crypto on-desk format having to change - OK to use enc ?

All your general support questions for OpenZFS on OS X.

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Tue Mar 13, 2018 3:10 pm

https://grahamgilbert.com/blog/2017/09/ ... gh-sierra/

from this, I can see

Code: Select all
sqlite> SELECT * FROM kext_policy;
team_id|bundle_id|allowed|developer_name|flags
735AM5QEU3|net.lundman.zfs|0|Joergen  Lundman|5
735AM5QEU3|net.lundman.spl|0|Joergen  Lundman|5
735AM5QEU3|net.lundman.kernel.dependencies.30|1|Joergen  Lundman|5
735AM5QEU3|net.lundman.kernel.dependencies.31|0|Joergen  Lundman|4
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Tue Mar 13, 2018 3:15 pm

all other kexts in that file has flags "8" instead. out of curiosity. do you show something other than 5 ?
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby ilovezfs » Tue Mar 13, 2018 3:28 pm

Code: Select all
macOS-1013:~ ilovezfs$ sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy
SQLite version 3.19.3 2017-06-27 16:48:08
Enter ".help" for usage hints.
sqlite> SELECT * FROM kext_policy;
EG7KH642X6|com.vmware.kext.VMwareGfx|1|VMware, Inc.|5
EG7KH642X6|com.vmware.kext.vmmemctl|1|VMware, Inc.|1
EG7KH642X6|com.vmware.kext.vmhgfs|1|VMware, Inc.|1
735AM5QEU3|net.lundman.zfs|1|Joergen  Lundman|1
735AM5QEU3|net.lundman.spl|1|Joergen  Lundman|1
735AM5QEU3|net.lundman.kernel.dependencies.31|1|Joergen  Lundman|1
sqlite>
ilovezfs
 
Posts: 232
Joined: Thu Mar 06, 2014 7:58 am

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Tue Mar 13, 2018 3:36 pm

seems I'm not able to modify the database since it's read-only. I'll see about booting into single user mode later


Code: Select all
sqlite> update kext_policy set flags=1 where team_id='735AM5QEU3';
Error: attempt to write a readonly database
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby lundman » Tue Mar 13, 2018 4:52 pm

I just tried 10.13.4 BETA 5 in the VM, and it sure acted strange. I could click on the Lock to make changes, then on Allow. Then everything appeared to do nothing.

In the logs, I was receiving lines like
Code: Select all
2018-03-14 09:43:13.764544+0900 0x1b33     Default     0x4c9f               164   <trustd> [com.apple.securityd:rvc] asynchronously fetching CRL (http://crl.apple.com/codesigning.crl) for client (kextcache[920]/0#-1 LF=0)
2018-03-14 09:43:13.765051+0900 0x1b33     Default     0x4c9f               164   <trustd> [com.apple.securityd:rvc] asynchronously fetching CRL (http://www.apple.com/appleca/root.crl) for client (kextcache[920]/0#-1 LF=0)
2018-03-14 09:43:13.765146+0900 0x1b33     Default     0x4c9f               164   <trustd> [com.apple.securityd:policy] cert[2]: AnchorTrusted =(leaf)[force]> 0


about 10 every seconds, to a total of 2417 times, each. But while I was trying to tcpdump and dig deeper, the installer eventually said "Installed" and both kexts loaded.

Code: Select all
  115    1 0                  0x498      0x498      net.lundman.kernel.dependencies.31 (12.5.0) B25467CB-C8CB-49C7-B149-60886E2947C2
  116    1 0xffffff7f826ae000 0x11f5000  0x11f5000  net.lundman.spl (1.7.1) 62A9C8D8-62C9-3C37-BFEB-C86E093DE05B <115 7 5 4 3 1>
  117    0 0xffffff7f838a3000 0x2bf000   0x2bf000   net.lundman.zfs (1.7.1) 1787BA3B-9402-3B98-A9DF-02921559D201 <116 18 7 5 4 3 1>
User avatar
lundman
 
Posts: 1335
Joined: Thu Mar 06, 2014 2:05 pm
Location: Tokyo, Japan

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Tue Mar 13, 2018 8:01 pm

According to the installer, it installs, but the kexts just won't load. I tried booting into single-user mode, but the file remains locked with read-only. System loads it even then which makes sense :/

I'm out of ideas to try at this point :/

the computer displays the allow button. The only idea I would have left is trying to install another app that also requests permissions, but I don't know what I would install. Maybe it will get it "unstuck"
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Wed Mar 14, 2018 8:58 am

FYI, i rebooted into recovery mode and was able to modify the database. I successfully set flags to 1, however, upon reboot, the file was restored to what it was before. Seems that's a dead end :/
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby Brendon » Fri Mar 16, 2018 1:48 pm

Small datapoint. I build from source, don’t use the installer. When I upgraded to beta 5 from beta 5 I had to recompile. This is because we seemed to be dead locking, zfs would load, import the pools and deadlock when put under load. We don’t know why this happened, it may have been screwy configuration on my part.

Regardless, master compiled on beta 5 works well.

Cheers
Brendon
 
Posts: 286
Joined: Thu Mar 06, 2014 12:51 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Fri Mar 16, 2018 2:11 pm

I'm trying that now. Just FYI, the README says

To load unsigned kexts you need to disable SIP for kexts. Or sign them with your own keys


It would be useful if it said how to do this. Seems like something I will run into
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

Re: crypto on-desk format having to change - OK to use enc ?

Postby whatever » Fri Mar 16, 2018 2:12 pm

checking spl build directory... Not found
configure: error: *** Cannot determine SPL object directory


I did a clone of https://github.com/openzfsonosx/spl.git and then cloned https://github.com/openzfsonosx/zfs.git in the same dir.

still seeing this error :(

UPDATE: looks like the config is looking for spl_config.h but I don't see that in the spl repo
Last edited by whatever on Fri Mar 16, 2018 2:38 pm, edited 1 time in total.
whatever
 
Posts: 27
Joined: Thu Feb 08, 2018 8:39 pm

PreviousNext

Return to General Help

Who is online

Users browsing this forum: Google [Bot], jawbroken and 30 guests

cron