There's some misunderstanding about these two separate OS features.
System Integrity Protection (SIP), disabled with the "csrutil disable" instructions, will allow loading of unsigned drivers (used to be the nvram option kext-dev-mode before El Cap), as well as doing write protection for system folders. It does not prevent/allow applications themselves to run, unless those applications do questionable things at launch such as writing to /System.
Gatekeeper, part of the popup message that you see when you launch a new unsigned app, is unrelated to SIP. Gatekeeper is the system that checks for signed applications and prevents launching them. If you are having trouble launching an app, it's probably Gatekeeper. If you are installing a 3rd party driver and that fails, it's likely SIP (especially for poorly-behaved drivers installers that still try to write files in /System/Library/Extensions instead of /Library/Extensions). If CHIRP runs but you can't see a usb-serial cable, that may be SIP blocking the driver load.
Here is the most reliable way to "first time launch" an app you trust: 1) Download, extract, copy to /Applications as usual. 2) Right-click the app, and pick "open". 3) Approve the dialog box that appears.
Yes, there's hidden magic behind right click->Open. I just tried this with CHIRP daily on Sierra 10.12.2 and it worked great, first time and subsequent launches (subsequent launches I double-clicked the icon rather than using the Open option). SIP is still enabled on my system.
If you are still having problems launching an app, you can try out the master Gatekeeper disable. Do this first before resorting to a SIP disable, because it's likely Gatekeeper and not SIP that is causing a launch issue. This is similar to the old option in the Privacy Preferences called "allow apps from anyone":
https://www.tekrevue.com/tip/gatekeeper-macos-sierra/
tl;dr: If an app doesn't launch, right click and "Open". If you must, use "sudo spctl --master-disable".
-- Brian
On Fri, Jan 13, 2017 at 10:20 AM, Niel Skousen nskousen@ecsecurityinc.com wrote:
I'm fairly certain the OS remembers by application, so if you turn of the csr to run an app (it is actually a per instance off, not a full daemon off...) it remains in force for the 'next' unsigned app it detects.
Niel
On Jan 13, 2017, at 10:10 AM, Tom Hayward tom@tomh.us wrote:
On Fri, Jan 13, 2017 at 9:06 AM, Eric Chopin echopin27@gmail.com wrote:
Hello Tom, Thank you for the procedure, though I am a bit reluctant to disable the SIP installed in the OS....I am not suggesting that there is some malware in CHIRP nonetheless the possibility will always be there. Lets assume I disable the csrutil to allow CHIRP to work, if I re-enable csrutil after I have run CHIRP, will this action prevent me using CHIRP again or will the OS remember that csrutil allowed CHIRP earlier on?
I'm afraid I don't know the answer to your question. Hopefully someone else can chime in.
Tom _______________________________________________ chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users This message was sent to Niel at nskousen@ecsecurityinc.com To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com
chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users This message was sent to Brian Dickman at brian.maybe@gmail.com To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com