity protection) in vmware fusion 12 for macOS big sur?
Best Answer
Follow the steps below to disable System Integrity Protection (SIP).
Start by booting to macOS Big Sur and opening a Terminal application window. Next, enter the command given below. This will create a NVRAM variable with the desired value, but misspelled variable name. This misspelling will be corrected in a later step.
Shutdown macOS. In the
Settingwindow for the virtual machine, selectStartup Disk. Hold down the option key and select theRestart to Firmware…button, as shown below.Select the
EFI Internal Shell, as shown below.If desired, enter the command below to get full use of the window.
Set the current filesystem to the EFI volume. This should be the mapped
fs0filesystem, so you would enter the followingNext, verify the label is
EFIby entering the command below.If wrong, then try
fs1:,fs2:,fs3:, ....Enter the command below to save the
Asr-active-configvariable to the filecsr.bin.Next, enter the command below to edit the
csr.binfile. You will need to correct the spelling by replacing the letterAwith the letterc. The can be done by typing a63over the41on the first line.The corrected file will appear as shown below. When finished save the changes and exit.
Enter the command below to create the
csr-active-configvariable in NVRAM.SIP will now be disabled on the next boot of Big Sur. If desired, enter the command below to remove the
Asr-active-configvariable from NVRAM.Enter the command below to leave the command shell.
From the
Boot Manager, selectMac OS Xto boot Big Sur.Format of the
csv.binFile