I recently took part in the macadmins podcast and had a great time, but there was one comment that struck a chord with me - Marcus Ransom thanked me for writing Cacher. Cacher is my most popular github repo and while I get thanked often for creating it, my reaction usually goes something like this:
A few months ago I wrote a post detailing how to manage the EFI lock screen, loginwindow and trigger the EFI cache. It was updated many times throughout the following days and inevitably caused some confusion.
With the release of macOS Sierra 10.12.2, Apple has made one welcome change to System Integrity Protection (SIP): you can now re-enable the feature without being booted into the Recovery partition!
While I have tried to document and piece together as much as possible here, some of the statements could be inaccurate. Until Apple posts more information about this process, take everything you read below with a grain of salt. If you choose to use the methodologies in production, I offer no warranties to the integrity of your sytem.