Enter Recovery Mode and/or Disable SIP on a MacOS VM

❗️

Please use these processes carefully and understand the risks. It is highly recommended to take a snapshot of your VM prior to performing these actions to boot to Recovery and/or disable SIP.

Enter Recovery Mode and Disable SIP on a MacOS VM prior to Big Sur (VMWare environment)

  1. Edit the VM settings in vCenter. In ‘VM Options’, under ‘Boot Options’, check the ‘Force EFI Setup’ box
857
  1. From the VM’s Remote or Web Console, reboot the VM, and select “Enter Setup”, then select “Boot from a file”.

  2. Scroll through and locate the entry labeled “Recovery”. Note that you will need to scroll through the entries in order to see the word “Recovery”. Hit ENTER.

766
  1. You will likely be presented with a folder ID. Just hit ENTER here

  2. Select “boot.efi” and hit ENTER:

766
  1. It will boot from Recovery at this point and may take a few minutes.

To enter Recovery mode and Disable SIP on later versions (i.e. Monterey, Ventura)

  1. Edit the settings of the VM in vCenter. Under ‘Virtual Hardware’ and ‘CD/DVD drive1’, select ‘Datastore ISO File’.
867
  1. Click the ‘ISO’ or ‘ISO-Share’ datastore, and expand it. Then click on the ‘OSX’ folder, and select the ISO image that corresponds to the VM’s OS, and click OK.
867
  1. Make sure that ‘Connect at Power On’ is checked.
867
  1. Now (still in Edit Settings) go into the ‘VM Options’ menu and under ‘Boot Delay’, enter 10000 milliseconds. This is to ensure you have ample time to select the ISO image when booting again. Click OK.
867
  1. From the VM’s Remote Console, shut down the VM, then power it back up. During boot you should see a progress bar at the bottom of the screen. Click in the console window to ensure it has focus and hit ESC prior to the progress bar completing. The Boot Manager should come up. Arrow down to the CDROM Drive and hit ENTER.
867

Disable SIP

Follow the steps above to enter Recovery mode.

  1. You will then be presented with a splash screen with various options including Reinstall, etc. Ignore the splash screen and select the Utilities menu at the top of the screen, and select “Terminal”.

  2. When the Terminal window appears, type “csrutil status”. This should indicate that SIP is enabled. Type “csrutil disable” to disable it:

927
  1. Type “reboot” and hit ENTER. The VM should now boot back to normal mode.

  2. Once logged in, open Terminal and type “csrutil status” to confirm SIP is disabled.