diff --git a/gui/gui_main.py b/gui/gui_main.py index e8a7b8c6b..9c22faec6 100644 --- a/gui/gui_main.py +++ b/gui/gui_main.py @@ -2302,11 +2302,11 @@ class wx_python_gui: if user_choice == self.computer.real_model: print(f"Using Real Model: {user_choice}") self.constants.custom_model = None - defaults.generate_defaults.probe(self.computer.real_model, True, self.constants) + defaults.generate_defaults(self.computer.real_model, True, self.constants) else: print(f"Using Custom Model: {user_choice}") self.constants.custom_model = user_choice - defaults.generate_defaults.probe(self.constants.custom_model, False, self.constants) + defaults.generate_defaults(self.constants.custom_model, False, self.constants) # Reload Settings self.settings_menu(None) diff --git a/resources/arguments.py b/resources/arguments.py index 08a900864..fe571d163 100644 --- a/resources/arguments.py +++ b/resources/arguments.py @@ -17,7 +17,7 @@ class arguments: if self.args.model: print(f"- Using custom model: {self.args.model}") settings.custom_model = self.args.model - defaults.generate_defaults.probe(settings.custom_model, False, settings) + defaults.generate_defaults(settings.custom_model, False, settings) elif settings.computer.real_model not in model_array.SupportedSMBIOS and settings.allow_oc_everywhere is False: print( """Your model is not supported by this patcher for running unsupported OSes!" @@ -27,7 +27,7 @@ class arguments: sys.exit(1) else: print(f"- Using detected model: {settings.computer.real_model}") - defaults.generate_defaults.probe(settings.custom_model, True, settings) + defaults.generate_defaults(settings.custom_model, True, settings) if self.args.disk: print(f"- Install Disk set: {self.args.disk}") diff --git a/resources/build.py b/resources/build.py index 6df9f89c2..ffae6bb6d 100644 --- a/resources/build.py +++ b/resources/build.py @@ -1000,9 +1000,14 @@ class BuildOpenCore: print("- Set SIP to allow Root Volume patching") self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = binascii.unhexlify("03080000") - # if self.constants.amfi_status is False: - # print("- Disabling AMFI") - # self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " amfi_get_out_of_my_way=1" + # apfs.kext has an undocumented boot-arg that allows FileVault usage on broken APFS seals (-arv_allow_fv) + # This is however hidden behind kern.development, thus we patch _apfs_filevault_allowed to always return true + # Note this function was added in 11.3 (20E232, 20.4), older builds do not support this (ie. 11.2.3) + print("- Allowing FileVault on Root Patched systems") + self.get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Force FileVault on Broken Seal")["Enabled"] = True + # Lets us check in sys_patch.py if config supports FileVault + self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_fv" + if self.constants.disable_cs_lv is True: print("- Disabling Library Validation") # In Ventura, LV patch broke. For now, add AMFI arg @@ -1063,14 +1068,6 @@ class BuildOpenCore: # Haswell and Broadwell MacBooks lock out the VMX bit if booting UEFI Windows print("- Enabling VMX Bit for non-macOS OSes") self.config["UEFI"]["Quirks"]["EnableVmx"] = True - if self.constants.allow_fv_root is True: - # apfs.kext has an undocumented boot-arg that allows FileVault usage on broken APFS seals (-arv_allow_fv) - # This is however hidden behind kern.development, thus we patch _apfs_filevault_allowed to always return true - # Note this function was added in 11.3 (20E232, 20.4), older builds do not support this (ie. 11.2.3) - print("- Allowing FileVault on Root Patched systems") - self.get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Force FileVault on Broken Seal")["Enabled"] = True - # Lets us check in sys_patch.py if config supports FileVault - self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_fv" if smbios_data.smbios_dictionary[self.model]["CPU Generation"] <= cpu_data.cpu_data.ivy_bridge.value: print("- Enabling Rosetta Cryptex support in Ventura") self.enable_kext("CryptexFixup.kext", self.constants.cryptexfixup_version, self.constants.cryptexfixup_path) diff --git a/resources/cli_menu.py b/resources/cli_menu.py index 5632abfbb..342befda6 100644 --- a/resources/cli_menu.py +++ b/resources/cli_menu.py @@ -983,7 +983,7 @@ system_profiler SPHardwareDataType | grep 'Model Identifier' print("\n".join(model_array.SupportedSMBIOS)) input("\nPress [ENTER] to continue") else: - defaults.generate_defaults.probe(self.constants.custom_model, False, self.constants) + defaults.generate_defaults(self.constants.custom_model, False, self.constants) def PatchVolume(self): utilities.cls() diff --git a/resources/constants.py b/resources/constants.py index 95b8266e8..f1968554a 100644 --- a/resources/constants.py +++ b/resources/constants.py @@ -160,7 +160,6 @@ class Constants: self.detected_os = 0 # Major Kernel Version self.detected_os_minor = 0 # Minor Kernel Version self.detected_os_build = "" # OS Build - self.allow_fv_root = False # Allow FileVault on broken sealed snapshots ## Boot Volume Settings self.firewire_boot = False # Allow macOS FireWire Boot @@ -600,7 +599,7 @@ class Constants: @property def payload_local_binaries_root_path_zip(self): return self.payload_path / Path("Universal-Binaries.zip") - + @property def kdk_download_path(self): return self.payload_path / Path("KDK.dmg") diff --git a/resources/defaults.py b/resources/defaults.py index 127755d2e..6f72b271d 100644 --- a/resources/defaults.py +++ b/resources/defaults.py @@ -1,194 +1,204 @@ # Generate Default Data from resources import utilities, device_probe, generate_smbios, global_settings -from data import model_array, smbios_data, cpu_data, os_data +from data import smbios_data, cpu_data, os_data import subprocess class generate_defaults: - def probe(model, host_is_target, settings): - # Generate Default Data - # Takes in Settings data set, and returns updated Settings - settings.sip_status = True - settings.secure_status = False # Default false for Monterey - settings.amfi_status = True - settings.custom_serial_number = "" - settings.custom_board_serial_number = "" - if host_is_target: - settings.custom_serial_number = utilities.get_nvram("OCLP-Spoofed-SN", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True) - settings.custom_board_serial_number = utilities.get_nvram("OCLP-Spoofed-MLB", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True) - if settings.custom_serial_number is None or settings.custom_board_serial_number is None: - # If either variables are missing, we assume something is wrong with the spoofed variables and reset - settings.custom_serial_number = "" - settings.custom_board_serial_number = "" + def __init__(self, model, host_is_target, settings): + self.model = model + self.constants = settings + self.host_is_target = host_is_target - if settings.computer.usb_controllers: - try: - if smbios_data.smbios_dictionary[model]["CPU Generation"] < cpu_data.cpu_data.ivy_bridge.value: + # Reset Variables + self.constants.sip_status = True + self.constants.secure_status = False + self.constants.amfi_status = True + self.constants.disable_cs_lv = False + self.constants.disable_amfi = False + + self.constants.custom_serial_number = "" + self.constants.custom_board_serial_number = "" + + self.general_probe() + self.nvram_probe() + self.gpu_probe() + self.networking_probe() + self.misc_hardwares_probe() + self.smbios_probe() + + + def general_probe(self): + + if "Book" in self.model: + self.constants.set_content_caching = False + else: + self.constants.set_content_caching = True + + if self.model