diff --git a/CHANGELOG.md b/CHANGELOG.md
index dc63eaa0c..c0ae5cd41 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,9 @@
# OpenCore Legacy Patcher changelog
## 0.3.1
+- Increment Binaries:
+ - OpenCorePkg 0.7.4 release
+ - RestrictEvents 1.0.5 release
## 0.3.0
- Fix Nvidia Tesla Acceleration in Monterey Beta 7+
diff --git a/payloads/Config/config.plist b/payloads/Config/config.plist
index c24566a68..e4ef87826 100644
--- a/payloads/Config/config.plist
+++ b/payloads/Config/config.plist
@@ -1540,7 +1540,7 @@
ScanPolicy
0
SecureBootModel
- j137
+ Default
Vault
Optional
@@ -1849,6 +1849,8 @@
Drivers
+ Comment
+
Path
OpenRuntime.efi
Enabled
@@ -1857,6 +1859,8 @@
+ Comment
+
Path
OpenCanopy.efi
Enabled
@@ -1865,6 +1869,8 @@
+ Comment
+
Path
NvmExpressDxe.efi
Enabled
@@ -1873,6 +1879,8 @@
+ Comment
+
Path
ExFatDxeLegacy.efi
Enabled
@@ -1881,6 +1889,8 @@
+ Comment
+
Path
XhciDxe.efi
Enabled
@@ -1889,6 +1899,8 @@
+ Comment
+
Path
OpenLinuxBoot.efi
Enabled
diff --git a/payloads/Kexts/Acidanthera/RestrictEvents-MBP91-v1.0.5.zip b/payloads/Kexts/Acidanthera/RestrictEvents-MBP91-v1.0.5.zip
index 287bf0c61..67b748aed 100644
Binary files a/payloads/Kexts/Acidanthera/RestrictEvents-MBP91-v1.0.5.zip and b/payloads/Kexts/Acidanthera/RestrictEvents-MBP91-v1.0.5.zip differ
diff --git a/payloads/Kexts/Acidanthera/RestrictEvents-v1.0.5.zip b/payloads/Kexts/Acidanthera/RestrictEvents-v1.0.5.zip
index e239d0437..0fb2b1827 100644
Binary files a/payloads/Kexts/Acidanthera/RestrictEvents-v1.0.5.zip and b/payloads/Kexts/Acidanthera/RestrictEvents-v1.0.5.zip differ
diff --git a/payloads/OpenCore/OpenCore-DEBUG.zip b/payloads/OpenCore/OpenCore-DEBUG.zip
index a5c70cc49..6cb2a7041 100644
Binary files a/payloads/OpenCore/OpenCore-DEBUG.zip and b/payloads/OpenCore/OpenCore-DEBUG.zip differ
diff --git a/payloads/OpenCore/OpenCore-RELEASE.zip b/payloads/OpenCore/OpenCore-RELEASE.zip
index 2876b53dd..3a784e944 100644
Binary files a/payloads/OpenCore/OpenCore-RELEASE.zip and b/payloads/OpenCore/OpenCore-RELEASE.zip differ
diff --git a/payloads/Tools/ocvalidate b/payloads/Tools/ocvalidate
index d6a7c75e6..0d105f8a7 100755
Binary files a/payloads/Tools/ocvalidate and b/payloads/Tools/ocvalidate differ
diff --git a/resources/build.py b/resources/build.py
index 8e925d9ff..7da6110b8 100644
--- a/resources/build.py
+++ b/resources/build.py
@@ -100,8 +100,6 @@ class BuildOpenCore:
("Lilu.kext", self.constants.lilu_version, self.constants.lilu_path, lambda: True),
("WhateverGreen.kext", self.constants.whatevergreen_version, self.constants.whatevergreen_path, lambda: self.constants.allow_oc_everywhere is False and self.constants.serial_settings != "None"),
("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path, lambda: self.model in model_array.MacPro),
- # Modded RestrictEvents with displaypolicyd blocked to fix dGPU switching
- ("RestrictEvents.kext", self.constants.restrictevents_mbp_version, self.constants.restrictevents_mbp_path, lambda: self.model in ["MacBookPro6,1", "MacBookPro6,2", "MacBookPro9,1"]),
("SMC-Spoof.kext", self.constants.smcspoof_version, self.constants.smcspoof_path, lambda: self.constants.allow_oc_everywhere is False and self.constants.serial_settings != "None"),
# CPU patches
("AppleMCEReporterDisabler.kext", self.constants.mce_version, self.constants.mce_path, lambda: (self.model.startswith("MacPro") or self.model.startswith("Xserve")) and self.constants.serial_settings != "None"),
@@ -166,6 +164,14 @@ class BuildOpenCore:
if self.get_kext_by_bundle_path("Lilu.kext")["Enabled"] is True:
# Required for Lilu in 11.0+
self.config["Kernel"]["Quirks"]["DisableLinkeditJettison"] = True
+
+ if self.model in ["MacBookPro6,1", "MacBookPro6,2", "MacBookPro9,1", "MacBookPro10,1"]:
+ # Modded RestrictEvents with displaypolicyd blocked to fix dGPU switching
+ if self.model in ["MacBookPro6,1", "MacBookPro6,2", "MacBookPro9,1"]:
+ self.enable_kext("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path)
+ elif self.constants.serial_settings == "None":
+ # MacBookPro10,1 without SMBIOS spoof needs RestrictEvents
+ self.enable_kext("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path)
