Forbidden Commands to Speed Up macOS
First, ask yourself, would you like to undo a decade of security protections painstakingly created by Apple, protecting your Mac from malware, spyware, and ransomware? What if these so-called protections prevented the normal and speedy usage of your Mac? See exhibits: [A, B, C, D, E, F]
Is that a yes? Speed and convenience over security any day! Let us march on boldly 😃! The steps listed below will give you a short description of each protection we disable, and the necessary command in Terminal.
Step-by-step Guide
Step 1: Disable GateKeeper. This is the part of macOS that deals with code signature validation. It checks if the app in question was signed by the creator, and then checks whether Apple has given the creator a thumbs-up. macOS 10.15 made this much more stringent, requiring Apple to give each app a thumbs-up.
# For macOS 10.15.6 and below, use sudo spctl --master-disable
sudo spctl --global-disable
Step 2: Disable Library Validation. This protection checks if an app's libraries are signed by Apple or the creator. Until very recently, macOS apps could load code freely from foreign sources called code libraries. With macOS 10.15, apps are no longer allowed to load libraries that weren't originally packaged with it, unless they explicitly allow it.
sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool true
Step 3: Disable System Integrity Protection. You have to enter Recovery Mode (by holding Command+R while rebooting) in order to disable SIP. This mode lets us change boot data for the Mac. SIP prevents both malware and power-users alike from modifying the system files, core apps, and the kernel of macOS. It does this by only allowing apps and extensions signed by Apple to modify the system.
# From the Recovery Mode menubar: Utilities --> Terminal
csrutil disable
Step 4: Disable Apple Mobile File Integrity. AMFI is the macOS kernel module that enforces the code-signing validation from Step 1 and the library validation from Step 2. However, even after disabling the services above, AMFI is still checking the signatures of every app that is run, and will cause non-Apple apps to crash when they touch extra-sensitive areas of the system.
# While still in Recovery Mode
nvram boot-args="amfi_get_out_of_my_way=1"
# Additional parameter below fixes Electron app crashes
nvram boot-args="ipc_control_port_options=0 amfi_get_out_of_my_way=1"
Step 5: Reboot & Enjoy Liberty. No explanation required.
Caveats:
- If GateKeeper is enabled while AMFI is disabled, some apps will hang while opening.
- If AMFI is disabled, prompts to allow apps access to the camera, microphone, accessibility etc. will not be shown. The
tccplus
utility, found here, alleviates this (there is a GUI script in the repo).
Further Reading:
- syspolicyd internals
- How Catalina handles app first run
- What could possibly go wrong on an app first run?
- AMFI: checking file integrity on your Mac
- Code Signing – Hashed Out, RSA Conference
- Abusing MacOS Entitlements for code execution
- Disable YaraScanService
Addendum:
Unfortunately, my article was flagged by some users after getting on the front page of Hacker News! I guess they just didn't appreciate the humour? However, you can check out the discussion before it was taken down.
Update Feb 2023
To fix Electron apps that crash with AMFI disabled, use the additional nvram boot argument: amfi_get_out_of_my_way=1