Lower SIP requirement

2026-04-14 04:38:20 +10:00 · 2022-04-02 19:00:46 -06:00
parent e155613958
commit 357e446987
5 changed files with 10 additions and 9 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,9 @@
 # OpenCore Legacy Patcher changelog

 ## 0.4.4
+- Lower SIP requirement for Root Patching
+  - Sets to 0x802 (previously 0xA03)
+  - Drops `CSR_ALLOW_UNTRUSTED_KEXTS` and `CSR_ALLOW_UNAPPROVED_KEXTS`

 ## 0.4.3
 - Increment Binaries:
--- a/data/sip_data.py
+++ b/data/sip_data.py
@@ -122,9 +122,7 @@ class system_integrity_protection:

    root_patch_sip_big_sur = [
        # Variables required to root patch in Big Sur and Monterey
-        "CSR_ALLOW_UNTRUSTED_KEXTS",  #            0x1
        "CSR_ALLOW_UNRESTRICTED_FS",  #            0x2   - Required to mount and edit root volume, as well as load modded platform binaries
-        "CSR_ALLOW_UNAPPROVED_KEXTS",  #           0x200
        "CSR_ALLOW_UNAUTHENTICATED_ROOT",  #       0x800 - Required to avoid KC mismatch kernel panic
    ]

--- a/gui/gui_main.py
+++ b/gui/gui_main.py
@@ -2253,7 +2253,7 @@ class wx_python_gui:
        elif self.constants.sip_status is True:
            self.sip_value = 0x00
        else:
-            self.sip_value = 0xa03
+            self.sip_value = 0x802
        
        self.sip_label_2 = wx.StaticText(self.frame, label=f"Currently configured SIP: {hex(self.sip_value)}")
        self.sip_label_2.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_BOLD))
@@ -2262,21 +2262,21 @@ class wx_python_gui:
        )
        self.sip_label_2.Center(wx.HORIZONTAL)

-        self.sip_label_3 = wx.StaticText(self.frame, label="For older Macs requiring root patching, we set SIP to\n be partially disabled (0xa03) to allow root patching.")
+        self.sip_label_3 = wx.StaticText(self.frame, label="For older Macs requiring root patching, we set SIP to\n be partially disabled (0x802) to allow root patching.")
        self.sip_label_3.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
        self.sip_label_3.SetPosition(
            wx.Point(self.sip_label_2.GetPosition().x, self.sip_label_2.GetPosition().y + self.sip_label_2.GetSize().height + 10)
        )
        self.sip_label_3.Center(wx.HORIZONTAL)

-        self.sip_label_4 = wx.StaticText(self.frame, label="This value (0xa03) corresponds to the following bits in csr.h:")
+        self.sip_label_4 = wx.StaticText(self.frame, label="This value (0x802) corresponds to the following bits in csr.h:")
        self.sip_label_4.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
        self.sip_label_4.SetPosition(
            wx.Point(self.sip_label_3.GetPosition().x, self.sip_label_3.GetPosition().y + self.sip_label_3.GetSize().height + 5)
        )
        self.sip_label_4.Center(wx.HORIZONTAL)

-        self.sip_label_5 = wx.StaticText(self.frame, label="   0x1     - CSR_ALLOW_UNTRUSTED_KEXTS\n   0x2     - CSR_ALLOW_UNRESTRICTED_FS\n   0x200 - CSR_ALLOW_UNAPPROVED_KEXTS\n   0x800 - CSR_ALLOW_UNAUTHENTICATED_ROOT")
+        self.sip_label_5 = wx.StaticText(self.frame, label="   0x2     - CSR_ALLOW_UNRESTRICTED_FS\n   0x800 - CSR_ALLOW_UNAUTHENTICATED_ROOT")
        self.sip_label_5.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
        self.sip_label_5.SetPosition(
            wx.Point(self.sip_label_4.GetPosition().x, self.sip_label_4.GetPosition().y + self.sip_label_4.GetSize().height + 7)
@@ -2329,7 +2329,7 @@ OpenCore Legacy Patcher by default knows the most ideal
        if hex(self.sip_value) == "0x0":
            self.constants.custom_sip_value = None
            self.constants.sip_status = True
-        elif hex(self.sip_value) == "0xa03":
+        elif hex(self.sip_value) == "0x802":
            self.constants.custom_sip_value = None
            self.constants.sip_status = False
        else:
--- a/resources/build.py
+++ b/resources/build.py
@@ -863,7 +863,7 @@ class BuildOpenCore:
            self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = utilities.string_to_hex(self.constants.custom_sip_value.lstrip("0x"))
        elif self.constants.sip_status is False:
            print("- Set SIP to allow Root Volume patching")
-            self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = binascii.unhexlify("030A0000")
+            self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = binascii.unhexlify("02080000")
        # if self.constants.amfi_status is False:
        #     print("- Disabling AMFI")
        #     self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " amfi_get_out_of_my_way=1"
--- a/resources/cli_menu.py
+++ b/resources/cli_menu.py
@@ -174,7 +174,7 @@ Note: For security reasons, OpenShell will be disabled when Vault is set.
        print(
            f"""SIP is used to ensure proper secuirty measures are set,
 however to patch the root volume this must be lowered partially.
-Only disable is absolutely necessary. SIP value = 0xA03
+Only disable is absolutely necessary. SIP value = 0x802

 Valid options: