Boot Runner and System Integrity Protection

Boot Runner customers with Macs running Boot Camp should be aware of a potential issue when running Boot Runner on macOS 10.12 Sierra and Mac OS X 10.11 El Capitan and later.

Apple has implemented System Integrity Protection: To safeguard against disabling System Integrity Protection by modifying security configuration from another OS, the startup disk can no longer be set programmatically, such as by invoking the bless(8)command.

In order to allow selection of the Windows Boot Camp partition in the Boot Runner Selection Screen, System Integrity Protection (SIP) must be changed to allow changes to NVRAM to select the startup disk.

Systems running Boot Runner on Sierra or El Capitan with virtual machines only and no Boot Camp partition do not need to disable System Integrity Protection.

Follow the instructions below to disable SIP.

System Integrity Protection (SIP)

Starting with OS X 10.11, Apple has implemented a new security feature: System Integrity Protection. This prevents even super users access to the System folder and non-volatile RAM.

Enabling NVRAM in SIP requires booting into the recovery partition to run the Terminal command below.

To boot into the Recovery partition, hold Command-R while restarting the Mac.

From the Utilities Menu, select Terminal. On the Terminal command line, enter:

csrutil enable --without nvram

The change will be confirmed with a status message.

Reboot back into the macOS system partition.

The mac must allow for changes in NVRAM for Boot Runner to successfully boot into Windows Boot Camp.

If you need to fully re-enable SIP, boot back into the recovery partition, open Terminal from the Utilities menu, and set state to enabled:

# csrutil enable

Note: As of MacOS Sierra 10.12.2, it is possible to re-enable SIP from the Mac system rather than reboot into the Recovery HD. To re-enable SIP, run this command as root in Terminal:

/usr/bin/csrutil clear

Enter your system password and press Enter.