[Release] macOS Sonoma 14

[Cyberdevs]

 

Apple released macOS Sonoma 14 build number 23A334

https://swcdn.apple.com/content/downloads/26/09/042-58988-A_114Q05ZS90/yudaal746aeavnzu5qdhk26uhlphm3r79u/InstallAssistant.pkg

[MacNB]

let the fun begin....

[Cyberdevs]

@MacNB

Tomorrow I'm gonna clean install macOS Sonoma on my 2011 iMac and see how it goes.

[MacNB]

@Cyberdevs 

That'll be good to see how it goes on your iMac.

I'll try it on my Mac Min 4,1 though I am not expecting much as Ventura runs like snail.

 

I'll wait for "production" OCLP with Sonoma support for the other Mac's.

UPD: it's coming 2nd Oct apparently :

 

 

Edited September 26, 2023 by MacNB

[Cyberdevs]

@MacNB

I have clean installed Sonoma on my 2011 iMac, installation went through somewhat ok but at the last installation step it failed to install an update which happened before and after rebooting and continuing the installation again it went through.

 

Bluetooth isn't working, it disables itself and the beach ball is also not working which is expected behavior but beside that everything else seems to be working fine.

 

P.S.

The NVRAM Reset fixed the Bluetooth issue but no AirDrop and Continuity and there is a red glare on menus when I click them.

So in conclusion I won't be using Sonoma on this iMac for a day to day tasks.

[MacNB]

@Cyberdevs

So I downloaded OCLP 0.6.9 nightly build on the Mac Mini4,1 and used it to build OpenCore onto the EFI.

 

OCLP downloaded the released Sonoma and saved it into /Application as usual.

To speed up the install, I did not use OCLP's Create-USB-Installer option but instead, I created a 16GB HFS+ partition on the SSD which I called install-partition.

Then used createinstallmedia command on that partition to create the Sonoma Installer on that partition:
 

sudo /Applications/Install\ macOS\ Sonoma.app/Contents/Resources/createinstallmedia --volume /Volumes/install-partition /Applications/Install\ macOS\ Sonoma.app --nointeraction

 

...the good old fashion way 

 

Rebooted and started the Installer I just built to do a clean install onto a free Container.

After about 40+ minutes and several reboots, Sonoma was up (no video acceleration of course but beachball worked fine).

Used Transfer-my-Mac to transfer all the settings etc from the Ventura drive to the Sonoma...again no drama.

 

Applied the Root-patches for Nvidia GeForce 320M & USB 1.1:

Rebooted and was presented with the new Sonoma wall paper (nice).

System very slow.

Bluetooth did not work. WiFi did not work.

Rebooted and did an NVRAM clean (Alt+CMD+P+R) 2 times.

Bluetooth and WiFI now work but no AirDrop nor Continuity.

 

System not really usable as it's just too slow.

The CPU is cranking away all the time trying to keep the screen upto date.

The beachball does not work...static image (just like in Ventura). OCLP does have a workaround but apparently sucks up more CPU cycles.

Opening new windows/Apps takes ~ 1 second to display it. 

Navigating around System Prefs is painful.

 

Ariel screensaver is soooo slow that it's hard to see if it's moving.

Static screensaver is slightly better but just judders along.

 

Safari crashed a couple of times while I was writing this here.

DRM content do not play in AppleTV..... the ones I own.

Amazon Prime video do not play (even trailers):

 

 

Biggest limitation is the GeForce 320M GPU with only 256MB VRAM which is not Metal compatible.

Though the OCLP team have done a fantastic job in weaving the old drivers and Framework, etc into a new OS, it's not usable on such old H/W.

 

It was good to test Sonoma on this old puppy.

Edited September 27, 2023 by MacNB
screenshots added

[Cyberdevs]

@MacNB

These old Macs will not play nice with Sonoma, the workaround for the beachball also didn't work on my old 2011 iMac or MacBook Pro but that's no biggie because I'm just using them for testing OCLP but running Sonoma on my 2013 and 2014 Macs (iMacs and MacBook Pro) makes more sense because they are more compatible with Metal.

