Catalina introduced a new feature that overlaps and reinforces the filesystem protections that SIP provides. What it does is split the files between two volumes: a system volume containing Apple-provided system files, and a "data" volume containing all non-Apple and modifiable files. The system volume is mounted read-only as / (the root filesystem), and the data volume is mounted with read-write access as /System/Volumes/Data. There are also "firmlinks" that merge the content from the data volume in where it "belongs" (e.g. /System/Volumes/Data/Users shows up in /Users). If you change something in a firmlinked directory, the changes are stored on the data volume. If you try to change something in a non-firmlinked directory, it'll fail because it's on a read-only volume (even if SIP is completely disabled).
For more details, see the Ars Technica review of Catalina, the WWDC2019 sesson "What's New in Apple File Systems", and a filesystem map from the Eclectic Light Company.
If you really need to make changes in the content on the read-only system volume, it is possible, but I'd recommend against it if there's an alternative. Most of the things you normally want to change/add/etc can be done from modifiable parts of the filesystem (e.g. using /usr/local
instead of /usr
). So the rest of this comes with a warning.
Warning: I have not tested this much, and make no promises at all about what the consequences will be (including both immediate consequences, and what happens the next time an OS update changes things). Do you have any important files on this Mac? Do you have a good backup? Do you feel lucky?
[Update: In Big Sur, the system volume is not just read-only, but also signed, so changing it is even more difficult. See "Mount root as writable in Big Sur" for more info.]
To make changes to the normally-read-only volume, you need to both disable SIP's filesystem protection and also re-mount the volume with read access:
Restart in Recovery mode (Command-R at startup), open Terminal (from the Utilities menu), and disable SIP filesystem protection with:
csrutil enable --without fs
Restart normally, open Terminal, and remount the root volume for read access:
sudo mount -uw /
At this point, you should be able to make changes everywhere (subject to normal filesystem protections) up until the next restart. Disabling SIP's filesystem protection survives restarts, but remounting with write access does not. If you want everything to be writable after restarting, you'll have to repeat the sudo mount
command after each restart. What I'd recommend, though, is locking everything back down as soon as you've made the necessary changes. To do this, restart in Recovery mode, run csrutil enable
, then restart again normally.
macOS Catalina runs on a dedicated, read-only system volume called
Macintosh HD. This volume is completely separate from all other data
to help prevent the accidental overwriting of critical operating
system files. Your files and data are stored in another volume named
Macintosh HD - Data. In the Finder, both volumes appear as Macintosh
HD.
https://support.apple.com/en-us/HT210650
Then, these are the procedure.
- Click the Macintosh HD - Data (1) then click the minus above the Volume (2)
- Click the Macintosh HD (1) then click the Erase (2)
The rest is the same as usual.
Copy right of the images: https://qiita.com/PaSeRi/items/59e9785580dbd518ac93
Best Answer
The designers macOS pick which commands that are constrained by SIP. To be more precise, certain commands are given the ability to bypass the constrains of SIP. The
bless
command is not one of the commands that is contained by SIP. To use the command to set the default to boot would require disabling at least part of SIP.An alternative would be to use a boot manager which can be configured from a macOS script or application. An example of such a boot manager is rEFInd. If installed in a EFI partition, then a password would be required to first mount the partition. If installed to a FAT of ExFAT partition then no password would be required, but would be less secure. The
default_selection
token can be use to choose the default operating system to boot. Typically, this token and parameters are stored in a file of your choosing. The name of this file is then given as the parameter to theinclude
token stored in therefind.conf
file.