macOS 12 Monterey on Unsupported Macs Thread

[patent10021]

Now that I'm done, can someone tell me if I need to enable SIP/SecureBootModel via the OCLP patcher and build/install to EFI again? I believe I need to do this so that I can receive future OTA updates? Should I use GUI or TUI? Once installed I just reboot normally?

 

[mwidjaya]

someone tell me if I need to enable SIP/SecureBootModel via the OCLP patcher and build.install to EFI again? Should I use GUI or TUI? Once installed I just reboot normally?

Always use TUI version of OCLP.

AFAIK, SIP/SecureBoot is OFF because you needed to do post-install vol patch. That patch breaks the SSV (signed system volume).

Don't think you can turn it back ON.

 

[patent10021]

Always use TUI version of OCLP.

AFAIK, SIP/SecureBoot is OFF because you needed to do post-install vol patch. That patch breaks the SSV (signed system volume).

Don't think you can turn it back ON.

Seriously? Isn't that a major security risk? I thought one of the features of OCLP was that once you're done you can enable security again. Otherwise why would they have SIP/SecureBootModel check-boxes?

So if SIP is now permanently off on my machine, how does that affect vulnerability regarding my data? What is the original purpose of SIP/SecureBootModel?

For what it's worth, I found this:

Both SIP and AMFI have to be disabled for the updater to work and the kexts to be patched. After that I reenabled both and the systems runs fine.

 

[vince22]

Updated a MBP mid 2012 (with upgrade WiFi card) using OC 0.3.3 to 12.1 Monterrey. Amazing work on the patcher and post installation patch functionality. This is my 1st installation to an unsupported MAC. I am impressed how fast and well the 9 year old MBP functions with Monterrey. So far the only issue on installed Apps is OOKLA SpeedTest - it crashes at launch on the unsupported MBP - works well in my other supported MACs. Is anyone else having issues with this APP? (Their web site works fine)

no issues here OCLP 0.3.3 OOKLA SpeedTest app thru Wi-Fi and Wired connections.

 

[doris1997]

iMac 12,2 Running:
In Separate Partitions - Monterey 12.1, Big Sur 11.6.2, Catalina 15.7,& Mohave … all via OCLP 0.3.3 and Windows 10 & 11 via Parallels Desktop VM’s under Big Sur, I upgraded High Sierra to Big Sur … Monterey clean install all on the same 27” 2011 iMac utilizing the Nvidia K5100M gpu upgrade … Monterey required post volume patching for WiFi and Brightness slider. 2TB SSD APFS partitions i7 cpu 32 GB ram

Would like to Thank all the wonderful & Brilliant folks here (you know who you all are) that made it possible for me to do all the above! 😊💙

 

[makra]

For what it's worth, I found this:

Maybe the OCLP page is worth even more. 😉

Enabling SIP​

For many users, SIP will be enabled by default on build. For Intel HD 4000 users, you may have noticed that SIP is disabled. This is to ensure full compatibility with macOS Monterey and allow seamless booting between it and older OSes. However for users who do not plan to boot Monterey, you can re-enable under Patcher Settings.
Note: Machines with non-Metal GPUs cannot enable SIP in Big Sur either due to patched root volume
Note 2: NVRAM may need to be reset to ensure SIP is correctly re-enabled

 

[patent10021]

Maybe the OCLP page is worth even more. 😉

Enabling SIP​

For many users, SIP will be enabled by default on build. For Intel HD 4000 users, you may have noticed that SIP is disabled. This is to ensure full compatibility with macOS Monterey and allow seamless booting between it and older OSes. However for users who do not plan to boot Monterey, you can re-enable under Patcher Settings.
Note: Machines with non-Metal GPUs cannot enable SIP in Big Sur either due to patched root volume
Note 2: NVRAM may need to be reset to ensure SIP is correctly re-enabled

Thanks. But the OCLP page doesn't show what binaries/kexts the patcher is downloading so your sentence doesn't make sense. I posted the image incase anyone is curious as to what the patcher is downloading specifically for MacBook Pro 11,3 (Nvidia) 😉

Anyway.... the doc says, "However for users who do not plan to boot Monterey, you can re-enable SIP under Patcher settings".

If we are upgrading to Monterey using OCLP, then most of us (are) booting into Monterey right? So any of us using Monterey cannot use SIP? Or does "boot Monterey" mean something else? As far as I know, I'm booting Monterey every day.

 

[mwidjaya]

If we are upgrading to Monterey using OCLP, then most of us (are) booting into Monterey right?

OCLP started with Big Sur and later added Monterey support.

Apple did a few things as they dropped support for older machines w/ Big Sur and they did even more things w/ Monterey.

Basically removed software bits for hardware bits no longer supported. In order for Monterey to work on such hardware, OCLP post install patch is adding back those bits - thus breaking signed system volume (signed with Apple keys).

So for e.g. take my 2012 mini. I use OCLP to run Big Sur only. No need for post install patch, so I can keep SIP on, secureboot on.

Now if I want to run Monterey on same 2012 mini, I would need post install patch (for intel HD4000) thus SIP off, secureboot off.

It is just what it is.

