mirror of
https://github.com/dortania/OpenCore-Legacy-Patcher.git
synced 2026-06-20 14:10:51 +10:00
Support decoding SIP value
This commit is contained in:
Mykola Grymalyuk
@@ -5,6 +5,9 @@
|
|||||||
- Add Root Volume patching for older machines
|
- Add Root Volume patching for older machines
|
||||||
- AppleHDA Patch for 2011 and older (Excluding MacPro4,1+)
|
- AppleHDA Patch for 2011 and older (Excluding MacPro4,1+)
|
||||||
- AppleBCM5701Ethernet patch for certian 2009-2011 Macs
|
- AppleBCM5701Ethernet patch for certian 2009-2011 Macs
|
||||||
|
- Fix CPU Speed reporting
|
||||||
|
- Increment binaries
|
||||||
|
- OpenCore c92bcb7 (0.6.8 rolling - 2021-03-20)
|
||||||
|
|
||||||
## 0.0.18
|
## 0.0.18
|
||||||
- Disable Vault by default due to breaking installations
|
- Disable Vault by default due to breaking installations
|
||||||
|
|||||||
+16
-1
@@ -9,7 +9,7 @@ from pathlib import Path
|
|||||||
class Constants:
|
class Constants:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.patcher_version = "0.0.19"
|
self.patcher_version = "0.0.19"
|
||||||
self.opencore_commit = "7bb41aa - 2021-03-06"
|
self.opencore_commit = "c92bcb7 - 2021-03-20"
|
||||||
self.opencore_version = "0.6.8"
|
self.opencore_version = "0.6.8"
|
||||||
self.lilu_version = "1.5.1"
|
self.lilu_version = "1.5.1"
|
||||||
self.whatevergreen_version = "1.4.8"
|
self.whatevergreen_version = "1.4.8"
|
||||||
@@ -206,3 +206,18 @@ class Constants:
|
|||||||
def gpusupport_path(self): return self.payload_apple_private_frameworks_path / Path("GPUSupport.framework")
|
def gpusupport_path(self): return self.payload_apple_private_frameworks_path / Path("GPUSupport.framework")
|
||||||
@property
|
@property
|
||||||
def skylight_path(self): return self.payload_apple_private_frameworks_path / Path("SkyLight.framework")
|
def skylight_path(self): return self.payload_apple_private_frameworks_path / Path("SkyLight.framework")
|
||||||
|
|
||||||
|
csr_values = [
|
||||||
|
"CSR_ALLOW_UNTRUSTED_KEXTS ",# 0x1 - Introduced in El Capitan
|
||||||
|
"CSR_ALLOW_UNRESTRICTED_FS ",# 0x2 - Introduced in El Capitan
|
||||||
|
"CSR_ALLOW_TASK_FOR_PID ",# 0x4 - Introduced in El Capitan
|
||||||
|
"CSR_ALLOW_KERNEL_DEBUGGER ",# 0x8 - Introduced in El Capitan
|
||||||
|
"CSR_ALLOW_APPLE_INTERNAL ",# 0x10 - Introduced in El Capitan
|
||||||
|
"CSR_ALLOW_UNRESTRICTED_DTRACE ",# 0x20 - Introduced in El Capitan
|
||||||
|
"CSR_ALLOW_UNRESTRICTED_NVRAM ",# 0x40 - Introduced in El Capitan
|
||||||
|
"CSR_ALLOW_DEVICE_CONFIGURATION ",# 0x80 - Introduced in El Capitan
|
||||||
|
"CSR_ALLOW_ANY_RECOVERY_OS ",# 0x100 - Introduced in Sierra
|
||||||
|
"CSR_ALLOW_UNAPPROVED_KEXTS ",# 0x200 - Introduced in High Sierra
|
||||||
|
"CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE",# 0x400 - Introduced in Mojave
