-
-
Save slagdang/4485183 to your computer and use it in GitHub Desktop.
#!/bin/bash | |
# | |
# Enable TRIM support for 3rd Party SSDs. Works for Mountain Lion, should work on earlier OSes too. | |
# Tested on 10.8.2, 10.8.3, 10.8.5, 10.9.0-10.9.5, 10.10.0-10.10.1, 10.10.4 | |
# | |
# Run this script at your own risk, whether on 10.10 or earlier. | |
# | |
# This script works on MacOS 10.10-10.10.1 (Yosemite) but it has significant system security repercussions. | |
# To use it you must disable kext signing on your machine. This makes it easier for | |
# malware to infect your machine by disabling the feature which would detect unsigned | |
# (presumably rogue) kexts and refuse to load them. | |
# | |
# You may have to re-apply the fix after some system updates, including but not limited to those below: | |
# 10.10.0 to 10.10.1 | |
# 10.9.X to another 10.9.X | |
# 10.8.X to 10.8.3 | |
# | |
# Checked for proper operation on 10.8.0, but never booted 10.8.0 with the modified kext. | |
# | |
# Original source: http://digitaldj.net/2011/07/21/trim-enabler-for-lion/ | |
# | |
# To use this, put the contents of this into a file called enable_trim.sh in your home directory | |
# Then, open a Terminal window. In this window, type 'bash enable_trim.sh' (omitting the quotes) | |
# and press return. It will ask for your administrator password. Type this and it will patch the file. | |
# Then simply reboot. | |
# | |
# You can verify that this worked (or if it hasn't been run that it is unneeded) by | |
# selecting "About This Mac" from the Apple menu, then clicking the "More Info..." button, | |
# in the new window click the "System Report" button. In the System Information that | |
# opens, select "Serial-ATA" or "SATA/SATA Express" under "Hardware" in the list on the | |
# left. Then click on the item which is your SSD. You will see an item "TRIM Support:" | |
# in the text in the lower right part of the window. If it says "Yes", then TRIM is | |
# working. | |
# | |
set -e | |
#set -x | |
if [[ ( `uname -r | sed -n -E -e 's/^([0-9]+).*$/\1/p'` -gt 14 ) || | |
( ( `uname -r | sed -n -E -e 's/^([0-9]+).*$/\1/p'` -eq 14 ) && | |
( `uname -r | sed -n -E -e 's/^([0-9]+)\.([0-9]+).*$/\2/p'` -ge 4 ) ) ]] ; then | |
echo "On Mac OS X 10.10.4 and later enabling TRIM is a built-in command." | |
echo "See http://arstechnica.com/apple/2015/06/latest-os-x-update-allows-you-to-enable-trim-for-third-party-ssds/" | |
echo "or just try 'sudo trimforce enable' at the same command prompt you ran this script from" | |
echo "and then reboot." | |
exit 6 | |
fi | |
if [[ `uname -r | sed -n -E -e 's/^([0-9]+).*$/\1/p'` -ge 14 ]] ; then | |
if [[ -f /tmp/youstillmustreboot.txt ]] ; then | |
echo "You MUST reboot after disabling driver signing. Run this script again" | |
echo "after rebooting." | |
exit 3 | |
fi | |
if [[ ! ( `nvram boot-args 2>/dev/null` =~ kext-dev-mode=1$ ) ]] ; then | |
echo "This script does not work on Yosemite (10.10) or later unless you disable" | |
echo "driver signing. Disabling kext signing defeats one of the security features" | |
echo "of Yosemite which helps to prevent malware installing itself on your machine." | |
echo "For more information see https://www.cindori.org/trim-enabler-and-yosemite/" | |
echo "" | |
echo "If you would like to disable kext signing." | |
echo "Enter an administrator password below." | |
echo "Otherwise press control-C to cancel." | |
sudo -k | |
sudo nvram boot-args=kext-dev-mode=1 | |
echo "still" >/tmp/youstillmustreboot.txt | |
echo "Now reboot to disable kext signing. Then run this script again." | |
exit 4 | |
fi | |
fi | |
if [[ -f /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage.original | |
&& ( "`md5 -q /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage`" != \ | |
"`md5 -q /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage.original`" ) ]]; then | |
echo "You seem to have already patched the kext in question. Patching again will" | |
echo "destroy your unmodified backup. If you are sure you want to patch again," | |
echo "delete your backup with the following command:" | |
echo "sudo rm -f /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage.original" | |
echo "Then run this script again." | |
exit 5 | |
fi | |
# Back up the file we are patching | |
echo "Your root password is required to modify your Serial-ATA driver to enable TRIM." | |
sudo cp \ | |
/System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage \ | |
/System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage.original | |
