From 956d0cffccbd7f6e9457e0568265cf798421a353 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sat, 12 Nov 2022 20:15:43 -0700 Subject: [PATCH] Further modularize --- resources/build/build.py | 310 +----------------------------- resources/build/graphics_audio.py | 4 + resources/build/misc.py | 217 +++++++++++++++++++++ resources/build/security.py | 49 ++++- resources/build/smbios.py | 36 ++++ 5 files changed, 312 insertions(+), 304 deletions(-) create mode 100644 resources/build/misc.py diff --git a/resources/build/build.py b/resources/build/build.py index 4f339ec75..6996a1c0b 100644 --- a/resources/build/build.py +++ b/resources/build/build.py @@ -11,10 +11,9 @@ import zipfile from pathlib import Path from datetime import date -from resources import constants, utilities, device_probe, generate_smbios -from resources.build import bluetooth, firmware, graphics_audio, support, storage, smbios, security +from resources import constants, utilities +from resources.build import bluetooth, firmware, graphics_audio, support, storage, smbios, security, misc from resources.build.networking import wired, wireless -from data import smbios_data, cpu_data, os_data, model_array def rmtree_handler(func, path, exc_info): @@ -31,29 +30,6 @@ class build_opencore: self.computer = self.constants.computer self.gfx0_path = None - def disk_type(self): - drive_host_info = plistlib.loads(subprocess.run(f"diskutil info -plist {self.constants.disk}".split(), stdout=subprocess.PIPE).stdout.decode().strip().encode()) - sd_type = drive_host_info["MediaName"] - try: - ssd_type = drive_host_info["SolidState"] - except KeyError: - ssd_type = False - # Array filled with common SD Card names - # Note most USB-based SD Card readers generally report as "Storage Device", and no reliable way to detect further - if sd_type in ["SD Card Reader", "SD/MMC"]: - print("- Adding SD Card icon") - shutil.copy(self.constants.icon_path_sd, self.constants.opencore_release_folder) - elif ssd_type is True: - print("- Adding SSD icon") - shutil.copy(self.constants.icon_path_ssd, self.constants.opencore_release_folder) - elif drive_host_info["BusProtocol"] == "USB": - print("- Adding External USB Drive icon") - shutil.copy(self.constants.icon_path_external, self.constants.opencore_release_folder) - else: - print("- Adding Internal Drive icon") - shutil.copy(self.constants.icon_path_internal, self.constants.opencore_release_folder) - - def build_efi(self): utilities.cls() @@ -97,57 +73,8 @@ class build_opencore: self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Version"] = f"{self.constants.patcher_version}" self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Model"] = self.model - for name, version, path, check in [ - # Essential kexts - ("Lilu.kext", self.constants.lilu_version, self.constants.lilu_path, lambda: True), - ("WhateverGreen.kext", self.constants.whatevergreen_version, self.constants.whatevergreen_path, lambda: self.constants.allow_oc_everywhere is False and self.constants.serial_settings != "None"), - ("SMC-Spoof.kext", self.constants.smcspoof_version, self.constants.smcspoof_path, lambda: self.constants.allow_oc_everywhere is False and self.constants.serial_settings != "None"), - ( - "CPUFriend.kext", - self.constants.cpufriend_version, - self.constants.cpufriend_path, - lambda: self.model not in ["iMac7,1", "Xserve2,1", "Dortania1,1"] and self.constants.disallow_cpufriend is False and self.constants.serial_settings != "None", - ), - # Misc - ("DebugEnhancer.kext", self.constants.debugenhancer_version, self.constants.debugenhancer_path, lambda: self.constants.kext_debug is True), - ("AppleUSBTrackpad.kext", self.constants.apple_trackpad, self.constants.apple_trackpad_path, lambda: self.model in ["MacBook4,1", "MacBook5,2"]), - ]: - support.build_support(self.model, self.constants, self.config).enable_kext(name, version, path, check) - - if self.constants.allow_oc_everywhere is False or self.constants.allow_native_spoofs is True: - if self.constants.serial_settings == "None": - # Credit to Parrotgeek1 for boot.efi and hv_vmm_present patch sets - # print("- Enabling Board ID exemption patch") - # support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Booter"]["Patch"], "Comment", "Skip Board ID check")["Enabled"] = True - - print("- Enabling VMM exemption