timamsk/OpenCore-Legacy-Patcher
1
0
Fork 0
mirror of https://github.com/dortania/OpenCore-Legacy-Patcher.git synced 2026-04-24 03:50:14 +10:00
Code Issues Packages Projects Releases Wiki Activity

utilities.py: Add ApSecurityMode check

Browse Source
This commit is contained in:
Mykola Grymalyuk
2022-05-08 09:35:13 -06:00
parent 396590c2b2
commit 4538341966
2 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
resources/device_probe.py
View File

@@ -485,6 +485,8 @@ class Computer:
bluetooth_chipset: Optional[str] = None bluetooth_chipset: Optional[str] = None
ambient_light_sensor: Optional[bool] = False ambient_light_sensor: Optional[bool] = False
third_party_sata_ssd: Optional[bool] = False third_party_sata_ssd: Optional[bool] = False
secure_boot_model: Optional[str] = None
secure_boot_status: Optiona[int] = None
@staticmethod @staticmethod
def probe(): def probe():
@@ -705,6 +707,9 @@ class Computer:
self.opencore_version = utilities.get_nvram("opencore-version", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True) self.opencore_version = utilities.get_nvram("opencore-version", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True)
self.opencore_path = utilities.get_nvram("boot-path", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True) self.opencore_path = utilities.get_nvram("boot-path", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True)
# SecureBoot Variables
self.secure_boot_model = utilities.check_secure_boot_model()
self.secure_boot_status = utilities.check_ap_security_mode()
def cpu_probe(self): def cpu_probe(self):
self.cpu = CPU( self.cpu = CPU(
subprocess.run("sysctl machdep.cpu.brand_string".split(), stdout=subprocess.PIPE).stdout.decode().partition(": ")[2].strip(), subprocess.run("sysctl machdep.cpu.brand_string".split(), stdout=subprocess.PIPE).stdout.decode().partition(": ")[2].strip(),

39
resources/utilities.py
View File

@@ -206,6 +206,34 @@ def check_filevault_skip():
return False return False
def check_secure_boot_model():
sbm_byte = get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False)
if sbm_byte:
sbm_byte = sbm_byte.replace(b"\x00", b"")
sbm_string = sbm_byte.decode("utf-8")
return sbm_string
return None
def check_ap_security_mode():
ap_security_mode_byte = get_nvram("ApSecurityMode", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False)
if ap_security_mode_byte:
# Ref:
# https://github.com/acidanthera/OpenCorePkg/blob/f7c1a3d483fa2535b6a62c25a4f04017bfeee09a/Include/Apple/Protocol/AppleImg4Verification.h#L27-L31
# AppleImg4SbModeDisabled = 0,
# AppleImg4SbModeMedium = 1,
# AppleImg4SbModeFull = 2
return int.from_bytes(ap_security_mode_byte, byteorder="little")
return 0
def check_secure_boot_level():
if check_secure_boot_model() in constants.Constants().sbm_values:
if check_ap_security_mode() == 2:
return True
else:
return False
return False
def patching_status(os_sip, os): def patching_status(os_sip, os):
# Detection for Root Patching # Detection for Root Patching
sip_enabled = True # System Integrity Protection sip_enabled = True # System Integrity Protection
@@ -223,16 +251,7 @@ def patching_status(os_sip, os):
# Catalina and older supports individually disabling Library Validation # Catalina and older supports individually disabling Library Validation
amfi_enabled = False amfi_enabled = False
sbm_byte = get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False) sbm_enabled = check_secure_boot_level()
if sbm_byte:
# SecureBootModel has a ton of null bytes, so strip them out
sbm_string = sbm_byte.decode("utf-8")
if sbm_string in constants.Constants().sbm_values:
sbm_enabled = True
else:
sbm_enabled = False
else:
sbm_enabled = False
if os > os_data.os_data.yosemite: if os > os_data.os_data.yosemite:
sip_enabled = csr_decode(os_sip) sip_enabled = csr_decode(os_sip)