System Integrity Protection (SIP) changes in macOS Sierra 10.12.2

Published on by onemoreadmin

With the release of macOS Sierra 10.12.2, Apple has made one welcome change to System Integrity Protection (SIP): you can now re-enable the feature without being booted into the Recovery partition!

How To

To re-enable SIP, you run the following command:

/usr/bin/csrutil clear

Please note that you will need to run this as root. To see if the command was successful, run nvram -p and look for csr-active-config. If the key does not exist, then SIP has been re-enabled.

Example:

csrutil status
System Integrity Protection status: disabled.

nvram -p
csr-active-config   w%00%00%00

sudo csrutil clear
Password:
Successfully cleared System Integrity Protection. Please restart the machine for the changes to take effect.

csrutil status
System Integrity Protection status: disabled.

nvram -p

Enhancement

I have asked for an enhancement to mimic the behavior of fdesetup status

Hopefully Apple can have csrutil status show something like this:

System Integrity Protection is Off, but will be enabled after the next restart.

3 thoughts on “System Integrity Protection (SIP) changes in macOS Sierra 10.12.2

  1. Pingback: macOS Sierra 10.12.2 and security updates – The Eclectic Light Company
  2. Pingback: Apple、macOS Sierra 10.12.2でSIP用コマンド「csrutil」をアップデート。SIPを有効にする場合はリカバリーパーティションからの設定が不要に。 | AAPL Ch.
  3. Pingback: Ensuring SIP is enabled | Babo D's Corner

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s