patch") - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (1)")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (2) Legacy")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (2) Ventura")["Enabled"] = True - - # Patch HW_BID to OC_BID - # Set OC_BID to iMac18,1 Board ID (Mac-F60DEB81FF30ACF6) - # Goal is to only allow OS booting through OCLP, otherwise failing - print("- Enabling HW_BID reroute") - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Booter"]["Patch"], "Comment", "Reroute HW_BID to OC_BID")["Enabled"] = True - self.config["NVRAM"]["Add"]["4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14"]["OC_BID"] = "Mac-BE088AF8C5EB4FA2" - self.config["NVRAM"]["Delete"]["4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14"] += ["OC_BID"] - else: - print("- Enabling SMC exemption patch") - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Identifier", "com.apple.driver.AppleSMC")["Enabled"] = True - - if support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("Lilu.kext")["Enabled"] is True: - # Required for Lilu in 11.0+ - self.config["Kernel"]["Quirks"]["DisableLinkeditJettison"] = True - - - - if self.constants.fu_status is True: - # Enable FeatureUnlock.kext - support.build_support(self.model, self.constants, self.config).enable_kext("FeatureUnlock.kext", self.constants.featureunlock_version, self.constants.featureunlock_path) - if self.constants.fu_arguments is not None: - print(f"- Adding additional FeatureUnlock args: {self.constants.fu_arguments}") - self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += self.constants.fu_arguments + support.build_support(self.model, self.constants, self.config).enable_kext("Lilu.kext", self.constants.lilu_version, self.constants.lilu_path) + self.config["Kernel"]["Quirks"]["DisableLinkeditJettison"] = True firmware.build_firmware(self.model, self.constants, self.config).build() wired.build_wired(self.model, self.constants, self.config).build() @@ -155,237 +82,14 @@ class build_opencore: graphics_audio.build_graphics_audio(self.model, self.constants, self.config).build() bluetooth.build_bluetooth(self.model, self.constants, self.config).build() storage.build_storage(self.model, self.constants, self.config).build() + misc.build_misc(self.model, self.constants, self.config).build() + smbios.build_smbios(self.model, self.constants, self.config).build() + security.build_security(self.model, self.constants, self.config).build() - # CPUFriend - if self.model not in ["iMac7,1", "Xserve2,1", "Dortania1,1"] and self.constants.serial_settings != "None": - pp_map_path = Path(self.constants.platform_plugin_plist_path) / Path(f"{self.model}/Info.plist") - if not pp_map_path.exists(): - raise Exception(f"{pp_map_path} does not exist!!! Please file an issue stating file is missing for {self.model}.") - Path(self.constants.pp_kext_folder).mkdir() - Path(self.constants.pp_contents_folder).mkdir() - shutil.copy(pp_map_path, self.constants.pp_contents_folder) - support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("CPUFriendDataProvider.kext")["Enabled"] = True - - - # Legacy iSight patches - try: - if smbios_data.smbios_dictionary[self.model]["Legacy iSight"] is True: - support.build_support(self.model, self.constants, self.config).enable_kext("LegacyUSBVideoSupport.kext", self.constants.apple_isight_version, self.constants.apple_isight_path) - except KeyError: - pass - - - - # USB Map - usb_map_path = Path(self.constants.plist_folder_path) / Path("AppleUSBMaps/Info.plist") - if ( - usb_map_path.exists() - and (self.constants.allow_oc_everywhere is False or self.constants.allow_native_spoofs is True) - and self.model not in ["Xserve2,1", "Dortania1,1"] - and ( - (self.model in model_array.Missing_USB_Map or self.model in model_array.Missing_USB_Map_Ventura) - or self.constants.serial_settings in ["Moderate", "Advanced"]) - ): - print("- Adding USB-Map.kext") - Path(self.constants.map_kext_folder).mkdir() - Path(self.constants.map_contents_folder).mkdir() - shutil.copy(usb_map_path, self.constants.map_contents_folder) - support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("USB-Map.kext")["Enabled"] = True - if self.model in model_array.Missing_USB_Map_Ventura and self.constants.serial_settings not in ["Moderate", "Advanced"]: - support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("USB-Map.kext")["MinKernel"] = "22.0.0" - - - if