|
||||||
|
"CSR_ALLOW_UNAUTHENTICATED_ROOT ",# 0x800 - Introduced in Big Sur
|
||||||
|
]
|
||||||
+49
-11
@@ -1,4 +1,9 @@
|
|||||||
# Framework for mounting and patching macOS root volume
|
# Framework for mounting and patching macOS root volume
|
||||||
|
# Missing Features:
|
||||||
|
# - Full System/Library Snapshotting (need to research how Apple achieves this)
|
||||||
|
# - Work-around battery throttling on laptops with no battery (IOPlatformPluginFamily.kext/Contents/PlugIns/ACPI_SMC_PlatformPlugin.kext/Contents/Resources/)
|
||||||
|
# - csr-active-config parsing
|
||||||
|
# - Add kmutil error checking
|
||||||
from __future__ import print_function
|
from __future__ import print_function
|
||||||
|
|
||||||
import binascii
|
import binascii
|
||||||
@@ -18,6 +23,21 @@ class PatchSysVolume:
|
|||||||
self.model = model
|
self.model = model
|
||||||
self.constants: Constants.Constants = versions
|
self.constants: Constants.Constants = versions
|
||||||
|
|
||||||
|
def csr_decode(self, sip_raw, print_status):
|
||||||
|
sip_int = int.from_bytes(sip_raw, byteorder='little')
|
||||||
|
i = 0
|
||||||
|
for current_sip_bit in self.constants.csr_values:
|
||||||
|
if sip_int & (1 << i):
|
||||||
|
temp = True
|
||||||
|
# The below array are values that don't affect the ability to patch
|
||||||
|
if current_sip_bit not in ["CSR_ALLOW_TASK_FOR_PID ", "CSR_ALLOW_KERNEL_DEBUGGER ", "CSR_ALLOW_APPLE_INTERNAL ", "CSR_ALLOW_ANY_RECOVERY_OS ",]:
|
||||||
|
self.sip_patch_status = False
|
||||||
|
else:
|
||||||
|
temp = False
|
||||||
|
if print_status is True:
|
||||||
|
print(f"- {current_sip_bit}\t {temp}")
|
||||||
|
i = i + 1
|
||||||
|
|
||||||
def find_mount_root_vol(self):
|
def find_mount_root_vol(self):
|
||||||
root_partition_info = plistlib.loads(subprocess.run("diskutil info -plist /".split(), stdout=subprocess.PIPE).stdout.decode().strip().encode())
|
root_partition_info = plistlib.loads(subprocess.run("diskutil info -plist /".split(), stdout=subprocess.PIPE).stdout.decode().strip().encode())
|
||||||
self.root_mount_path = root_partition_info["DeviceIdentifier"]
|
self.root_mount_path = root_partition_info["DeviceIdentifier"]
|
||||||
@@ -175,8 +195,8 @@ class PatchSysVolume:
|
|||||||
print("Root Patching must be done on target machine!")
|
print("Root Patching must be done on target machine!")
|
||||||
elif self.model in ModelArray.NoRootPatch11:
|
elif self.model in ModelArray.NoRootPatch11:
|
||||||
print("Root Patching not required for this machine!")
|
print("Root Patching not required for this machine!")
|
||||||
elif self.model not in ModelArray.SupportedSMBIOS:
|
elif self.model in ModelArray.SupportedSMBIOS:
|
||||||
print("Cannot run on this machine!")
|
print("Cannot run on this machine, model is unsupported!")