 

[patent10021]

OCLP started with Big Sur and later added Monterey support.

Apple did a few things as they dropped support for older machines w/ Big Sur and they did even more things w/ Monterey.

Basically removed software bits for hardware bits no longer supported. In order for Monterey to work on such hardware, OCLP post install patch is adding back those bits - thus breaking signed system volume (signed with Apple keys).

So for e.g. take my 2012 mini. I use OCLP to run Big Sur only. No need for post install patch, so I can keep SIP on, secureboot on.

Now if I want to run Monterey on same 2012 mini, I would need post install patch (for intel HD4000) thus SIP off, secureboot off.

It is just what it is.

Hi. So, are you saying we shouldn't worry about SIP on Monterey? Can I enable SIP now using OCLP-GUI (SIP/SecureBootModel check boxes), build and install to EFI, then disable SIP when I want to upgrade to 12.2? What do you recommend?

Do signed system volumes actually affect security related to remote access to local machines and potentially iCloud data via AppleID's? Or is it only relevant to encrypted hard disks and such?

Thank you.

 

[mwidjaya]

Can I enable SIP now using OCLP-GUI (SIP/SecureBootModel check boxes), build and install to EFI, then disable SIP when I want to upgrade to 12.2?

AFAIK, you cannot enable SIP.

You are missing the point - SSV is signed with Apple keys. Only Apple have it. A patch system volume, like yours, SSV is broken and will fail the checks.

That's the price to pay for running latest OS on unsupported mac.

As to how insecure - I don't know. Not qualified to talk on that subject.

Personally, I don't worry about it.

 

[roysterdoyster]

FireWire 800 HDDs are working fine for me using that OCLP option; that means it's working fine for booting an installed macOS (High Sierra, Mojave, Catalina, Big Sur, Snow Leopard), both from HFS+ and APFS file systems.
But the Apple installers since Catalina refuse to install to FireWire drives; in order to install or OTA update, I have to connect the HDD via USB.

I will definitely attempt to build the Monterey installer with OCLP 0.3.3 TUI to a FireWire800 extrenal drive and report back, how it went. Thank you for your insights so far.

 

[roysterdoyster]

Neither of the FireWire enclosures here are fully compatible with APFS so firsthand idk, sorry. There is a FW option in OCLP, good luck. 🪓

Will try and report back. Thank you K two, for your hands-on expertise, which is always the best advice, in my experience.

 

[roysterdoyster]

Let's say migration assistant is buggy and cause kernel panic. Some options:

Option A
- don't use migration assistant
- sometime it is good to start all over
- installing apps is trivial
- copying files from backup is not hard
- getting apps to point to library such as photos, music, etc is a bit more involved but doable

Option B
- Erase Monterey, install Big Sur
- do migration assistant
- Install OCLP EFI and option boot to it
B1 - Pick Monterey installer - install again or
B2 - In Big Sur, do the OTA to Monterey (offered up in Software Update)
- Safemode boot Monterey to do post-install vol patch

Excellent advice.
I too am planning a clean install of Monterey and will use Option A

 

[internetzel]

I will definitely attempt to build the Monterey installer with OCLP 0.3.3 TUI to a FireWire800 extrenal drive and report back, how it went. Thank you for your insights so far.

Running the installer from a drive attached via FireWire did work for me - but not installing to a drive which is connected via FireWire.

 

[internetzel]

What enclosures are in use?

I've got one Iomega FW800/FW400/eSATA/USB2 enclosure and one rather generic FW400/eSATA/USB2 enclosure, both have nearly the same controller chip onboard (cannot look it up currently, but will do so once I get home).
Only the Iomega can be used to boot on PowerMacs, but the Intel iMac can boot from both drives without problems.
I can connect the FW400 drive to the Iomega drive as a daisy chain, so I get FW800 speed to the Iomega enclosure and FW400 speed to the other one.

 

[roysterdoyster]

Running the installer from a drive attached via FireWire did work for me - but not installing to a drive which is connected via FireWire.

I am not sure, if I understand completely.

Q: Will OCLP>#5. Patcher Settings>#4. Boot Volume Settings>#1. Set FireWire Boot: Currently True

allow to successfully:
i) Install OpenCore to <not USB> external FireWire800/400 drive
ii) Boot from ext. FW drive
iii) Install Monterey from ext. FW drive

leading to the desired result of a working Monterey installation on internal Macintosh HD?

Clarification would be appreciated.

Thank you in advance, internetzel

 

[roysterdoyster]

Noticed TRIM was OFF after successful upgrade from Big Sur to Monterey on MBP4,1 Early 2008

 

[mwidjaya]

leading to the desired result of a working Monterey installation on internal Macintosh HD?

Some people would like to try out Monterey on an external disk first. Multi OS setup, keeping stable older OS on internal boot disk.

So they are saying you can't install Monterey onto an external FW disk.

 

[roysterdoyster]

Some people would like to try out Monterey on an external disk first. Multi OS setup, keeping stable older OS on internal boot disk.

So they are saying you can't install Monterey onto an external FW disk.