Ventura and Sonoma are more demanding hardware wise so the best macOS for these machines is Monterey or Big Sur IMHO.

[MacNB]

@Cyberdevs

I agree. My rMBP 10,1 officially only supports Catalina but I running Big Sur (no root patching) and surprisingly, it actually runs better than Catalina.

It's cooler, less memory usage and quite snappy.

It actually does not even need OpenCore as boot-arg -no_compat_check is enough to boot it.

Will probably stay on that for a while.

[Cyberdevs]

Just finished installing Sonoma on a 2013 iMac and everything seems to be working perfectly fine except for a Minor issue.

 

From the iMac, I can send files to my Z690 Hackintosh and my iPhone but the other devices can't see the 2013 iMac in AirDrop.

[Max.1974]

Hi my friend, try Open iPhone and send something. If not works,Open AirDrop on iPhone, just open AirdDrop and not send nothing. Magic will happens. 

 

See my video  

Video_23-10-03_17-29-43.mp4.zip

[Cyberdevs]

@Max.1974

What is the BT/Wi-Fi adapter model you are using in your laptop?

[MacNB]

I used OCLP 1.0.1 and installed Big Sur and Sonoma on my MBP 10,1.

This MacBook is modified by replacing the BT/WiFi module with BCM94360CS (WiFi 802.11ac + BT LE 4.0)

This module is supported natively by Catalina & Big Sur.

I also upgrade the Apple SSD with 1TB WD SA500 SATA blade and cloned the existing Catalina onto it.

 

I partitioned the SSD:

Spoiler

Using OCLP I downloaded Big Sur and used the 16GB Install-partition to create a Big Sur installer using createinstalmedia command line tool.

Big Sur installed fine and used macOS Migrate tool during the install to transfer the Catalina data, apps & settings to Big Sur.

Big Sur runs great...in fact better than Catalina...very snappy and efficient.

There is no Root Patching required for Big Sur on this MacBook as everything is natively supported (HD4000, Nvidia GT650M, WiFI, BT, SD car reader, Thunderbolt, etc).

In fact I can run Big Sur without OpenCore by just using -no_compat_check boot-args. However CPU runs hot (need to investigate this).

 

Having tested Big Sur, I used OCLP to download Sonoma 14.0 and manually created the Sonoma Installer on the 16GB partition on the SSD (again using createinstallmedia command line tool.

 

Install went fine...even the migration tool.

OCLP Root patched the HD4000 and Nvidia drivers.

Spoiler

On first boot, and after logging in, the CPU was hitting nearly 100 degrees C . I have never heard my fans until I booted Sonoma.

Normally they run around ~2000rpm and are completely silent. But during this "hot phase" they were running nearly ~3000rpm ! and audible.

I believe it was Spotlight indexing all three partitions (Catalina, Big Sur and Sonoma).

The WD SSD was hitting ~54 degrees C.

Eventually after an hour all was well and CPU is ~ 54 degrees C running @ 1.65GHz and SSD at ~ 34 degrees C.

 

Sonoma feels fairly smooth and very usable.

Desktop widgets work fine (though I not see the value of such features as most of the time the screen has an App on it and cannot see the widgets anyway).

WiFi and BT work fine. I can hit a 1.3gb/s connection on WiFi with my router.

Airdrop to/from iPhone and other Macs works fine.

 

Apple Watch unlocks the Lock Screen after Sleep.

 

Safari works fine except DRM playback in Amazon. There's an error:

 

Spoiler

 

The same content plays fine with Google Chrome.

 

Apple TV Content all plays fine.

 

I cannot use the iPhone as a FaceTime camera...just get a black screen. This is problem known by OCLP team but no fix.

