diff --git a/CHANGELOG.md b/CHANGELOG.md index 8c399a2ce..eeeb95650 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ - Add Root Volume patching for older machines - AppleHDA Patch for 2011 and older (Excluding MacPro4,1+) - AppleBCM5701Ethernet patch for certian 2009-2011 Macs +- Fix CPU Speed reporting +- Increment binaries + - OpenCore c92bcb7 (0.6.8 rolling - 2021-03-20) ## 0.0.18 - Disable Vault by default due to breaking installations diff --git a/Resources/Constants.py b/Resources/Constants.py index 483f1b70f..016517281 100644 --- a/Resources/Constants.py +++ b/Resources/Constants.py @@ -9,7 +9,7 @@ from pathlib import Path class Constants: def __init__(self): self.patcher_version = "0.0.19" - self.opencore_commit = "7bb41aa - 2021-03-06" + self.opencore_commit = "c92bcb7 - 2021-03-20" self.opencore_version = "0.6.8" self.lilu_version = "1.5.1" self.whatevergreen_version = "1.4.8" @@ -205,4 +205,19 @@ class Constants: @property def gpusupport_path(self): return self.payload_apple_private_frameworks_path / Path("GPUSupport.framework") @property - def skylight_path(self): return self.payload_apple_private_frameworks_path / Path("SkyLight.framework") \ No newline at end of file + def skylight_path(self): return self.payload_apple_private_frameworks_path / Path("SkyLight.framework") + + csr_values = [ + "CSR_ALLOW_UNTRUSTED_KEXTS ",# 0x1 - Introduced in El Capitan + "CSR_ALLOW_UNRESTRICTED_FS ",# 0x2 - Introduced in El Capitan + "CSR_ALLOW_TASK_FOR_PID ",# 0x4 - Introduced in El Capitan + "CSR_ALLOW_KERNEL_DEBUGGER ",# 0x8 - Introduced in El Capitan + "CSR_ALLOW_APPLE_INTERNAL ",# 0x10 - Introduced in El Capitan + "CSR_ALLOW_UNRESTRICTED_DTRACE ",# 0x20 - Introduced in El Capitan + "CSR_ALLOW_UNRESTRICTED_NVRAM ",# 0x40 - Introduced in El Capitan + "CSR_ALLOW_DEVICE_CONFIGURATION ",# 0x80 - Introduced in El Capitan + "CSR_ALLOW_ANY_RECOVERY_OS ",# 0x100 - Introduced in Sierra + "CSR_ALLOW_UNAPPROVED_KEXTS ",# 0x200 - Introduced in High Sierra + "CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE",# 0x400 - Introduced in Mojave + "CSR_ALLOW_UNAUTHENTICATED_ROOT ",# 0x800 - Introduced in Big Sur + ] \ No newline at end of file diff --git a/Resources/SysPatch.py b/Resources/SysPatch.py index a8e70ca77..56c1dcb38 100644 --- a/Resources/SysPatch.py +++ b/Resources/SysPatch.py @@ -1,4 +1,9 @@ # Framework for mounting and patching macOS root volume +# Missing Features: +# - Full System/Library Snapshotting (need to research how Apple achieves this) +# - Work-around battery throttling on laptops with no battery (IOPlatformPluginFamily.kext/Contents/PlugIns/ACPI_SMC_PlatformPlugin.kext/Contents/Resources/) +# - csr-active-config parsing +# - Add kmutil error checking from __future__ import print_function import binascii @@ -18,6 +23,21 @@ class PatchSysVolume: self.model = model self.constants: Constants.Constants = versions + def csr_decode(self, sip_raw, print_status): + sip_int = int.from_bytes(sip_raw, byteorder='little') + i = 0 + for current_sip_bit in self.constants.csr_values: + if sip_int & (1 << i): + temp = True + # The below array are values that don't affect the ability to patch + if current_sip_bit not in ["CSR_ALLOW_TASK_FOR_PID ", "CSR_ALLOW_KERNEL_DEBUGGER ", "CSR_ALLOW_APPLE_INTERNAL ", "CSR_ALLOW_ANY_RECOVERY_OS ",]: + self.sip_patch_status = False + else: + temp = False + if print_status is True: + print(f"- {current_sip_bit}\t {temp}") + i = i + 1 + def find_mount_root_vol(self): root_partition_info = plistlib.loads(subprocess.run("diskutil info -plist /".split(), stdout=subprocess.PIPE).stdout.decode().strip().encode()) self.root_mount_path = root_partition_info["DeviceIdentifier"] @@ -175,8 +195,8 @@ class PatchSysVolume: print("Root Patching must be done on target machine!") elif self.model in ModelArray.NoRootPatch11: print("Root Patching not required for this machine!") - elif self.model not in ModelArray.SupportedSMBIOS: - print("Cannot run on this machine!") + elif self.model in ModelArray.SupportedSMBIOS: + print("Cannot run on this machine, model is unsupported!") elif self.constants.detected_os < 10.16: print(f"Cannot run on this OS: {self.constants.detected_os}") else: @@ -184,28 +204,46 @@ class PatchSysVolume: try: sip_status = nvram_dump["csr-active-config"] except KeyError: - print("- csr-active-config var is missing") sip_status = b'\x00\x00\x00\x00' smb_model: str = subprocess.run("nvram 94B73556-2197-4702-82A8-3E1337DAFBFB:HardwareModel ".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout.decode() if not smb_model.startswith("nvram: Error getting variable"): smb_model = [line.strip().split(":HardwareModel ", 1)[1] for line in smb_model.split("\n") if line.strip().startswith("94B73556-2197-4702-82A8-3E1337DAFBFB:")][0] if smb_model.startswith("j137"): - smb_status = "Enabled" + smb_status = True else: - smb_status = "Disabled" + smb_status = False else: - smb_status = "Disabled" + smb_status = False + fv_status = True + fv_status: str = subprocess.run("fdesetup status".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout.decode() + if fv_status.startswith("FileVault is Off"): + fv_status = False + else: + fv_status = True - if (sip_status == b'\xef\x0f\x00\x00') and (smb_status == "Disabled"): + + self.sip_patch_status = True + self.csr_decode(sip_status, False) + utilities.cls() + if (self.sip_patch_status is False) and (smb_status is False): print("- Detected SIP and SecureBootModel are disabled, continuing") input("\nPress [ENTER] to continue") self.find_mount_root_vol() self.unmount_drive() print("- Patching complete") print("\nPlease reboot the machine for patches to take effect") - else: - print("- SIP and SecureBootModel set incorrectly, unable to patch") - print("\nPlease disable SIP and SecureBootModel in Patcher Settings") - print("Then build OpenCore again, reinstall OpenCore to your drive and reboot.") + if self.sip_patch_status is True: + print("SIP set incorrectly, cannot patch on this machine!") + print("Please disable SIP and SecureBootModel in Patcher Settings") + self.csr_decode(sip_status, True) + print("") + if smb_status is True: + print("SecureBootModel set incorrectly, unable to patch!") + print("Please disable SecureBootModel in Patcher Settings") + print("") + if fv_status is True: + print("FileVault enabled, unable to patch!") + print("Please disable FileVault in System Preferences") + print("") input("Press [Enter] to go exit.") \ No newline at end of file diff --git a/payloads/OpenCore/OpenCore-DEBUG-v0.6.8.zip b/payloads/OpenCore/OpenCore-DEBUG-v0.6.8.zip index 6873d5c36..3fb839778 100644 Binary files a/payloads/OpenCore/OpenCore-DEBUG-v0.6.8.zip and b/payloads/OpenCore/OpenCore-DEBUG-v0.6.8.zip differ diff --git a/payloads/OpenCore/OpenCore-RELEASE-v0.6.8.zip b/payloads/OpenCore/OpenCore-RELEASE-v0.6.8.zip index 46f03acb4..0e31bdcc8 100644 Binary files a/payloads/OpenCore/OpenCore-RELEASE-v0.6.8.zip and b/payloads/OpenCore/OpenCore-RELEASE-v0.6.8.zip differ