in ["MacBookPro8,2", "MacBookPro8,3"]: + # Users disabling TS2 most likely have a faulty dGPU + # users can override this in settings + ts2_status = global_settings.global_settings().read_property("MacBookPro_TeraScale_2_Accel") + if ts2_status is True: + self.constants.allow_ts2_accel = True + else: + global_settings.global_settings().write_property("MacBookPro_TeraScale_2_Accel", False) + self.constants.allow_ts2_accel = False + + if self.model in smbios_data.smbios_dictionary: + if smbios_data.smbios_dictionary[self.model]["CPU Generation"] < cpu_data.cpu_data.ivy_bridge.value and self.model != "MacPro5,1": + # Sidecar and AirPlay to Mac only blacklist Ivy and newer (as well as MacPro5,1) + # Avoid extra patching without benefit + self.constants.fu_arguments = " -disable_sidecar_mac" + else: + self.constants.fu_arguments = None + + if smbios_data.smbios_dictionary[self.model]["CPU Generation"] >= cpu_data.cpu_data.skylake.value: + # On 2016-2017 MacBook Pros, 15" devices used a stock Samsung SSD with IONVMeController + # Technically this should be patched based on NVMeFix.kext logic, + # however Apple deemed the SSD unsupported for enhanced performance + # In addition, some upgraded NVMe drives still have issues with enhanced power management + # Safest to disable by default, allow user to configure afterwards + self.constants.allow_nvme_fixing = False + else: + self.constants.allow_nvme_fixing = True + + # Check if running in RecoveryOS + self.constants.recovery_status = utilities.check_recovery() + + if global_settings.global_settings().read_property("Force_Web_Drivers") is True: + self.constants.force_nv_web = True + + def smbios_probe(self): + if not self.host_is_target: + if self.model in ["MacPro4,1", "MacPro5,1"]: + # Allow H.265 on AMD + # Assume 2009+ machines have Polaris on pre-builts (internal testing) + # Hardware Detection will never hit this + self.constants.serial_settings = "Minimal" + + # Check if model uses T2 SMBIOS, if so see if it needs root patching (determined earlier on via SIP variable) + # If not, allow SecureBootModel usage, otherwise force VMM patching + # Needed for macOS Monterey to allow OTA updates + try: + spoof_model = generate_smbios.set_smbios_model_spoof(self.model) + except: + # Native Macs (mainly M1s) will error out as they don't know what SMBIOS to spoof to + # As we don't spoof on native models, we can safely ignore this + spoof_model = self.model + + + if spoof_model in smbios_data.smbios_dictionary: + if smbios_data.smbios_dictionary[spoof_model]["SecureBootModel"] is not None: + if self.constants.sip_status is False: + # Force VMM as root patching breaks .im4m signature + self.constants.secure_status = False + self.constants.force_vmm = True + else: + # Allow SecureBootModel + self.constants.secure_status = True + self.constants.force_vmm = False + + + def nvram_probe(self): + if not self.host_is_target: + return + + if "-v" in (utilities.get_nvram("boot-args") or ""): + self.constants.verbose_debug = True + + self.constants.custom_serial_number = utilities.get_nvram("OCLP-Spoofed-SN", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True) + self.constants.custom_board_serial_number = utilities.get_nvram("OCLP-Spoofed-MLB", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True) + if self.constants.custom_serial_number is None or self.constants.custom_board_serial_number is None: + # If either variables are missing, we assume something is wrong with the spoofed variables and reset + self.constants.custom_serial_number = "" + self.constants.custom_board_serial_number = "" + + custom_cpu_model_value = utilities.get_nvram("revcpuname", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True) + if custom_cpu_model_value is not None: + # TODO: Fix to not use two