The video screen savers are very smooth, look stunning on the Retina screen but increases the heat on the MacBook (again, I don't the point of this feature).

 

So overall, positive experience with Sonoma for this 10 year old notebook.

But really don't see what the big hype is about Sonoma.

My favourite is Big Sur (specially considering it can run without OpenCore on this MacBook).

 

 

 

Spoiler

 

[Cyberdevs]

13 hours ago, MacNB said:

In fact I can run Big Sur without OpenCore by just using -no_compat_check boot-args. However CPU runs hot (need to investigate this).

IMHO Running macOS with -no_compat_check boot args (if it's a possibility) is the best way to install macOS, using OCLP is great and all but there are caveats to it.

The most important reason can be the broken seal of macOS's APFS snapshot which can lead to security risks and with Sonoma the need for partially disabling SIP and AMFI is another reason which one may want to consider the impacts that it will have on any Mac's security.

[MacNB]

5 hours ago, Cyberdevs said:

IMHO Running macOS with -no_compat_check boot args (if it's a possibility) is the best way to install macOS, using OCLP is great and all but there are caveats to it.

The most important reason can be the broken seal of macOS's APFS snapshot which can lead to security risks and with Sonoma the need for partially disabling SIP and AMFI is another reason which one may want to consider the impacts that it will have on any Mac's security.

 

I agree. I just need to find out what's causing the MacBook to overheat when using -no_compat_check.

 

Regarding security, there have been a lot of discussions about security issues with OCLP and the fact that it breaks the seals when Root patching on certain configs.

However, I highlighted to couple of those individuals that it's not just the OCLP Root patching that presents a security threat but also OpenCore (and Clover) themselves by the very nature that these boot loaders hack the OS to insert drivers into the Kernel cache.

E.g. if one is not careful about where they download Lilu.kext (or any of the plugins or other kexts), they could have a bad actor in them that could potentially give them full access to the system. Specifically when SIP is partially disabled that allow kext injection.

 

If one has to use OpenCore, a good practice would be to build/compile it from scratch and all the required kexts to give a high degree of confidence that those sources have not been hijacked and thus the binaries are "clean". Even then it's not fully secure since kexts can be dynamically injected (e.g. with kextload) if someone gets physical access to the system (even remotely via SSH).

 

EDIT:

An example of kext binaries download is on this site. No disrespect intended but you uploaded AMFI Pass kext on this site. I am sure there's nothing untoward in that kext but a better practice would be provide a link to the sources instead ?  

Edited October 13, 2023 by MacNB

[Cyberdevs]

@MacNB

Yes you are correct, however the AMFIPass.kext is extracted directly from Dortania's repo and and it is uploaded as is, no alterations have been made to the kext and users can compare the md5 hashes with the source.

The reason that I decided to upload the kext here was simply because many users couldn't find the kext easily so I've decided to upload it here.

 

But I do get your point.

 

P.S.

I linked the AMFIPass.kext directly to the GitHub repo to avoid any confusion.

[MacNB]

@Cyberdevs

Perfect.

The bigger point was I was trying to make is that though OpenCore is fantastic development enabling so many to run macOS on their PCs (and Macs), it comes at a price...of exposed security holes. On many hacks, secure boot model can be enabled together with SIP but with most, it's impossible thus exposing potential security issues.

One key mitigation they added was to add Password protection to the boot picker. But again, this too can be circumvented depending on the firmware. 

 

It is a case making people aware of the security issues if they value their data.

[Max.1974]

Em 10/11/2023 às 03:15, Cyberdevs disse:

@Max.1974

What is the BT/Wi-Fi adapter model you are using in your laptop?

 

Hi my dear friend @Cyberdevs, sorry late, im was using BRCM4352 device 14e4,43b1 on my Laptop in that video. Bluetooth is BCM2070A.

