From 85572a288995fc0d7a97ce571c760d8c97d37f70 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Tue, 14 Jun 2022 21:39:21 -0600 Subject: [PATCH] Misc Ventura fixes --- data/sys_patch_dict.py | 3 ++- resources/build.py | 5 ++++- resources/defaults.py | 7 ++++++- resources/sys_patch.py | 6 ++++-- resources/sys_patch_auto.py | 2 +- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/data/sys_patch_dict.py b/data/sys_patch_dict.py index cff49e1a0..54d1532d4 100644 --- a/data/sys_patch_dict.py +++ b/data/sys_patch_dict.py @@ -42,7 +42,8 @@ def SystemPatchDictionary(os_major, os_minor, non_metal_os_support): "CoreDisplay.framework": f"10.14.4-{os_major}", "IOSurface.framework": f"10.15.7-{os_major}", "QuartzCore.framework": f"10.15.7-{os_major}", - **({ "WebKit.framework": "11.6" } if os_major >= os_data.os_data.monterey else {}), + # Ventura breaks with this patch + **({ "WebKit.framework": "11.6" } if os_major == os_data.os_data.monterey else {}), }, "/System/Library/PrivateFrameworks": { "GPUSupport.framework": "10.14.3", diff --git a/resources/build.py b/resources/build.py index ed846b606..7fade8bda 100644 --- a/resources/build.py +++ b/resources/build.py @@ -960,7 +960,10 @@ class BuildOpenCore: # self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " amfi_get_out_of_my_way=1" if self.constants.disable_cs_lv is True: print("- Disabling Library Validation") - self.get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Disable Library Validation Enforcement")["Enabled"] = True + # In Ventura, LV patch broke. For now, add AMFI arg + # Before merging into mainline, this needs to be resolved + # self.get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Disable Library Validation Enforcement")["Enabled"] = True + self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " amfi_get_out_of_my_way=0x1" self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_amfi" # CSLVFixup simply patches out __RESTRICT and __restrict out of the Music.app Binary # Ref: https://pewpewthespells.com/blog/blocking_code_injection_on_ios_and_os_x.html diff --git a/resources/defaults.py b/resources/defaults.py index ac0345851..8ca078540 100644 --- a/resources/defaults.py +++ b/resources/defaults.py @@ -184,4 +184,9 @@ class generate_defaults: nv_web_status = global_settings.global_settings().read_property("Force_Web_Drivers") if nv_web_status is True: - settings.force_nv_web = True \ No newline at end of file + settings.force_nv_web = True + + + if settings.disable_cs_lv is True: + # With Ventura, SIP needs to be lowered for AMFI to work + settings.custom_sip_value = "0xA03" \ No newline at end of file diff --git a/resources/sys_patch.py b/resources/sys_patch.py index 4cc7f5511..2bc2be555 100644 --- a/resources/sys_patch.py +++ b/resources/sys_patch.py @@ -51,6 +51,7 @@ class PatchSysVolume: self.constants.needs_to_open_preferences = False self.patch_set_dictionary = {} self.needs_kmutil_exemptions = False # For '/Library/Extensions' rebuilds + self.kdk_path = None # GUI will detect hardware patches before starting PatchSysVolume() # However the TUI will not, so allow for data to be passed in manually avoiding multiple calls @@ -111,15 +112,16 @@ class PatchSysVolume: if kdk_path is None: print("- Unable to find Kernel Debug Kit") raise Exception("Unable to find Kernel Debug Kit") + self.kdk_path = kdk_path print(f"- Found KDK at: {kdk_path}") print("- Merging KDK with Root Volume") utilities.elevated( - ["ditto", f"{kdk_path}/System", f"{self.mount_location}/System"], + ["ditto", f"{kdk_path}/System/Library/Library/Extensions", f"{self.mount_location}/System/Library/Library/Extensions"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT ) # During reversing, we found that kmutil uses this path to determine whether the KDK was successfully merged # Best to verify now before we cause any damage - if not (Path(self.mount_location) / Path("/System/Library/Extensions/System.kext/PlugIns/Libkern.kext/Libkern")).exists(): + if not (Path(self.mount_location) / Path("System/Library/Extensions/System.kext/PlugIns/Libkern.kext/Libkern")).exists(): print("- Unable to merge KDK with Root Volume") raise Exception("Unable to merge KDK with Root Volume") print("- Successfully merged KDK with Root Volume") diff --git a/resources/sys_patch_auto.py b/resources/sys_patch_auto.py index fce5057d4..5d5e3d5f2 100644 --- a/resources/sys_patch_auto.py +++ b/resources/sys_patch_auto.py @@ -190,7 +190,7 @@ class AutomaticSysPatch: # Strip everything after OpenCore-Patcher.app path = str(settings.launcher_binary).split("/Contents/MacOS/OpenCore-Patcher")[0] print(f"- Copying {path} to /Library/Application Support/Dortania/") - utilities.process_status(utilities.elevated(["cp", "-R", path, "/Library/Application Support/Dortania/"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)) + utilities.process_status(utilities.elevated(["ditto", path, "/Library/Application Support/Dortania/OpenCore-Patcher.app"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)) if not Path("/Library/Application Support/Dortania/OpenCore-Patcher.app").exists(): # Sometimes the binary the user launches maye have a suffix (ie. OpenCore-Patcher 3.app)