separate variables + self.constants.custom_cpu_model = 1 + self.constants.custom_cpu_model_value = custom_cpu_model_value.split("%00")[0] + + + def networking_probe(self): + if ( + isinstance(self.constants.computer.wifi, device_probe.Broadcom) and + self.constants.computer.wifi.chipset in [device_probe.Broadcom.Chipsets.AirPortBrcm4331, device_probe.Broadcom.Chipsets.AirPortBrcm43224] + ) or ( + isinstance(self.constants.computer.wifi, device_probe.Atheros) and + self.constants.computer.wifi.chipset == device_probe.Atheros.Chipsets.AirPortAtheros40 + ): + # 12.0: Legacy Wireless chipsets require root patching + self.constants.sip_status = False + self.constants.secure_status = False + + + def misc_hardwares_probe(self): + if self.host_is_target: + if self.constants.computer.usb_controllers: + if self.model in smbios_data.smbios_dictionary: + if smbios_data.smbios_dictionary[self.model]["CPU Generation"] < cpu_data.cpu_data.ivy_bridge.value: # Pre-Ivy do not natively support XHCI boot support # If we detect XHCI on older model, enable - for controller in settings.computer.usb_controllers: + for controller in self.constants.computer.usb_controllers: if isinstance(controller, device_probe.XHCIController): - settings.xhci_boot = True + self.constants.xhci_boot = True break - except KeyError: - pass - if utilities.check_metal_support(device_probe, settings.computer) is False: - settings.disable_amfi = True - settings.disable_cs_lv = True - settings.secure_status = False - settings.sip_status = False - settings.allow_fv_root = True - settings.host_is_non_metal = True - # If a Mac is non-Metal based, Beta Blur is highly recommended - if settings.detected_os >= os_data.os_data.big_sur: - for arg in ["Moraea_BlurBeta"]: - # If user explicitly set the blur, don't override - arg_result = subprocess.run(["defaults", "read", "-g", arg], stdout=subprocess.PIPE).stdout.decode("utf-8").strip() - if arg_result not in ["true", "1", "false", "0"]: - subprocess.run(["defaults", "write", "-g", arg, "-bool", "TRUE"]) - if settings.computer.gpus: - for gpu in settings.computer.gpus: - if gpu.arch == device_probe.NVIDIA.Archs.Kepler: - # 12.0 (B7+): Kepler are now unsupported - settings.sip_status = False - settings.amfi_status = True - settings.allow_fv_root = True # Allow FileVault on broken seal - break - elif gpu.arch in [device_probe.NVIDIA.Archs.Fermi, device_probe.NVIDIA.Archs.Maxwell, device_probe.NVIDIA.Archs.Pascal]: - settings.custom_sip_value = "0xA03" - break - if ( - isinstance(settings.computer.wifi, device_probe.Broadcom) - and settings.computer.wifi.chipset in [device_probe.Broadcom.Chipsets.AirPortBrcm4331, device_probe.Broadcom.Chipsets.AirPortBrcm43224] - ) or (isinstance(settings.computer.wifi, device_probe.Atheros) and settings.computer.wifi.chipset == device_probe.Atheros.Chipsets.AirPortAtheros40): - # 12.0: Legacy Wireless chipsets require root patching - settings.sip_status = False - settings.allow_fv_root = True # Allow FileVault on broken seal + def gpu_probe(self): + gpu_dict = [] + if self.host_is_target: + gpu_dict = self.constants.computer.gpus + else: + if self.model in smbios_data.smbios_dictionary: + gpu_dict = smbios_data.smbios_dictionary[self.model]["Stock GPUs"] - if settings.computer.gpus: - for gpu in settings.computer.gpus: - if gpu.arch in [ + for gpu in gpu_dict: + if self.host_is_target: + gpu = gpu.arch + + # Legacy Metal Logic + if gpu in [ + device_probe.Intel.Archs.Ivy_Bridge, + device_probe.Intel.Archs.Haswell, + device_probe.Intel.Archs.Broadwell, + device_probe.Intel.Archs.Skylake, + device_probe.NVIDIA.Archs.Kepler, + device_probe.AMD.Archs.Legacy_GCN_7000, + device_probe.AMD.Archs.Legacy_GCN_8000, + device_probe.AMD.Archs.Legacy_GCN_9000, + device_probe.AMD.Archs.Polaris, + ]: + if gpu in [ device_probe.AMD.Archs.Legacy_GCN_7000, device_probe.AMD.Archs.Legacy_GCN_8000, device_probe.AMD.Archs.Legacy_GCN_9000, device_probe.AMD.Archs.Polaris, device_probe.AMD.Archs.Vega, device_probe.AMD.Archs.Navi, - ]: - # Allow H.265 on AMD - try: - smbios_data.smbios_dictionary[model]["Socketed GPUs"] - settings.serial_settings = "Minimal" - except KeyError: - pass - break - elif model in ["MacPro4,1", "MacPro5,1"]: - # Allow H.265 on AMD - # Assume 2009+ machines have Polaris on pre-builts (internal testing) - # Hardware Detection will never hit this - settings.serial_settings = "Minimal" - elif model in model_array.LegacyGPU: - settings.disable_cs_lv = True - settings.disable_amfi = True + ]: + # Allow H.265 on AMD + if self.model in smbios_data.smbios_dictionary: + if "Socketed GPUs" in smbios_data.smbios_dictionary[self.model]: + self.constants.serial_settings = "Minimal" - if model in model_array.LegacyGPU: - if host_is_target and utilities.check_metal_support(device_probe, settings.computer) is True: - # Building on device and we have a native, supported GPU - if settings.computer.dgpu and settings.computer.dgpu.arch == device_probe.NVIDIA.Archs.Kepler: - settings.sip_status = False - # settings.secure_status = True # Monterey - settings.allow_fv_root = True # Allow FileVault on broken seal - else: - settings.sip_status = False # Unsigned kexts - settings.secure_status = False # Root volume modified - settings.amfi_status = False # Unsigned binaries - settings.allow_fv_root = True # Allow FileVault on broken seal - if model in model_array.ModernGPU: - # Systems with Ivy or Kepler GPUs, Monterey requires root patching for accel - settings.sip_status = False # Unsigned kexts - settings.secure_status = False # Modified root volume - settings.allow_fv_root = True # Allow FileVault on broken seal - # settings.amfi_status = True # Signed bundles, Don't need to explicitly set currently + # See if system can use the native AMD stack in Ventura + if gpu == device_probe.AMD.Archs.Polaris: + if self.host_is_target: + if "AVX2" in self.constants.computer.cpu.leafs: + continue + else: + if self.model in smbios_data.smbios_dictionary: + if smbios_data.smbios_dictionary[self.model]["CPU Generation"] >= cpu_data.cpu_data.haswell.value: + continue - if "Book" in model: - settings.set_content_caching = False - else: - settings.set_content_caching = True + self.constants.sip_status = False + self.constants.secure_status = False + self.constants.disable_cs_lv = True - custom_cpu_model_value = utilities.get_nvram("revcpuname", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True) - if custom_cpu_model_value is not None: - # TODO: Fix to not use two separate variables - settings.custom_cpu_model = 1 - settings.custom_cpu_model_value = custom_cpu_model_value.split("%00")[0] - - if "-v" in (utilities.get_nvram("boot-args") or ""): - settings.verbose_debug = True - - - if model in ["MacBookPro8,2", "MacBookPro8,3"]: - # Users disabling TS2 most likely have a faulty dGPU - # users can override this in settings - ts2_status = global_settings.global_settings().read_property("MacBookPro_TeraScale_2_Accel") - if ts2_status is True: - settings.allow_ts2_accel = True - else: - global_settings.global_settings().write_property("MacBookPro_TeraScale_2_Accel", False) - settings.allow_ts2_accel = False - - try: - if smbios_data.smbios_dictionary[model]["CPU Generation"] < cpu_data.cpu_data.ivy_bridge.value and model != "MacPro5,1": - # Sidecar and AirPlay to Mac only blacklist Ivy and newer (as well as MacPro5,1) - # Avoid extra patching without benefit - settings.fu_arguments = " -disable_sidecar_mac" - else: - settings.fu_arguments = None - if smbios_data.smbios_dictionary[model]["CPU Generation"] >= cpu_data.cpu_data.skylake.value: - # On 