Im ordered new card native, 14e4,43a0, like my Desktop. Im not recommended my old Broadcom 4352. Only 4360. But new AirportBrcmFixup.kext 2.1.8 or 2.1.9 (compiled) already have update device 14e4,43b1.

For Sonoma im change for Intel AX210 WI-FI 6,  that have great stability and not need use OCLP.

Im use LocalSend to make "AirDrop", and im real enjoy it. 

I hope help you guys!! 

God bless you all! 

 

Spoiler

 

Edited October 13, 2023 by Max.1974

[Max.1974]

2 hours ago, MacNB said:

 

I agree. I just need to find out what's causing the MacBook to overheat when using -no_compat_check.

 

Regarding security, there have been a lot of discussions about security issues with OCLP and the fact that it breaks the seals when Root patching on certain configs.

However, I highlighted to couple of those individuals that it's not just the OCLP Root patching that presents a security threat but also OpenCore (and Clover) themselves by the very nature that these boot loaders hack the OS to insert drivers into the Kernel cache.

E.g. if one is not careful about where they download Lilu.kext (or any of the plugins or other kexts), they could have a bad actor in them that could potentially give them full access to the system. Specifically when SIP is partially disabled that allow kext injection.

 

If one has to use OpenCore, a good practice would be to build/compile it from scratch and all the required kexts to give a high degree of confidence that those sources have not been hijacked and thus the binaries are "clean". Even then it's not fully secure since kexts can be dynamically injected (e.g. with kextload) if someone gets physical access to the system (even remotely via SSH).

 

EDIT:

An example of kext binaries download is on this site. No disrespect intended but you uploaded AMFI Pass kext on this site. I am sure there's nothing untoward in that kext but a better practice would be provide a link to the sources instead ?  

 

Hi my friends, can I suggest you use this boot-args to make work Safari, Firefox and WhatsApp Desktop?

 

ipc_control_port_options=0   -lilubetaall     -brcmfxbeta    -amfipassbeta     -keempsyms=1    dart=0

 

Spoiler

 

Edited October 13, 2023 by Max.1974

[MacNB]

2 hours ago, Max.1974 said:

 

Hi my friends, can I suggest you use this boot-args to make work Safari, Firefox and WhatsApp Desktop?

 

ipc_control_port_options=0   -lilubetaall     -brcmfxbeta    -amfipassbeta     -keempsyms=1    dart=0

 

  Reveal hidden contents

 

 

I am not sure how/why these boot-args would affect the browsers or WhatsApp (which I do not use).

[Cyberdevs]

2 hours ago, MacNB said:

The bigger point was I was trying to make is that though OpenCore is fantastic development enabling so many to run macOS on their PCs (and Macs), it comes at a price...of exposed security holes. On many hacks, secure boot model can be enabled together with SIP but with most, it's impossible thus exposing potential security issues.

Yes I know, the security risk were always there specially on hacks, but now that OCLP is required for many Macs there will be more computers exposed to those potential security issues or better to say security concerns.

I've been reading the OCLP security topic on MR but even if those points are valid and the treats are as sever as they are point out to be then one need to think twice before using an unsupported Mac for any serious and daily use.

[Max.1974]

5 hours ago, MacNB said:

 

I am not sure how/why these boot-args would affect the browsers or WhatsApp (which I do not use).

 

Hi. If you not used Firefox or WhatsApp Web or Desktop so you not need it. But im not 100% sure if not use this args will get errors like Safari that you said....it's only idea.... 

[Max.1974]

5 hours ago, Cyberdevs said:

Yes I know, the security risk were always there specially on hacks, but now that OCLP is required for many Macs there will be more computers exposed to those potential security issues or better to say security concerns.

I've been reading the OCLP security topic on MR but even if those points are valid and the treats are as sever as they are point out to be then one need to think twice before using an unsupported Mac for any serious and daily use.

 

You are absolutely right my dear friend, today im not use OCLP anymore. Just using intel Wireless or Ventura with Broadcom...