marcan changed the topic of #asahi to: Asahi Linux: porting Linux to Apple Silicon macs | General project discussion | GitHub: https://alx.sh/g | Wiki: https://alx.sh/w | Topics: #asahi-dev #asahi-re #asahi-gpu #asahi-offtopic | Keep things on topic | Logs: https://alx.sh/l/asahi
rjeffman has quit [Remote host closed the connection]
rjeffman has joined #asahi
jeffmiw has quit [Ping timeout: 260 seconds]
raster has joined #asahi
<arnd>
I have only one partition on the external drive now, installed it from a 11.3.1 USB installation medium, everything works after initial setup, but then the 'kmutil' command fails with the credentials of the user account I created:
<arnd>
I suspect this is still the same problem with permissions that prevents me from having multiple bootable partitions on the external drive
<arnd>
I also managed to create another Admin user on the internal rootfs by removing /Volumes/Macintosh\ HD/var/db/.AppleSetupDone. Apparently this user account can do everything except create a new bootable volume
<agraf>
Yes, for bootable volume creation you need to add your credentials into the SEP as OIK owner
<arnd>
agraf: the part that I don't understand is that I was able to install a bootable MacOS using the non-OIK credentials from a prior install (which was installed using the OIK owner credentials)
<arnd>
from the descriptgion on page 28 of that document it sounds like kmutil setting "permissive security" should have worked
<agraf>
arnd: not sure I follow. If you add an admin user on your local system, that doesn't add the user as OIK owner yet. So you don't have permission to sign the LocalPolicy file.
<agraf>
arnd: What I really don't understand is how you did get to a bootable macOS without OIK credentials :)
<marcan>
agraf: AIUI there is some exception for clean OS installs
<marcan>
but only in fullsec mode
<agraf>
marcan: the way I read the doc above, clean OS installs wipe OIK ownership, so you always have a fallback owner with empty password
<agraf>
marcan: and the setup tool will just try an empty PW first to add your password to it that you specify when you create the first admin user
<agraf>
But then again, I can't claim that I understand the full boot flow quite yet :). And I haven't been able to manually mess with the OIK permissions so far.
<arnd>
agraf: my theory of what happened is that after a normal install to a empty partition on the external disk using OIK credentials, I can transfer the bootable state of that partition to another empty partition on that disk, which means I still only have one bootable external partitition
<arnd>
agraf: I tried very hard to not touch the installation on the internal drive, and I don't have direct access to the OIK account (though I can ask the person for help occasionally)
<agraf>
Ah, so you think there's only a single "external drive" OIK owner?
<agraf>
That's an interesting thought :/. I have no idea and I don't quite know how to validate
<marcan>
arnd: I think you're going to need OIK access to kmutil
<marcan>
it's fine not to mess with that install, but you do need to be machine owner to authorize permissive security on the machine
<marcan>
that's kind of by design, I believe
<marcan>
so you'll want OIK users on multiple macOS installs
<arnd>
yes, it seems like a sensible limitation, but it probably means I won't be able to use this machine
Behemoth has quit [Quit: No Ping reply in 180 seconds.]
Behemoth has joined #asahi
Bublik has joined #asahi
Bublik has quit [Ping timeout: 240 seconds]
ArnoldSebastian[ has quit [Quit: Idle for 30+ days]
Bublik has joined #asahi
ephe_meral1 has quit [Ping timeout: 252 seconds]
Bublik_ has joined #asahi
Bublik has quit [Ping timeout: 268 seconds]
Bublik_ has quit [Client Quit]
Bublik has joined #asahi
odmir has joined #asahi
kettenis has quit [Remote host closed the connection]
odmir has quit [Ping timeout: 268 seconds]
VinDuv has joined #asahi
Nazral has quit [Ping timeout: 240 seconds]
Nazral has joined #asahi
puffy310 has joined #asahi
<puffy310>
Hello!
Namidairo has quit [Ping timeout: 265 seconds]
Bublik has quit [Ping timeout: 246 seconds]
Bublik has joined #asahi
Namidairo has joined #asahi
_rjeffman is now known as rjeffman
tomtastic has quit [Ping timeout: 265 seconds]
tomtastic has joined #asahi
dottedmag has quit [Quit: QUIT]
dottedmag has joined #asahi
dottedmag has joined #asahi
puffy310 has quit [Remote host closed the connection]
VinDuv has quit [Quit: Leaving.]
<arnd>
I've tried a few more variations of the same things on the external drive. I can consistently install a macos partition, but also consistently get the "Invalid argument: bless2_install_custom_obj() failed: 2" error when I actually try to install m1n1 with kmutil. I'll give up trying the external ssd method now, until I have my own hardware I can work on.
<arnd>
It's probably best to wait another month now, in case there is going to be an M2 Mac next month
<opticron>
I still haven't heard anything about a M2 MBP
<opticron>
unfortunately
<pipcet[m]>
arnd: "here's your machine back, I've upgraded it to Linux". But seriously, would using an external ssd actually mean touching less on the internal drive? That's where the kernel is stored even for external installs, right?
<roxfan>
with even basc chips (passives) now in shortage I suspect even Apple can't secure supply for anything new in near future
<phire>
I'm supicious that apple decided to avoid making a larger "M1x" and are going to hold out for the new M2 with firestorm-next cores.
<phire>
and we won't see that until the very end of the year at the earilest
<TheLink>
the news that m1x/m2 production has started at tsmc seemed quite reliable though
<phire>
the production time for chips is long
<TheLink>
~3 months they said, but I'm clueless in that regard
<phire>
the rumours seem to conflict. one says it will be on N5P others say it will be on N4
<phire>
maybe there are actually two chips, a M1X on N5P and a M2 on N4
<phire>
N4 isn't scheduled to be ready for mass production until closer to the end of the year, so any N4 chip won't be in products until late this year or early next
<TheLink>
I'd say before they produce the m2, they'll introduce the A15 for the next iphone etc. which the m2 probably will be based on
<TheLink>
well, it's all speculation anyway
<TheLink>
we'll see
<phire>
yeah, there are also rumours about the A15. It's probally already in mass production (apple need to stockpile a lot of them before launch) and it's on N5P
<pipcet[m]>
hmm. The CPU debug registers don't seem very interesting so far. You can read another core's PC, and you can do weird stuff and get the core to stop, but no real way of taking over control yet.
modrobert has quit [Read error: Connection reset by peer]