defaults: Add proper AMFI vs LV logic

2026-04-14 04:38:20 +10:00 · 2022-09-14 18:21:21 -06:00
parent bf9d6f678e
commit 0693e345d0
3 changed files with 7 additions and 3 deletions
--- a/resources/build.py
+++ b/resources/build.py
@@ -1006,7 +1006,8 @@ class BuildOpenCore:
            # Before merging into mainline, this needs to be resolved
            self.get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Disable Library Validation Enforcement")["Enabled"] = True
            self.get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Disable _csr_check() in _vnode_check_signature")["Enabled"] = True
-            self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " amfi=0x80"
+            if self.constants.disable_amfi is True:
+                self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " amfi=0x80"
            self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_amfi"
            # CSLVFixup simply patches out __RESTRICT and __restrict out of the Music.app Binary
            # Ref: https://pewpewthespells.com/blog/blocking_code_injection_on_ios_and_os_x.html
--- a/resources/constants.py
+++ b/resources/constants.py
@@ -151,6 +151,7 @@ class Constants:
        self.secure_status = False  #     Secure Boot Model
        self.vault = False  #             EFI Vault
        self.disable_cs_lv = False  #     Disable Library validation
+        self.disable_amfi = False  #      Disable AMFI

        ## OS Settings
        self.os_support = 12.0
--- a/resources/defaults.py
+++ b/resources/defaults.py
@@ -36,8 +36,9 @@ class generate_defaults:
            if utilities.check_metal_support(device_probe, settings.computer) is False:
                for gpu in settings.computer.gpus:
                    if isinstance(gpu, device_probe.AMD) or isinstance(gpu, device_probe.NVIDIA):
-                        settings.disable_cs_lv = True
+                        settings.disable_amfi = True
                        break
+                settings.disable_cs_lv = True
                settings.secure_status = False
                settings.sip_status = False
                settings.allow_fv_root = True
@@ -188,6 +189,7 @@ class generate_defaults:
            settings.force_nv_web = True

        if model in model_array.ModernGPU:
+            settings.disable_cs_lv = True
            for gpu in smbios_data.smbios_dictionary[model]["Stock GPUs"]:
                if gpu in [
                    device_probe.NVIDIA.Archs.Kepler,
@@ -195,4 +197,4 @@ class generate_defaults:
                    device_probe.AMD.Archs.Legacy_GCN_8000,
                    device_probe.AMD.Archs.Legacy_GCN_9000,
                ]:
-                    settings.disable_cs_lv = True
+                    settings.disable_amfi = True