celleo wrote:
Same issue as you on my MacOS Monterey 12.0.1, Mackbook Pro 2021 with M1 Pro. I finally figured out the solutions as follows:
**Solution 1**
Use the Security Policy in the Startup Security Utility under the Utilities menu instead of Terminal, to downgrade the SIP level. (refer to https://support.apple.com/guide/mac-help/macos-recovery-a-mac-apple-silicon-mchl82829c17/mac)
System Integrity Protection (SIP) and the Security Policy (LocalPolicy) are not the same thing. On Macs with Apple silicon SoCs, the SIP configuration is stored inside the LocalPolicy file - SIP is a subset of the security policy. That said, you won't be able to change SIP settings in Startup Security Utility, because the Permissive Security option isn't available in Startup Security Utility. See the security levels below for more info:
Full Security: The default option, with no security downgrades permitted. Available in Startup Security Utility.
Reduced Security: Any compatible and signed version of macOS is permitted. SIP is locked as fully enabled. These options are also available:
- Allow notarized kernel extensions
- Allow MDM to manage kernel extensions and software updates
Permissive Security: All of the options permitted by Reduced Security are also permitted here. In addition, you can boot a custom kernel (the Asahi Linux team is using this to allow booting Linux in the future). These options are also available:
- Modify the SIP configuration
- Disable Kernel Integrity Protection (disable CTRR)
- Disable Signed System Volume verification
- Allow all boot arguments (including Single User Mode)
To modify or disable SIP, use the csrutil command-line tool. Customizing or disabling SIP will automatically downgrade the security policy to Permissive Security.
celleo wrote:
BTW, I'd appreciate if someone can help to remove some files under /usr because "mount -uw" doesn't work on the "/" root directory. On my old macbook, I created a symbolic link named "X11" under /usr to run XQuartz and forgot to remove the link with it later. Unfortunately this link file became a core part of the MacOS system protected by SIP after upgrading to Big Sur...
In macOS Big Sur and later, your Mac boots from a cryptographically sealed snapshot. The seal is verified against the value provided by Apple at every boot. Because of this, the symlink in the usr folder must reside on the Data volume, and thus be located at: /System/Volumes/Data/usr
There are certain parts on the Data volume that are protected by SIP, such as Safari. To remove the symlink, try disabling SIP temporarily (which is most likely protecting the symlink on the Data volume).