Sponsors
Sponsor Products
Disable USB storage on Catalina
posted by Mike Hall  on Feb. 17, 2020, 3:40 a.m. (1 month, 11 days ago)
1 Responses     0 Plus One's     0 Comments  

As part of security compliance, we need to disable USB storage capability on our macs. The old methods, here and here no longer seem to work in Catalina. Anyone know a workaround for the newest OS?


Thread Tags:
  usb, catalina mass storage, 

Response from Grant Janssen @ Feb. 17, 2020, 10:11 a.m.

we perform a a similar operation to disable wifi on all macs and faced a similar issue in Catalina.

first SIP is diabled and the host rebooted.  Then the extenesions are moved (NOTE: operations in catalina are different)

editorial13:~ root# mkdir -p DISABLED_EXTENSIONS/System/Library/Extensions
editorial13:~ root# mv /System/Library/Extensions/IO80211Family* /var/root/DISABLED_EXTENSIONS/System/Library/Extensions
editorial13:~ root# ls -al /var/root/DISABLED_EXTENSIONS/System/Library/Extensions
total 0
drwxr-xr-x  4 root  wheel  136 Apr 30 13:34 .
drwxr-xr-x  3 root  wheel  102 Apr 30 13:33 ..
drwxr-xr-x@ 3 root  wheel  102 Jun 21  2018 IO80211Family.kext
drwxr-xr-x@ 3 root  wheel  102 Jun 21  2018 IO80211FamilyV2.kext
editorial13:~ root# kextstat | grep 80211 | sed -E "s/[[:space:]]+/ /g" | cut -d " " -f 7
com.apple.iokit.IO80211Family
editorial13:~ root#

We do the same with the bluetooth and such:

editorial13:~ root# mv /System/Library/Extensions/AppleBluetooth* /var/root/DISABLED_EXTENSIONS/System/Library/Extensions
editorial13:~ root# mv /System/Library/Extensions/AppleMIDIBluetoothDriver.plugin /var/root/DISABLED_EXTENSIONS/System/Library/Extensions
editorial13:~ root# mv /System/Library/Extensions/IOBluetooth* /var/root/DISABLED_EXTENSIONS/System/Library/Extensions
editorial13:~ root# mkdir -p /var/root/DISABLED_EXTENSIONS/System/Library/LaunchAgents
editorial13:~ root# mv /System/Library/LaunchAgents/com.apple.wifi.WiFiAgent.plist /var/root/DISABLED_EXTENSIONS/System/Library/LaunchAgents
editorial13:~ root# reboot
Connection to editorial13 closed by remote host.
Connection to editorial13 closed.
grant@grants-DCC-MacBook-Pro:~[20190430-13:41][#22]%

on restart the extension does not load

editorial13:~ root# kextstat | grep 80211 | sed -E "s/[[:space:]]+/ /g" | cut -d " " -f 7
editorial13:~ root#

Catalina

WTF, a read only root filesystem ?

grant@transfer115502:~[20200127-12:47][#2]% mount                                                                                                                                                                  
/dev/disk1s1 on / (apfs, local, read-only, journaled)
devfs on /dev (devfs, local, nobrowse)
/dev/disk1s2 on /System/Volumes/Data (apfs, local, journaled, nobrowse)
/dev/disk1s5 on /private/var/vm (apfs, local, journaled, nobrowse)
map auto_home on /System/Volumes/Data/home (autofs, automounted, nobrowse)
grant@transfer115502:~[20200127-12:48][#3]% df -h                                                                                                                                                                  
Filesystem      Size   Used  Avail Capacity iused      ifree %iused  Mounted on
/dev/disk1s1   233Gi   10Gi  202Gi     5%  482676 2447618644    0%   /
devfs          185Ki  185Ki    0Bi   100%     641          0  100%   /dev
/dev/disk1s2   233Gi   19Gi  202Gi     9%  273347 2447827973    0%   /System/Volumes/Data
/dev/disk1s5   233Gi  2.0Gi  202Gi     1%       1 2448101319    0%   /private/var/vm
map auto_home    0Bi    0Bi    0Bi   100%       0          0  100%   /System/Volumes/Data/home
grant@transfer115502:~[20200127-12:48][#4]%

there is an apple support reference on this - but it's not any help to us

Let's remount the filesystem read+write, then move the files

transfer115502:~ root# csrutil status
System Integrity Protection status: disabled.
transfer115502:~ root# mkdir -p DISABLED_EXTENSIONS/System/Library/Extensions
transfer115502:~ root# mv /System/Library/Extensions/IO80211Family* /var/root/DISABLED_EXTENSIONS/System/Library/Extensions
mv: rename /System/Library/Extensions/IO80211Family.kext to /var/root/DISABLED_EXTENSIONS/System/Library/Extensions/IO80211Family.kext: Read-only file system
mv: rename /System/Library/Extensions/IO80211FamilyV2.kext to /var/root/DISABLED_EXTENSIONS/System/Library/Extensions/IO80211FamilyV2.kext: Read-only file system
transfer115502:~ root# df -h
Filesystem      Size   Used  Avail Capacity iused      ifree %iused  Mounted on
/dev/disk1s1   233Gi   10Gi  202Gi     5%  483765 2447617555    0%   /
devfs          186Ki  186Ki    0Bi   100%     643          0  100%   /dev
/dev/disk1s2   233Gi   19Gi  202Gi     9%  272213 2447829107    0%   /System/Volumes/Data
/dev/disk1s5   233Gi  2.0Gi  202Gi     1%       1 2448101319    0%   /private/var/vm
map auto_home    0Bi    0Bi    0Bi   100%       0          0  100%   /System/Volumes/Data/home
transfer115502:~ root# mount
/dev/disk1s1 on / (apfs, local, read-only, journaled)
devfs on /dev (devfs, local, nobrowse)
/dev/disk1s2 on /System/Volumes/Data (apfs, local, journaled, nobrowse)
/dev/disk1s5 on /private/var/vm (apfs, local, journaled, nobrowse)
map auto_home on /System/Volumes/Data/home (autofs, automounted, nobrowse)
transfer115502:~ root# who -r
   .       run-level 3
transfer115502:~ root# remount / rw
transfer115502:~ root# mv /System/Library/Extensions/IO80211Family* /var/root/DISABLED_EXTENSIONS/System/Library/Extensions
mv: /System/Library/Extensions/IO80211Family.kext: unable to copy extended attributes to /var/root/DISABLED_EXTENSIONS/System/Library/Extensions/IO80211Family.kext: Operation not permitted
mv: /System/Library/Extensions/IO80211FamilyV2.kext: unable to copy extended attributes to /var/root/DISABLED_EXTENSIONS/System/Library/Extensions/IO80211FamilyV2.kext: Operation not permitted
transfer115502:~ root#
transfer115502:~ root# ls -al /var/root/DISABLED_EXTENSIONS/System/Library/Extensions  <- though an "Operation not permitted" error appears - you can see these files were moved
total 0
drwxr-xr-x  4 root  wheel  128 Jan 27 12:05 .
drwxr-xr-x  3 root  wheel   96 Jan 24 13:17 ..
drwxr-xr-x  3 root  wheel   96 Nov 20 20:29 IO80211Family.kext
drwxr-xr-x  3 root  wheel   96 Nov 20 20:05 IO80211FamilyV2.kext
transfer115502:~ root# ls -al /System/Library/Extensions | grep 80211
transfer115502:~ root#                                                                 <- the prompt returns blank.  The files are no longer present in /System/Library/Extensions


0 Plus One's     0 Comments