Disabling System Integrity Protection from guest El Capitan under VirtualBox 5

Thu, 22 October 2015 :: #macos

One well known issue of running a guest MacOS X under VirtualBox is that it's not possible to enter Recovery OS by pressing the Command+R key combination on VM startup. In fact after reading some bug reports on VirtualBox bugtracker it seems that it's not possible to enter Recovery OS at all.

Fortunately, we don't even need Recovery OS to disable System Integrity Protection. We can use the Installer environment to run csrutil tool. SIP's configuration is stored inside NVRAM, so it actually doesn't matter what approach we will take, as long as we will put some magic values into magic variables inside NVRAM. Please be advised that while this method works, it will work until the shutdown of your VM. You can do soft restarts, but if you'll shut down the VM and boot it up again, you will need to disable SIP again.

In order to access Installation environment under VirtualBox, you will need to enter the VirtualBox EFI BIOS by pressing F12 few times, at very early stage of guest VM boot up.

You will be greeted with an old school text mode BIOS interface, in which you should choose the Boot Manager option.

Inside, launch EFI Internal Shell to enter EFI commandline mode.

After getting the command prompt, switch to the FS2: drive:

2.0 Shell> FS2:
2.0 FS2:>

Of course, your drive number can be different, depending on the partition table structure you've chosen to have.

On the FS2: drive, in directory, there is a EFI program inside the boot.efi file. We need to launch it.

2.0 FS2:\> cd
2.0 FS2:\\> boot.efi

Any errors that start with ERROR!!! can be safely ignored! :)

The Installation Environment should now start booting up, this can take several minutes to complete.

When it will load, you need to launch the terminal, from which you will be able to use the csrutil command:

$ csrutil disable

I've uploaded a video that walks through these steps, so if you'll have any problems in understanding anything, you can watch it, maybe it'll help.