Sunday, 28 March 2021

Apple Thunderbolt NHI kext big sur reboot issue fix

 Normal boot

sudo fdesetup disable
fdesetup status => should read FileVault is Off

Boot in recovery mode

csrutil disable
csrutil authenticated-root csrutil
mount -uw /Volumes/"SYSTEM_HDD_NAME"
cd /Volumes/"SYSTEM_HDD_NAME"/System/Library/Extensions
mv AppleThunderboltNHI.kext AppleThunderboltNHI.kext.BAK
rm -rf /System/Library/Caches/*
kmutil install -u --force --volume-root /Volumes/"SYSTEM_HDD_NAME"/System/Library/Extensions
bless -folder /Volumes/"SYSTEM_HDD_NAME"/System/Library/CoreServices —bootefi --create-snapshot

Boot normaly

Done

Symptoms

  • You are working and suddenly the machine powers off.
  • The apple logo (and maybe the keyboard retro-lighting) stays on for a few seconds.
  • Then the machines powers off.
  • When you press the power key, the machine boots normally and no error message appears.

If this has happened to you, you are probably at the right place.

What happened ?

For certain Macbooks, there is a faulty component on their logic board (see this Stack Echange postthis MacRumor threadthis change.org petition) that forces the machine into deep sleep.

Changing this component requires skill, time and money that note everyone may have. If you macbook is under warranty, I would recommend you to go to the nearest AppleStore to get it fixed (in some case, it has resulted to have been not enough, and the presented solution was also required).

Otherwise this guide is for you.

Here, we are going to prevent the file AppleThunderboltNHI.kext from being used during boot. This file is a driver for connecting Ethernet through thunderbolt connector. It is also faulty on certain macbook and contributes in the go to sleep mode behaviour by wrongly changing the voltage of the CPU.

WARNING

The solution will permanently require you to deactivate SIP and FireVault. There is no other way here untill Apple does something about it.

Detailed solution

Here is the cooking recipe for solving the problem under Big Sur:

  1. Boot normally

  2. Play a video in the background, for instance this one to keep the CPU busy while we work.

  3. Open a Terminal

  4. Deactive FileVault as follows:
     sudo fdesetup disable
    

    And press the “Enter” key to execute the command.

    you can get you username using the command whoami your password is the session password

  5. Now we have to wait for the hardrive to be de-encrypter. To check on the process you may run from time to time:

     fdesetup status
    

    for those using brew, I recommend using watch fdesetup status

  6. When the decryption processus has reached 100 or when you will read FileVault is Off, we can move on.

  7. Reboot into recovery mode (hold down "cmd" + "R" keys when the machine powers up)

    You should see the following screen at some point

    Recovery Mode Window

  8. On the top menu bar, goto Utilities > Terminal

  9. Now we are going to turn off SIP
     csrutil disable
     csrutil authenticated-root csrutil
    
  10. We are going to mount the root HDD

    If you don’t know what is your root HDD, you can run :

    diskutil apfs list
    

    Your root HDD is the one whose (Role) in the label APFS Volume Disk matches “(System)” Root HDD

    To mount in writing mode the HDD, use the following command and susbtitute SYSTEM_HDD_NAME with the name for you root HDD:

    mount -uw /Volumes/"SYSTEM_HDD_NAME"
    

    In the previous image SYSTEM_HDD_NAME was “HD_macbook”. To avoid issues with spaces in a name, use quotes “” around the name, for instance “HD Macbook”

    You can also escape spaces using backslashe -> HD\ Macbook

  11. Now let’s move to the folder /Volumes/”SYSTEM_HDD_NAME”/System/Library/Extensions, deactivate the faulty driver and clear the caches. Don’t forget to change SYSTEM_HDD_NAME for the actual name of your HDD:

    cd /Volumes/"SYSTEM_HDD_NAME"/System/Library/Extensions
    mv AppleThunderboltNHI.kext AppleThunderboltNHI.kext.BAK
    rm -rf /System/Library/Caches/*
    
  12. We have to update the kext cache and select the snapshot for the next boot:
    kmutil install -u --force --volume-root /Volumes/"SYSTEM_HDD_NAME"/System/Library/Extensions
    bless -folder /Volumes/"SYSTEM_HDD_NAME"/System/Library/CoreServices —bootefi --create-snapshot
    
  13. We will not enable SIP anymore. Enabling SIP has proven to create boot loops after modyfing operating system files.

  14. You are done and can reboot in normal mode.

  15. (Optional) reactivate FileVault (may not work)

    sudo fdesetup enable
    

    Or from the System Preferences GUI.

  16. If you install any OS updates, it is very likely that you will need to redo all the steps.

  17. To check that it worked, you can have a look at the About This Max > System Report > Hardware > Thunderbolt and you should read “No driver loaded”. You can also run the folowing command

    kextstat | grep NHI
    

    and you should not see any mention of “AppleThunderboltNHI.kext”

Resources

No comments:

Post a Comment