Mac – El Capitan – netboot servers must be trusted

Posted on July 5, 2016 by

The new System Integrity Protection, SIP for short, which is part of Mac OS 10.11 (El Capitan) requires you to set your netboot servers as “trusted”. For details see: https://support.apple.com/en-us/HT205054

I added a DeployStudio script to run the appropriate commands to add our netboot servers to the NVRAM whitelist (See Below). This script will need to be updated with the new IP addresses once I get those later this summer. The script should be included in workflows just after the reimage and should NOT be postponed till first boot. The csrutil executable is not available with El Capitan booted. It is only available in the pre-boot image restore environment.

#!/bin/sh

echo "SetNetBootTrusted.sh - Start - Lynna, July 5 2016 ("`date`")"

/usr/bin/csrutil netboot add 137.165.27.37
/usr/bin/csrutil netboot add 137.165.27.27

echo "SetNetBootTrusted.sh - end"

exit 0

This entry was posted in Labs and tagged , , . Bookmark the permalink.

Comments are closed.