Raise SIP requirement for root patching

2026-04-13 20:28:21 +10:00 · 2022-08-23 12:27:46 -06:00
parent 763fe04c21
commit 6162e73a9f
5 changed files with 8 additions and 12 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@
    - Intel: Ivy Bridge, Haswell, Broadwell and Skylake
    - Nvidia: Kepler
    - AMD: GCN 1 through 3
+  - Raise SIP requirement to 0xA03 for root patching
 - Increment Binaries:
  - OpenCorePkg 0.8.3 release
  - Lilu 1.6.2 - release
--- a/gui/gui_main.py
+++ b/gui/gui_main.py
@@ -3017,7 +3017,7 @@ class wx_python_gui:
        elif self.constants.sip_status is True:
            self.sip_value = 0x00
        else:
-            self.sip_value = 0x802
+            self.sip_value = 0xA03

        self.sip_label_2 = wx.StaticText(self.frame_modal, label=f"Currently configured SIP: {hex(self.sip_value)}")
        self.sip_label_2.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_BOLD))
@@ -3033,21 +3033,21 @@ class wx_python_gui:
        )
        self.sip_label_2_2.Center(wx.HORIZONTAL)

-        self.sip_label_3 = wx.StaticText(self.frame_modal, label="For older Macs requiring root patching, we set SIP to\n be partially disabled (0x802) to allow root patching.")
+        self.sip_label_3 = wx.StaticText(self.frame_modal, label="For older Macs requiring root patching, we set SIP to\n be partially disabled (0xA03) to allow root patching.")
        self.sip_label_3.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
        self.sip_label_3.SetPosition(
            wx.Point(self.sip_label_2_2.GetPosition().x, self.sip_label_2_2.GetPosition().y + self.sip_label_2_2.GetSize().height + 10)
        )
        self.sip_label_3.Center(wx.HORIZONTAL)

-        self.sip_label_4 = wx.StaticText(self.frame_modal, label="This value (0x802) corresponds to the following bits in csr.h:")
+        self.sip_label_4 = wx.StaticText(self.frame_modal, label="This value (0xA03) corresponds to the following bits in csr.h:")
        self.sip_label_4.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
        self.sip_label_4.SetPosition(
            wx.Point(self.sip_label_3.GetPosition().x, self.sip_label_3.GetPosition().y + self.sip_label_3.GetSize().height + 5)
        )
        self.sip_label_4.Center(wx.HORIZONTAL)

-        self.sip_label_5 = wx.StaticText(self.frame_modal, label="   0x2     - CSR_ALLOW_UNRESTRICTED_FS\n   0x800 - CSR_ALLOW_UNAUTHENTICATED_ROOT")
+        self.sip_label_5 = wx.StaticText(self.frame_modal, label="      0x1  - CSR_ALLOW_UNTRUSTED_KEXTS\n      0x2  - CSR_ALLOW_UNRESTRICTED_FS\n   0x200 - CSR_ALLOW_UNAPPROVED_KEXTS\n   0x800 - CSR_ALLOW_UNAUTHENTICATED_ROOT")
        self.sip_label_5.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
        self.sip_label_5.SetPosition(
            wx.Point(self.sip_label_4.GetPosition().x, self.sip_label_4.GetPosition().y + self.sip_label_4.GetSize().height + 7)
@@ -3101,7 +3101,7 @@ OpenCore Legacy Patcher by default knows the most ideal
        if hex(self.sip_value) == "0x0":
            self.constants.custom_sip_value = None
            self.constants.sip_status = True
-        elif hex(self.sip_value) == "0x802":
+        elif hex(self.sip_value) == "0xA03":
            self.constants.custom_sip_value = None
            self.constants.sip_status = False
        else:
--- a/resources/cli_menu.py
+++ b/resources/cli_menu.py
@@ -173,7 +173,7 @@ Note: For security reasons, OpenShell will be disabled when Vault is set.
        print(
            f"""SIP is used to ensure proper security measures are set,
 however to patch the root volume this must be lowered partially.
-Only disable is absolutely necessary. SIP value = 0x802
+Only disable is absolutely necessary. SIP value = 0xA03

 Valid options:

--- a/resources/defaults.py
+++ b/resources/defaults.py
@@ -185,8 +185,3 @@ class generate_defaults:
        nv_web_status = global_settings.global_settings().read_property("Force_Web_Drivers")
        if nv_web_status is True:
            settings.force_nv_web = True
-
-
-        if settings.disable_cs_lv is True:
-            # With Ventura, SIP needs to be lowered for AMFI to work
-            settings.custom_sip_value = "0xA03"
--- a/resources/sys_patch_detect.py
+++ b/resources/sys_patch_detect.py
@@ -213,7 +213,7 @@ class detect_root_patch:

    def check_sip(self):
        if self.constants.detected_os > os_data.os_data.catalina:
-            if self.nvidia_web is True:
+            if self.nvidia_web is True or self.constants.detected_os >= os_data.os_data.ventura:
                sip = sip_data.system_integrity_protection.root_patch_sip_big_sur_3rd_part_kexts
                sip_hex = "0xA03"
                sip_value = (