From 6162e73a9f4036aa810be9f031c5f0ff491e8da5 Mon Sep 17 00:00:00 2001
From: Mykola Grymalyuk <khronokernel@icloud.com>
Date: Tue, 23 Aug 2022 12:27:46 -0600
Subject: [PATCH] Raise SIP requirement for root patching

---
 CHANGELOG.md                  |  1 +
 gui/gui_main.py               | 10 +++++-----
 resources/cli_menu.py         |  2 +-
 resources/defaults.py         |  5 -----
 resources/sys_patch_detect.py |  2 +-
 5 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6fe296f04..b02449ca1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@
     - Intel: Ivy Bridge, Haswell, Broadwell and Skylake
     - Nvidia: Kepler
     - AMD: GCN 1 through 3
+  - Raise SIP requirement to 0xA03 for root patching
 - Increment Binaries:
   - OpenCorePkg 0.8.3 release
   - Lilu 1.6.2 - release
diff --git a/gui/gui_main.py b/gui/gui_main.py
index 0e6e9bb58..6c2b310d3 100644
--- a/gui/gui_main.py
+++ b/gui/gui_main.py
@@ -3017,7 +3017,7 @@ class wx_python_gui:
         elif self.constants.sip_status is True:
             self.sip_value = 0x00
         else:
-            self.sip_value = 0x802
+            self.sip_value = 0xA03
 
         self.sip_label_2 = wx.StaticText(self.frame_modal, label=f"Currently configured SIP: {hex(self.sip_value)}")
         self.sip_label_2.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_BOLD))
@@ -3033,21 +3033,21 @@ class wx_python_gui:
         )
         self.sip_label_2_2.Center(wx.HORIZONTAL)
 
-        self.sip_label_3 = wx.StaticText(self.frame_modal, label="For older Macs requiring root patching, we set SIP to\n be partially disabled (0x802) to allow root patching.")
+        self.sip_label_3 = wx.StaticText(self.frame_modal, label="For older Macs requiring root patching, we set SIP to\n be partially disabled (0xA03) to allow root patching.")
         self.sip_label_3.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
         self.sip_label_3.SetPosition(
             wx.Point(self.sip_label_2_2.GetPosition().x, self.sip_label_2_2.GetPosition().y + self.sip_label_2_2.GetSize().height + 10)
         )
         self.sip_label_3.Center(wx.HORIZONTAL)
 
-        self.sip_label_4 = wx.StaticText(self.frame_modal, label="This value (0x802) corresponds to the following bits in csr.h:")
+        self.sip_label_4 = wx.StaticText(self.frame_modal, label="This value (0xA03) corresponds to the following bits in csr.h:")
         self.sip_label_4.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
         self.sip_label_4.SetPosition(
             wx.Point(self.sip_label_3.GetPosition().x, self.sip_label_3.GetPosition().y + self.sip_label_3.GetSize().height + 5)
         )
         self.sip_label_4.Center(wx.HORIZONTAL)
 
-        self.sip_label_5 = wx.StaticText(self.frame_modal, label="   0x2     - CSR_ALLOW_UNRESTRICTED_FS\n   0x800 - CSR_ALLOW_UNAUTHENTICATED_ROOT")
+        self.sip_label_5 = wx.StaticText(self.frame_modal, label="      0x1  - CSR_ALLOW_UNTRUSTED_KEXTS\n      0x2  - CSR_ALLOW_UNRESTRICTED_FS\n   0x200 - CSR_ALLOW_UNAPPROVED_KEXTS\n   0x800 - CSR_ALLOW_UNAUTHENTICATED_ROOT")
         self.sip_label_5.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
         self.sip_label_5.SetPosition(
             wx.Point(self.sip_label_4.GetPosition().x, self.sip_label_4.GetPosition().y + self.sip_label_4.GetSize().height + 7)
@@ -3101,7 +3101,7 @@ OpenCore Legacy Patcher by default knows the most ideal
         if hex(self.sip_value) == "0x0":
             self.constants.custom_sip_value = None
             self.constants.sip_status = True
-        elif hex(self.sip_value) == "0x802":
+        elif hex(self.sip_value) == "0xA03":
             self.constants.custom_sip_value = None
             self.constants.sip_status = False
         else:
diff --git a/resources/cli_menu.py b/resources/cli_menu.py
index 58936995a..feae96e79 100644
--- a/resources/cli_menu.py
+++ b/resources/cli_menu.py
@@ -173,7 +173,7 @@ Note: For security reasons, OpenShell will be disabled when Vault is set.
         print(
             f"""SIP is used to ensure proper security measures are set,
 however to patch the root volume this must be lowered partially.
-Only disable is absolutely necessary. SIP value = 0x802
+Only disable is absolutely necessary. SIP value = 0xA03
 
 Valid options:
 
diff --git a/resources/defaults.py b/resources/defaults.py
index f9d61823e..66b6e72e9 100644
--- a/resources/defaults.py
+++ b/resources/defaults.py
@@ -185,8 +185,3 @@ class generate_defaults:
         nv_web_status = global_settings.global_settings().read_property("Force_Web_Drivers")
         if nv_web_status is True:
             settings.force_nv_web = True
-
-
-        if settings.disable_cs_lv is True:
-            # With Ventura, SIP needs to be lowered for AMFI to work
-            settings.custom_sip_value = "0xA03"
\ No newline at end of file
diff --git a/resources/sys_patch_detect.py b/resources/sys_patch_detect.py
index f2ff5d4c0..279b96c27 100644
--- a/resources/sys_patch_detect.py
+++ b/resources/sys_patch_detect.py
@@ -213,7 +213,7 @@ class detect_root_patch:
 
     def check_sip(self):
         if self.constants.detected_os > os_data.os_data.catalina:
-            if self.nvidia_web is True:
+            if self.nvidia_web is True or self.constants.detected_os >= os_data.os_data.ventura:
                 sip = sip_data.system_integrity_protection.root_patch_sip_big_sur_3rd_part_kexts
                 sip_hex = "0xA03"
                 sip_value = (