With the release of macOS Sierra 10.12.2, Apple has made one welcome change to System Integrity Protection (SIP): you can now re-enable the feature without being booted into the Recovery partition!
To re-enable SIP, you run the following command:
Please note that you will need to run this as root. To see if the command was successful, run
nvram -p and look for
csr-active-config. If the key does not exist, then SIP has been re-enabled.
csrutil status System Integrity Protection status: disabled. nvram -p csr-active-config w%00%00%00 sudo csrutil clear Password: Successfully cleared System Integrity Protection. Please restart the machine for the changes to take effect. csrutil status System Integrity Protection status: disabled. nvram -p
I have asked for an enhancement to mimic the behavior of
Hopefully Apple can have
csrutil status show something like this:
System Integrity Protection is Off, but will be enabled after the next restart.