# Patch the file to enable TRIM support | |
# This nulls out the string "APPLE SSD" so that string compares will always pass. | |
# on 10.9.4 to 10.9.5 and 10.10.0-10.10.1 the sequence is WakeKey\x0a\0APPLE SSD\0Time To Ready\0 | |
# on 10.8.3 to 10.8.5 and 10.9.0 to 10.9.3, the sequence is Rotational\0APPLE SSD\0Time To Ready\0 | |
# on 10.8.2, the sequence is Rotational\0APPLE SSD\0MacBook5,1\0 | |
# on 10.8.0, the sequence is Rotational\0\0APPLE SSD\0\0\0Queue Depth\0 | |
# The APPLE SSD is to be replaced with a list of nulls of equal length (9). | |
sudo perl -p0777i -e 's@((?:Rotational|WakeKey\x0a)\x00{1,20})APPLE SSD(\x00{1,20}[QMT])@$1\x00\x00\x00\x00\x00\x00\x00\x00\x00$2@' \ | |
/System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage | |
if [[ "`md5 -q /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage`" == \ | |
"`md5 -q /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage.original`" ]]; then | |
echo "Patching FAILED. Your IOAHCIBlockStorage kext is unmodified." | |
exit 1 | |
else | |
# Force a reboot of the system's kernel extension cache | |
sudo touch /System/Library/Extensions/ | |
echo "Now reboot!" | |
fi |
Updated to work correctly on older OSes (10.8.0 checked).
Updated to work with 10.8.3 If you patched while running an earlier OS (including 10.8.2), then you will need to patch again after you update to 10.8.3 as the file which you patched has been replaced by an unmodified new file.
Checked on 10.8.5. Works fine. I guess I missed out on trying 10.8.4.
You do have to repatch at 10.8.5, or maybe it was at 10.8.4, not sure.
Works on 10.9.0. Patches the right thing and enables TRIM.
Works on 10.9.1 same as on 10.9.0. No need to repatch if you upgrade a machine from 10.9.0 to 10.9.1.
Works on 10.9.2 same as on 10.9.1. You must repatch if you upgrade a machine from a previous OS version to 10.9.2.
Works on 10.9.3, same as earlier. You must repatch if upgrading from a previous OS version to 10.9.3.
Added some more comments to indicate this, no changes to process.
Updated for 10.9.4. You must repatch on 10.9.4 with the new script as the strings changed again.
And to mention, this almost certainly will not work on 10.10 (Yosemite) because 10.10 won't load kexts which are not digitally signed. It's unclear what can be done to correct for that. I suspect we'll know more when 10.10 comes out.
I updated comments for 10.9.5, algorithm didn't require changes. I had to repatch going to 10.9.5 from 10.9.4, so you probably have to also. I added a new feature which will tell you if the patching failed. Honestly, this is more for me since I have to check this thing every time I update my Mac and this will make it less hassle for me. But if it helps you too then that's great.
As expected, this script doesn't work on Yosemite due to kext signing. It patches the driver, but when rebooting to test it, the system will fail to boot. Even booting from another drive and putting the original file back doesn't make it boot again. Because of this I have added a check for the OS version to the script. If the OS version is Yosemite, it will refuse to run and thus you don't end up with an unbootable machine like I have.
I will try to find a solution for the kext signing. This will either require turning off checking or self-signing your modified kext. I don't know how to do either of these yet. I will try to find out.
Okay. It works on 10.10 now. It will disable kext sign checking in order to work, otherwise it will refuse to patch. I added a lot of safeties now, to keep you from overwriting your backups among other things. Getting to be a hefty script.
Thanks to Cindori Software for indicating how to disable kext signing. I'm sorry I don't have a better way other than disabling kext signing. You may wish to consider before using the script whether having TRIM is really worth losing the kext anti-tamper feature on your system.
Thanks for the script - I am going to self-sign the IOAHCIFamily.kext with trim and kext signing enabled and see if it works. I found these links which may be helpful -
https://code.google.com/p/tunnelblick/wiki/cSigningTunnelblick
Works on 10.10.1. You must reapply from 10.10. Same problems as with 10.10 in regards to kext anti-tamper.
I didn't bother to test it on 10.10.2 through 10.10.3 (at least not yet). But there is good news for 10.10.4 and hopefully 10.11.
http://appleinsider.com/articles/15/07/01/apple-adds-trim-support-for-aftermarket-ssds-in-os-x-10104
No longer is it necessary to turn off kext signing to turn on TRIM for 3rd party SSDs.
Updated to deobfuscate, corrected match string. Just veriified it on 10.8.2 again.