# Ethernet Patch Sets
if smbios_data.smbios_dictionary[self.model]["Ethernet Chipset"] == "Broadcom":
@@ -174,13 +180,6 @@ class BuildOpenCore:
# Applicable for pre-Ivy Bridge models
self.enable_kext("CatalinaBCM5701Ethernet.kext", self.constants.bcm570_version, self.constants.bcm570_path)
- if self.constants.allow_oc_everywhere is False and self.constants.serial_settings != "None":
- if (smbios_data.smbios_dictionary[generate_smbios.set_smbios_model_spoof(self.model) or self.constants.override_smbios]["SecureBootModel"]) != None:
- # Monterey T2 SMBIOS don't get OS updates without a T2 SBM
- # Forces VMM patch instead
- if self.get_kext_by_bundle_path("RestrictEvents.kext")["Enabled"] is False:
- self.enable_kext("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path)
-
if smbios_data.smbios_dictionary[self.model]["CPU Generation"] <= cpu_data.cpu_data.sandy_bridge.value:
# Ref: https://github.com/reenigneorcim/SurPlus
# Enable for all systems missing RDRAND support
@@ -740,6 +739,10 @@ class BuildOpenCore:
if self.constants.secure_status is False:
print("- Disabling SecureBootModel")
self.config["Misc"]["Security"]["SecureBootModel"] = "Disabled"
+ if self.constants.force_vmm is True:
+ print("- Forcing VMM patchset to support OTA updates")
+ self.get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (1)")["Enabled"] = True
+ self.get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (2)")["Enabled"] = True
if self.constants.serial_settings in ["Moderate", "Advanced"]:
print("- Enabling USB Rename Patches")
self.get_item_by_kv(self.config["ACPI"]["Patch"], "Comment", "XHC1 to SHC1")["Enabled"] = True
diff --git a/resources/constants.py b/resources/constants.py
index 40cce0ce1..20753ad85 100644
--- a/resources/constants.py
+++ b/resources/constants.py
@@ -20,8 +20,8 @@ class Constants:
# OpenCore Versioning
# https://github.com/acidanthera/OpenCorePkg
- self.opencore_commit = "ff4b099 - 09-06-2021"
- self.opencore_version = "0.7.3"
+ self.opencore_commit = "bd3f7a1 - 10-04-2021"
+ self.opencore_version = "0.7.4"
# Kext Versioning
## Acidanthera
@@ -157,6 +157,7 @@ class Constants:
self.force_latest_psp = False # Force latest PatcherSupportPkg
self.disable_msr_power_ctl = False # Disable MSR Power Control (missing battery throttling)
self.software_demux = False # Enable Software Demux patch set
+ self.force_vmm = False # Force VMM patch
# OS Versions
## Based off Major Kernel Version
diff --git a/resources/defaults.py b/resources/defaults.py
index f0b3a7f48..899b9e3af 100644
--- a/resources/defaults.py
+++ b/resources/defaults.py
@@ -1,6 +1,6 @@
# Generate Default Data
-from resources import utilities, device_probe
-from data import model_array
+from resources import utilities, device_probe, generate_smbios
+from data import model_array, smbios_data
class generate_defaults:
@@ -52,10 +52,6 @@ class generate_defaults:
settings.sip_status = False
# settings.secure_status = True # Monterey
settings.allow_fv_root = True # Allow FileVault on broken seal
- else:
- settings.sip_status = True
- # settings.secure_status = True # Monterey
- settings.amfi_status = True
else:
settings.sip_status = False # Unsigned kexts
settings.secure_status = False # Root volume modified
@@ -87,3 +83,22 @@ class generate_defaults:
# Check if running in RecoveryOS
settings.recovery_status = utilities.check_recovery()
+
+ # Check if model uses T2 SMBIOS, if so see if it needs root patching (determined earlier on via SIP variable)
+ # If not, allow SecureBootModel usage, otherwise force VMM patching
+ # Needed for macOS Monterey to allow OTA updates
+ try:
+ spoof_model = generate_smbios.set_smbios_model_spoof(model)
+ except:
+ # Native Macs (mainly M1s) will error out as they don't know what SMBIOS to spoof to
+ # As we don't spoof on native models, we can safely ignore this
+ spoof_model = model
+ if smbios_data.smbios_dictionary[spoof_model]["SecureBootModel"] is not None:
+ if settings.sip_status is False:
+ # Force VMM as root patching is
+ settings.secure_status = False
+ settings.force_vmm = True
+ else:
+ # Allow SecureBootModel
+ settings.secure_status = True
+ settings.force_vmm = False