So you've reading the Vanilla guide but something catches your eye within the guide:

0x3E7 SIP completely disabled 

Some more experienced hackintoshers may be caught off guard by this as we're generally used to seeing 0x67 for disabling System Integrity Protection(SIP) but I'll explain why 0x3E7 is the new preferred value for hackintoshes going forward

0x67

Active values:

• CSR_ALLOW_UNRESTRICTED_NVRAM
• CSR_ALLOW_UNRESTRICTED_DTRACE
• CSR_ALLOW_TASK_FOR_PID
• CSR_ALLOW_UNRESTRICTED_FS
• CSR_ALLOW_UNTRUSTED_KEXTS

0x3E7

Active values:

• CSR_ALLOW_UNAPPROVED_KEXTS
• CSR_ALLOW_ANY_RECOVERY_OS
• CSR_ALLOW_DEVICE_CONFIGURATION
• CSR_ALLOW_UNRESTRICTED_NVRAM
• CSR_ALLOW_UNRESTRICTED_DTRACE
• CSR_ALLOW_TASK_FOR_PID
• CSR_ALLOW_UNRESTRICTED_FS
• CSR_ALLOW_UNTRUSTED_KEXTS

​

What you'll notice is that there's 3 new values added:

• CSR_ALLOW_UNAPPROVED_KEXTS
• CSR_ALLOW_ANY_RECOVERY_OS: Allows for more control over volumes present in MacOS
• CSR_ALLOW_DEVICE_CONFIGURATION:

The one that's super important to us is UNAPPROVED_KEXTS as this is what's allowing us to get around MacOS 10.14.5's new kernel extension notarization which can make certain kexts not load correctly through Clover. And with how Clover seems to have a poor implementation of kext injection, it's also recommended for users on HighSierra as well to avoid any potential issues that may pop up but Sierra and ElCapitan users should avoid 0x3E7 as these values are not present.

You can even show what different CsrActiveConfig values enable/disable yourself with CorpNewt's CsrDecode tool or check what other Csr flags there are inside of Apple's public source code for Darwin(they're just bit switches so you can configure SIP to how you'd like). Hopefully someone finds this info interesting, I just realized this isn't actually written anywhere(also thanks Corp for the explainer)