|
||||||
elif self.constants.detected_os < 10.16:
|
elif self.constants.detected_os < 10.16:
|
||||||
print(f"Cannot run on this OS: {self.constants.detected_os}")
|
print(f"Cannot run on this OS: {self.constants.detected_os}")
|
||||||
else:
|
else:
|
||||||
@@ -184,28 +204,46 @@ class PatchSysVolume:
|
|||||||
try:
|
try:
|
||||||
sip_status = nvram_dump["csr-active-config"]
|
sip_status = nvram_dump["csr-active-config"]
|
||||||
except KeyError:
|
except KeyError:
|
||||||
print("- csr-active-config var is missing")
|
|
||||||
sip_status = b'\x00\x00\x00\x00'
|
sip_status = b'\x00\x00\x00\x00'
|
||||||
|
|
||||||
smb_model: str = subprocess.run("nvram 94B73556-2197-4702-82A8-3E1337DAFBFB:HardwareModel ".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout.decode()
|
smb_model: str = subprocess.run("nvram 94B73556-2197-4702-82A8-3E1337DAFBFB:HardwareModel ".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout.decode()
|
||||||
if not smb_model.startswith("nvram: Error getting variable"):
|
if not smb_model.startswith("nvram: Error getting variable"):
|
||||||
smb_model = [line.strip().split(":HardwareModel ", 1)[1] for line in smb_model.split("\n") if line.strip().startswith("94B73556-2197-4702-82A8-3E1337DAFBFB:")][0]
|
smb_model = [line.strip().split(":HardwareModel ", 1)[1] for line in smb_model.split("\n") if line.strip().startswith("94B73556-2197-4702-82A8-3E1337DAFBFB:")][0]
|
||||||
if smb_model.startswith("j137"):
|
if smb_model.startswith("j137"):
|
||||||
smb_status = "Enabled"
|
smb_status = True
|
||||||
else:
|
else:
|
||||||
smb_status = "Disabled"
|
smb_status = False
|
||||||
else:
|
else:
|
||||||
smb_status = "Disabled"
|
smb_status = False
|
||||||
|
fv_status = True
|
||||||
|
fv_status: str = subprocess.run("fdesetup status".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout.decode()
|
||||||
|
if fv_status.startswith("FileVault is Off"):
|
||||||
|
fv_status = False
|
||||||
|
else:
|
||||||
|
fv_status = True
|
||||||
|
|
||||||
if (sip_status == b'\xef\x0f\x00\x00') and (smb_status == "Disabled"):
|
|
||||||
|
self.sip_patch_status = True
|
||||||
|
self.csr_decode(sip_status, False)
|
||||||
|
utilities.cls()
|
||||||
|
if (self.sip_patch_status is False) and (smb_status is False):
|
||||||
print("- Detected SIP and SecureBootModel are disabled, continuing")
|
print("- Detected SIP and SecureBootModel are disabled, continuing")
|
||||||
input("\nPress [ENTER] to continue")
|
input("\nPress [ENTER] to continue")
|
||||||
self.find_mount_root_vol()
|
self.find_mount_root_vol()
|
||||||
self.unmount_drive()
|
self.unmount_drive()
|
||||||
print("- Patching complete")
|
print("- Patching complete")
|
||||||
print("\nPlease reboot the machine for patches to take effect")
|
print("\nPlease reboot the machine for patches to take effect")
|
||||||
else:
|
if self.sip_patch_status is True:
|
||||||
print("- SIP and SecureBootModel set incorrectly, unable to patch")
|
print("SIP set incorrectly, cannot patch on this machine!")
|
||||||
print("\nPlease disable SIP and SecureBootModel in Patcher Settings")
|
print("Please disable SIP and SecureBootModel in Patcher Settings")
|
||||||
print("Then build OpenCore again, reinstall OpenCore to your drive and reboot.")
|
self.csr_decode(sip_status, True)
|
||||||
|
print("")
|
||||||
|
if smb_status is True:
|
||||||
|
print("SecureBootModel set incorrectly, unable to patch!")
|
||||||
|
print("Please disable SecureBootModel in Patcher Settings")
|
||||||
|
print("")
|
||||||
|
if fv_status is True:
|
||||||
|
print("FileVault enabled, unable to patch!")
|
||||||
|
print("Please disable FileVault in System Preferences")
|
||||||
|
print("")
|
||||||
input("Press [Enter] to go exit.")
|
input("Press [Enter] to go exit.")
|
||||||
Binary file not shown.
Binary file not shown.
Reference in New Issue
Block a user