2016-2017 MacBook Pros, 15" devices used a stock Samsung SSD with IONVMeController - # Technically this should be patched based on NVMeFix.kext logic, - # however Apple deemed the SSD unsupported for enhanced performance - # In addition, some upgraded NVMe drives still have issues with enhanced power management - # Safest to disable by default, allow user to configure afterwards - settings.allow_nvme_fixing = False - else: - settings.allow_nvme_fixing = True - except KeyError: - pass - - # Check if running in RecoveryOS - settings.recovery_status = utilities.check_recovery() - - # Check if model uses T2 SMBIOS, if so see if it needs root patching (determined earlier on via SIP variable) - # If not, allow SecureBootModel usage, otherwise force VMM patching - # Needed for macOS Monterey to allow OTA updates - try: - spoof_model = generate_smbios.set_smbios_model_spoof(model) - except: - # Native Macs (mainly M1s) will error out as they don't know what SMBIOS to spoof to - # As we don't spoof on native models, we can safely ignore this - spoof_model = model - try: - if smbios_data.smbios_dictionary[spoof_model]["SecureBootModel"] is not None: - if settings.sip_status is False: - # Force VMM as root patching breaks .im4m signature - settings.secure_status = False - settings.force_vmm = True - else: - # Allow SecureBootModel - settings.secure_status = True - settings.force_vmm = False - except KeyError: - pass - - nv_web_status = global_settings.global_settings().read_property("Force_Web_Drivers") - if nv_web_status is True: - settings.force_nv_web = True - - if model in model_array.ModernGPU: - settings.disable_cs_lv = True - for gpu in smbios_data.smbios_dictionary[model]["Stock GPUs"]: if gpu in [ device_probe.NVIDIA.Archs.Kepler, device_probe.AMD.Archs.Legacy_GCN_7000, @@ -196,6 +206,30 @@ class generate_defaults: device_probe.AMD.Archs.Legacy_GCN_9000, device_probe.AMD.Archs.Polaris, ]: - if gpu == device_probe.AMD.Archs.Polaris and smbios_data.smbios_dictionary[model]["CPU Generation"] >= cpu_data.cpu_data.haswell.value: - continue - settings.disable_amfi = True \ No newline at end of file + self.constants.disable_amfi = True + + # Non-Metal Logic + elif gpu in [ + device_probe.Intel.Archs.Iron_Lake, + device_probe.Intel.Archs.Sandy_Bridge, + device_probe.NVIDIA.Archs.Tesla, + device_probe.NVIDIA.Archs.Fermi, + device_probe.NVIDIA.Archs.Maxwell, + device_probe.NVIDIA.Archs.Pascal, + device_probe.AMD.Archs.TeraScale_1, + device_probe.AMD.Archs.TeraScale_2, + ]: + self.constants.sip_status = False + self.constants.secure_status = False + self.constants.disable_cs_lv = True + self.constants.disable_amfi = True + + if self.host_is_target: + self.constants.host_is_non_metal = True + # If a Mac is non-Metal based, Beta Blur is highly recommended + if self.constants.detected_os >= os_data.os_data.big_sur: + for arg in ["Moraea_BlurBeta"]: + # If user explicitly set the blur, don't override + arg_result = subprocess.run(["defaults", "read", "-g", arg], stdout=subprocess.PIPE).stdout.decode("utf-8").strip() + if arg_result not in ["true", "1", "false", "0"]: + subprocess.run(["defaults", "write", "-g", arg, "-bool", "TRUE"]) \ No newline at end of file diff --git a/resources/main.py b/resources/main.py index 9ab91f92e..c1925f4f0 100644 --- a/resources/main.py +++ b/resources/main.py @@ -53,7 +53,7 @@ class OpenCoreLegacyPatcher: branch = branch.replace("refs/heads/", "") self.constants.installer_pkg_url_nightly = self.constants.installer_pkg_url_nightly.replace("main", branch) - defaults.generate_defaults.probe(self.computer.real_model, True, self.constants) + defaults.generate_defaults(self.computer.real_model, True, self.constants) if utilities.check_cli_args() is not None: print("- Detected arguments, switching to CLI mode")