Thank you for shedding light onto the issue, now I understand. This still leaves to determine, whether a clean Monterey install from external FW800/400 (in lieu of USB 2.0 drive) to internal Macintosh HD will be successful. I will try and report.

 

[larryo108]

I have been playing with my install and everything seems to be working. My mac mini has an Intel HD3000 GPU. I am seeing some artifacts (black boxes in messages) and some icons in System Preferences aren’t showing up. I read on the OCLP download page about HD3000 changes that are required. From what I could see, it is something to do with spoofless settings. I am not quite sure what that is, but in OCLP 0.3.3, I found SMBIOS settings to spoof it. I change the setting to minimal and reboot. When I go back to recheck though, it is back to no spoofing. Is there something more I need to do? Or do I need to go the next level up on the settings?

 

[mwidjaya]

I found SMBIOS settings to spoof it. I change the setting to minimal and reboot. When I go back to recheck though, it is back to no spoofing.

Make settings changes to minimal spoofing, build EFI, install EFI (to USB stick or internal boot disk), then reboot.

Did you do all that?

 

[Finbarr Cnaipe]

Hi. So, are you saying we shouldn't worry about SIP on Monterey? Can I enable SIP now using OCLP-GUI (SIP/SecureBootModel check boxes), build and install to EFI, then disable SIP when I want to upgrade to 12.2? What do you recommend?

Do signed system volumes actually affect security related to remote access to local machines and potentially iCloud data via AppleID's? Or is it only relevant to encrypted hard disks and such?

Thank you.

I have a Macbook Pro 8,2 (Early 2011) with the defective AMD dGPU. Prior to sending it off to dosdude1 a couple of years ago to have him flash his deMux (to disable the AMD chip at HW level, and MBP only then sees the Intel HD3000 iGPU), I had to edit NVRAM parameters and then alter the .kexts in order for my MBP to work even in High Sierra, which is the last officially supported macOS for the MacBookPro8,2. In fact, due to this, it was a contributing factor to me using dosdude1's tool to upgrade to Mojave....I figured why not...and had been running Mojave on it until last week.

The point is, I HAD to disable SIP just to be able to boot my MBP8,2 and so, went thru all the research about it back then. AFAICT, the biggest thing about SIP is protecting the drivers (.kext) from malicious manipulation....but the downside is not being able tweak/optimize the relevent .kext if/when needed. While I can see the argument for it from a "Lowest Common Denominator" design perspective, I do not agree that it is the best approach when technically competent folks wish to optimize (or my case FIX) their computers. IMHO, lots of what Apple started doing a few years ago creates the perception of dumbing down their architecture "for the masses", at the expense of the Enthusiast / Tech-Savvy community...the very folks responsible for Evangelizing Apple products to their Microsoft brainwashed colleagues (The HW design changes to stop Memory and Storage upgrades is another example... Moving to Apple ONLY silicon for recent Mac products is another example IMHO. No problem with doing Apple Silicon CPU/GPU, but IMHO, they should offer both Intel and Apple solutions in their model families. But that is not the plan, because Apple no longer appears to care about the Enthusiast, or folks that have "Advanced" computing needs and would like to do so at reasonable (ahem) cost with Mac Products.

TLDR version:
AFAICS, Main thing with SIP is to protect .kext, and if you are technically savvy enough to be having this discussion about it, you likely don't have to worry about disabling it if needed. You likely aren't going to be engaging in stupid behavior that puts you or your data risk...whether SIP is enabled or disabled. If you aren't in that category, you probably shouldn't be looking to run unsanctioned macOS versions on your unsupported HW in the first place...in which case, just go buy a new Mac and be done with it.

 

[giovyledzep]

Guys I'm sorry for crashing the thread but I have a problem I can't seem to be able to solve on an iMac7,1 (with T9300 CPU of course) when trying to install Monterey 12.1 with OCLP 0.3.3.

When I start the installation after erasing the SSD in Recovery Assistant the computer runs the installation for about 25 mins, then reboots and installs for a while, then instead of going into Setup Assistant after a successful installation it just goes again into Recovery Assistant. If I try installing again the same thing happens, over and over again. It keeps booting into Recovery Assistant.
Any suggestions?
Thank you

 

[doris1997]

Guys I'm sorry for crashing the thread but I have a problem I can't seem to be able to solve on an iMac7,1 (with T9300 CPU of course) when trying to install Monterey 12.1 with OCLP 0.3.3.

When I start the installation after erasing the SSD in Recovery Assistant the computer runs the installation for about 25 mins, then reboots and installs for a while, then instead of going into Setup Assistant after a successful installation it just goes again into Recovery Assistant. If I try installing again the same thing happens, over and over again. It keeps booting into Recovery Assistant.
Any suggestions?
Thank you

What’s your current version of MacOS? 🤔

 

[larryo108]

Make settings changes to minimal spoofing, build EFI, install EFI (to USB stick or internal boot disk), then reboot.

Did you do all that?

Hmmm. Can't remember if I did the spooking prior to building and installing to the EFI. Is there a way to remove what I did previously to the EFI and then redo it correctly. I know I didn't spoof it when I built my original USB. I hope that doesn't mean I have to start from scratch again.