![run disk utility mac el.capitan run disk utility mac el.capitan](https://cdn.osxdaily.com/wp-content/uploads/2019/07/howto-show-all-disks-mac-disk-utility-1-610x392.jpg)
- #RUN DISK UTILITY MAC EL.CAPITAN WINDOWS 8#
- #RUN DISK UTILITY MAC EL.CAPITAN WINDOWS 7#
- #RUN DISK UTILITY MAC EL.CAPITAN WINDOWS#
However, there are a couple of workarounds. The common way to resolve this issue was to write a new MBR, but since SIP restricts access to the master boot record, it seems impossible unless you disable SIP.
#RUN DISK UTILITY MAC EL.CAPITAN WINDOWS#
If the wrong type is used, Windows will refuse to boot (usually with a black or blue screen).
#RUN DISK UTILITY MAC EL.CAPITAN WINDOWS 8#
If Windows 8 or later is running new Macs, a standard “guard” MBR is required.
#RUN DISK UTILITY MAC EL.CAPITAN WINDOWS 7#
If Windows 7 or earlier is running on older Macs, it needs to have a hybrid MBR. The difference is important, since it affects how Windows will boot. The guard MBR has only a single entry that covers the entire disk (used to protect legacy tools from doing bad things). The hybrid MBR has an entry for each of the first 4 partitions. If you use Boot Camp Assistant to create the Boot Camp partition, you’ll get a standard EFI “guard” MBR: SIP does not prevent you from reading information (such as the Master Boot Record), but does prevent any writing to the MBR. You can see it in OS X using the fdisk command: This lets Windows boot via “legacy” mode, which (as mentioned before) is not supported on the newest Macs. If you use Disk Utility to create a Boot Camp partition on El Capitan (10.11) or earlier, OS X will create what is called a “hybrid master boot record (MBR)”. But what happens if you are mass deploying Boot Camp and having issues? Usually you don’t have to worry about any of this, since Boot Camp Assistant and the Windows installer will set everything up correctly. With the newest Apple hardware, Windows 8 or later is required, and EFI booting is the only way that Windows will boot on the Mac. While there was some support for EFI booting Windows 7, Apple didn’t support EFI booting Windows until Windows 8. Modern Macs always boot via EFI, but Windows hardware has only recently started natively booting EFI. This is where the situation gets interesting. SIP restricts access to the device that OS X is booted from (usually /dev/disk0), even for the root user. The boot sector is the first sector on a hard disk, and is usually used when legacy booting Windows.
![run disk utility mac el.capitan run disk utility mac el.capitan](https://www.imore.com/sites/imore.com/files/styles/xlarge_wm_brw/public/field/image/2015/07/os-x-el-capitan-disk-utilities-hero.jpg)
This all relates to Boot Camp and booting Windows through the boot sector. Only Apple apps signed with a identity from Apple and a correct entitlement are allowed to run the bless command. But how is Apple able to use “bless” and restrict its use for anyone else? OS X uses digital signatures to determine if bless can be run. Second, Apple utilities (such as the Startup Disk preference pane) use bless to set the selected startup disk. First, if SIP is disabled, the prior functionality returns. Bless is still on the system for a couple of reasons. This now fails, as “bless” writes to NVRAM, which is protected by SIP (even for the root user).
![run disk utility mac el.capitan run disk utility mac el.capitan](https://i.stack.imgur.com/hh8a6.png)
In prior versions of OS X, you would use the “bless” command to change the bootable disk. NVRAM holds the currently selected disk for next reboot. However, you can no longer change NVRAM or the boot sector on the disk. You can still set the Startup Disk using the Option key at startup, or by using the Startup Disk System Preference Pane. Note: To safeguard against disabling System Integrity Protection by modifying security configuration from another OS, the startup disk can no longer be set programmatically, such as by invoking the bless(8) command. One of the protections that SIP puts into place is a restriction from modifying the startup disk programatically:Ĭonfiguring System Integrity Protection () Rich Trouton has some great info on SIP at his Der Flounder blog here that cover the folders that are protected and some great information on NetBoot and SIP. SIP prevents any user (including the all powerful root user) from writing to specific locations in OS X (mainly in the System Folder). But with SIP comes some additional restrictions that affect how System Administrators can make Windows bootable during deployments.
![run disk utility mac el.capitan run disk utility mac el.capitan](https://justus.berlin/wp-content/uploads/2015/10/Screen-Shot-2015-10-13-at-15.51.14.png)
With Apple’s new System Integrity Protection (SIP) in OS X 10.11, the Mac is now ever more secure. Updates How El Capitan Boot Camp is Affected by Apple’s New System Integrity Protection (SIP)