self.constants.firewire_boot is True and generate_smbios.check_firewire(self.model) is True: - # Enable FireWire Boot Support - # Applicable for both native FireWire and Thunderbolt to FireWire adapters - print("- Enabling FireWire Boot Support") - support.build_support(self.model, self.constants, self.config).enable_kext("IOFireWireFamily.kext", self.constants.fw_kext, self.constants.fw_family_path) - support.build_support(self.model, self.constants, self.config).enable_kext("IOFireWireSBP2.kext", self.constants.fw_kext, self.constants.fw_sbp2_path) - support.build_support(self.model, self.constants, self.config).enable_kext("IOFireWireSerialBusProtocolTransport.kext", self.constants.fw_kext, self.constants.fw_bus_path) - support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("IOFireWireFamily.kext/Contents/PlugIns/AppleFWOHCI.kext")["Enabled"] = True - - - - if self.constants.disable_tb is True and self.model in ["MacBookPro11,1", "MacBookPro11,2", "MacBookPro11,3", "MacBookPro11,4", "MacBookPro11,5"]: - print("- Disabling 2013-2014 laptop Thunderbolt Controller") - if self.model in ["MacBookPro11,3", "MacBookPro11,5"]: - # 15" dGPU models: IOACPIPlane:/_SB/PCI0@0/PEG1@10001/UPSB@0/DSB0@0/NHI0@0 - tb_device_path = "PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)" - else: - # 13" and 15" iGPU 2013-2014 models: IOACPIPlane:/_SB/PCI0@0/P0P2@10000/UPSB@0/DSB0@0/NHI0@0 - tb_device_path = "PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)" - - self.config["DeviceProperties"]["Add"][tb_device_path] = {"class-code": binascii.unhexlify("FFFFFFFF"), "device-id": binascii.unhexlify("FFFF0000")} - - - - # Pre-Force Touch trackpad support for macOS Ventura - if smbios_data.smbios_dictionary[self.model]["CPU Generation"] < cpu_data.cpu_data.skylake.value: - if self.model.startswith("MacBook"): - # These units got force touch early, so ignore them - if self.model not in ["MacBookPro11,4", "MacBookPro11,5", "MacBookPro12,1", "MacBook8,1"]: - support.build_support(self.model, self.constants, self.config).enable_kext("AppleUSBTopCase.kext", self.constants.topcase_version, self.constants.top_case_path) - support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCButtons.kext")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCKeyboard.kext")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCKeyEventDriver.kext")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).enable_kext("AppleUSBMultitouch.kext", self.constants.multitouch_version, self.constants.multitouch_path) - - # Add OpenCanopy - print("- Adding OpenCanopy GUI") - shutil.rmtree(self.constants.resources_path, onerror=rmtree_handler) - shutil.copy(self.constants.gui_path, self.constants.oc_folder) - support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("OpenCanopy.efi", "UEFI", "Drivers")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("OpenRuntime.efi", "UEFI", "Drivers")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("OpenLinuxBoot.efi", "UEFI", "Drivers")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("ResetNvramEntry.efi", "UEFI", "Drivers")["Enabled"] = True - - - # RestrictEvents handling - block_args = "" - if self.model in ["MacBookPro6,1", "MacBookPro6,2", "MacBookPro9,1", "MacBookPro10,1"]: - block_args += "gmux," - if self.model in model_array.MacPro: - print("- Disabling memory error reporting") - block_args += "pcie," - gpu_dict = [] - if not self.constants.custom_model: - gpu_dict = self.constants.computer.gpus - else: - if self.model in smbios_data.smbios_dictionary: - gpu_dict = smbios_data.smbios_dictionary[self.model]["Stock GPUs"] - for gpu in gpu_dict: - if not self.constants.custom_model: - gpu = gpu.arch - if gpu in [ - device_probe.Intel.Archs.Ivy_Bridge, - device_probe.Intel.Archs.Haswell, - device_probe.NVIDIA.Archs.Kepler, - ]: - print("- Disabling mediaanalysisd") - block_args += "media," - break - if block_args.endswith(","): - block_args = block_args[:-1] - - if block_args != "": - print(f"- Setting RestrictEvents block arguments: {block_args}") - if support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("RestrictEvents.kext")["Enabled"] is False: - support.build_support(self.model, self.constants, self.config).enable_kext("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path) - self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["revblock"] = block_args - - patch_args = "" - if support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (1)")["Enabled"] is True and self.constants.set_content_caching is True: - print("- Fixing Content Caching support") - patch_args += "content-caching," - - if patch_args.endswith(","): - patch_args = patch_args[:-1] - - if block_args != "" and patch_args == "": - # Disable unneeded Userspace patching (cs_validate_page is quite expensive) - patch_args = "none" - - if patch_args != "": - print(f"- Setting RestrictEvents patch arguments: {patch_args}") - if support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("RestrictEvents.kext")["Enabled"] is False: - support.build_support(self.model, self.constants, self.config).enable_kext("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path) - self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["revpatch"] = patch_args - - # DEBUG Settings - if self.constants.verbose_debug is True: - print("- Enabling Verbose boot") - self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " -v" - if self.constants.kext_debug is True: - print("- Enabling DEBUG Kexts") - self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " -liludbgall liludump=90" - # Disabled due to macOS Monterey crashing shortly after kernel init - # Use DebugEnhancer.kext instead - # self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " msgbuf=1048576" - if self.constants.opencore_debug is True: - print("- Enabling DEBUG OpenCore") - self.config["Misc"]["Debug"]["Target"] = 0x43 - self.config["Misc"]["Debug"]["DisplayLevel"] = 0x80000042 - if self.constants.showpicker is True: - print("- Enabling ShowPicker") - self.config["Misc"]["Boot"]["ShowPicker"] = True - else: - print("- Hiding OpenCore picker") - self.config["Misc"]["Boot"]["ShowPicker"] = False - if self.constants.oc_timeout != 5: - print(f"- Setting custom OpenCore picker timeout to {self.constants.oc_timeout} seconds") - self.config["Misc"]["Boot"]["Timeout"] = self.constants.oc_timeout - if self.constants.vault is True: - print("- Setting Vault configuration") - self.config["Misc"]["Security"]["Vault"] = "Secure" - support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("OpenShell.efi", "Misc", "Tools")["Enabled"] = False - if self.constants.sip_status is False or self.constants.custom_sip_value: - # Work-around 12.3 bug where Electron apps no longer launch with SIP lowered - # Unknown whether this is intended behavior or not, revisit with 12.4 - print("- Adding ipc_control_port_options=0 to boot-args") - self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " ipc_control_port_options=0" - # Adds AutoPkgInstaller for Automatic OpenCore-Patcher installation - # Only install if running the GUI (AutoPkg-Assets.pkg requires the GUI) - if self.constants.wxpython_variant is True: - support.build_support(self.model, self.constants, self.config).enable_kext("AutoPkgInstaller.kext", self.constants.autopkg_version, self.constants.autopkg_path) - if self.constants.custom_sip_value: - print(f"- Setting SIP value to: {self.constants.custom_sip_value}") - self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = utilities.string_to_hex(self.constants.custom_sip_value.lstrip("0x")) - elif self.constants.sip_status is False: - print("- Set SIP to allow Root Volume patching") - self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = binascii.unhexlify("03080000") - - # apfs.kext has an undocumented boot-arg that allows FileVault usage on broken APFS seals (-arv_allow_fv) - # This is however hidden behind kern.development, thus we patch _apfs_filevault_allowed to always return true - # Note this function was added in 11.3 (20E232, 20.4), older builds do not support this (ie. 11.2.3) - print("- Allowing FileVault on Root Patched systems") - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Force FileVault on Broken Seal")["Enabled"] = True - # Lets us check in sys_patch.py if config supports FileVault - self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_fv" - - if self.constants.disable_cs_lv is True: - print("- Disabling Library Validation") - # In Ventura, LV patch broke. For now, add AMFI arg - # Before merging into mainline, this needs to be resolved - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Disable Library Validation Enforcement")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Disable _csr_check() in _vnode_check_signature")["Enabled"] = True - if self.constants.disable_amfi is True: - self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " amfi=0x80" - self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_amfi" - # CSLVFixup simply patches out __RESTRICT and __restrict out of the Music.app Binary - # Ref: https://pewpewthespells.com/blog/blocking_code_injection_on_ios_and_os_x.html - support.build_support(self.model, self.constants, self.config).enable_kext("CSLVFixup.kext", self.constants.cslvfixup_version, self.constants.cslvfixup_path) - if self.constants.secure_status is False: - print("- Disabling SecureBootModel") - self.config["Misc"]["Security"]["SecureBootModel"] = "Disabled" - if self.constants.force_vmm is True: - print("- Forcing VMM patchset to support OTA updates") - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (1)")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (2) Legacy")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (2) Ventura")["Enabled"] = True - if self.constants.serial_settings in ["Moderate", "Advanced"]: - print("- Enabling USB Rename Patches") - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["ACPI"]["Patch"], "Comment", "XHC1 to SHC1")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["ACPI"]["Patch"], "Comment", "EHC1 to EH01")["Enabled"] = True - support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["ACPI"]["Patch"], "Comment", "EHC2 to EH02")["Enabled"] = True - if self.constants.custom_cpu_model == 0 or self.constants.custom_cpu_model == 1: - self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["revcpu"] = self.constants.custom_cpu_model - if self.constants.custom_cpu_model_value != "": - print(f"- Adding custom CPU Name: {self.constants.custom_cpu_model_value}") - self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["revcpuname"] = self.constants.custom_cpu_model_value - else: - print("- Adding CPU Name Patch") - if support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("RestrictEvents.kext")["Enabled"] is False: - support.build_support(self.model, self.constants, self.config).enable_kext("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path) - if self.model == self.constants.override_smbios: - print("- Adding -no_compat_check") - self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " -no_compat_check" - if self.constants.disk != "": - self.disk_type() if self.constants.validate is False: print("- Adding bootmgfw.efi BlessOverride") self.config["Misc"]["BlessOverride"] += ["\\EFI\\Microsoft\\Boot\\bootmgfw.efi"] - if support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("RestrictEvents.kext")["Enabled"] is False: # Ensure this is done at the end so all previous RestrictEvents patches are applied # RestrictEvents and EFICheckDisabler will conflict if both are injected diff --git a/resources/build/graphics_audio.py b/resources/build/graphics_audio.py index a336bd793..cb4f17f95 100644 --- a/resources/build/graphics_audio.py +++ b/resources/build/graphics_audio.py @@ -23,6 +23,10 @@ class build_graphics_audio: self.firmware_handling() def graphics_handling(self): + if self.constants.allow_oc_everywhere is False and self.constants.serial_settings != "None": + support.build_support(self.model, self.constants, self.config).enable_kext("WhateverGreen.kext", self.constants.whatevergreen_version, self.constants.whatevergreen_path) + + def backlight_path_detection(self): if not self.constants.custom_model and self.computer.dgpu and self.computer.dgpu.pci_path: self.gfx0_path = self.computer.dgpu.pci_path diff --git a/resources/build/misc.py b/resources/build/misc.py new file mode 100644 index 000000000..140170ec4 --- /dev/null +++ b/resources/build/misc.py @@ -0,0 +1,217 @@ + +from resources import constants, device_probe, utilities, generate_smbios +from resources.build import support +from data import model_array, smbios_data, cpu_data + +import binascii, shutil +from pathlib import Path + + +class build_misc: + + def __init__(self, model, versions, config): + self.model = model + self.constants: constants.Constants = versions + self.config = config + self.computer = self.constants.computer + + def rmtree_handler(func, path, exc_info): + if exc_info[0] == FileNotFoundError: + return + raise # pylint: disable=misplaced-bare-raise + + def build(self): + self.feature_unlock_handling() + self.restrict_events_handling() + self.firewire_handling() + self.trackpad_handling() + self.thunderbolt_handling() + self.webcam_handling() + self.usb_handling() + self.debug_handling() + self.cpu_friend_handling() + self.general_oc_handling() + + def feature_unlock_handling(self): + if self.constants.fu_status is True: + support.build_support(self.model, self.constants, self.config).enable_kext("FeatureUnlock.kext", self.constants.featureunlock_version, self.constants.featureunlock_path) + if self.constants.fu_arguments is not None: + print(f"- Adding additional FeatureUnlock args: {self.constants.fu_arguments}") + self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += self.constants.fu_arguments + + def restrict_events_handling(self): + block_args = "" + if self.model in ["MacBookPro6,1", "MacBookPro6,2", "MacBookPro9,1", "MacBookPro10,1"]: + block_args += "gmux," + if self.model in model_array.MacPro: + print("- Disabling memory error reporting") + block_args += "pcie," + gpu_dict = [] + if not self.constants.custom_model: + gpu_dict = self.constants.computer.gpus + else: + if self.model in smbios_data.smbios_dictionary: + gpu_dict = smbios_data.smbios_dictionary[self.model]["Stock GPUs"] + for gpu in gpu_dict: + if not self.constants.custom_model: + gpu = gpu.arch + if gpu in [ + device_probe.Intel.Archs.Ivy_Bridge, + device_probe.Intel.Archs.Haswell, + device_probe.NVIDIA.Archs.Kepler, + ]: + print("- Disabling mediaanalysisd") + block_args += "media," + break + if block_args.endswith(","): + block_args = block_args[:-1] + + if block_args != "": + print(f"- Setting RestrictEvents block arguments: {block_args}") + if support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("RestrictEvents.kext")["Enabled"] is False: + support.build_support(self.model, self.constants, self.config).enable_kext("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path) + self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["revblock"] = block_args + + patch_args = "" + if support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (1)")["Enabled"] is True and self.constants.set_content_caching is True: + print("- Fixing Content Caching support") + patch_args += "content-caching," + + if patch_args.endswith(","): + patch_args = patch_args[:-1] + + if block_args != "" and patch_args == "": + # Disable unneeded Userspace patching (cs_validate_page is quite expensive) + patch_args = "none" + + if patch_args != "": + print(f"- Setting RestrictEvents patch arguments: {patch_args}") + if support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("RestrictEvents.kext")["Enabled"] is False: + support.build_support(self.model, self.constants, self.config).enable_kext("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path) + self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["revpatch"] = patch_args + + if self.constants.custom_cpu_model == 0 or self.constants.custom_cpu_model == 1: + self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["revcpu"] = self.constants.custom_cpu_model + if self.constants.custom_cpu_model_value != "": + print(f"- Adding custom CPU Name: {self.constants.custom_cpu_model_value}") + self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["revcpuname"] = self.constants.custom_cpu_model_value + else: + print("- Adding CPU Name Patch") + if support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("RestrictEvents.kext")["Enabled"] is False: + support.build_support(self.model, self.constants, self.config).enable_kext("RestrictEvents.kext", self.constants.restrictevents_version, self.constants.restrictevents_path) + + + def cpu_friend_handling(self): + if self.model not in ["iMac7,1", "Xserve2,1", "Dortania1,1"] and self.constants.disallow_cpufriend is False and self.constants.serial_settings != "None": + support.build_support(self.model, self.constants, self.config).enable_kext("CPUFriend.kext", self.constants.cpufriend_version, self.constants.cpufriend_path) + + # CPUFriend + if self.model not in ["iMac7,1", "Xserve2,1", "Dortania1,1"] and self.constants.serial_settings != "None": + pp_map_path = Path(self.constants.platform_plugin_plist_path) / Path(f"{self.model}/Info.plist") + if not pp_map_path.exists(): + raise Exception(f"{pp_map_path} does not exist!!! Please file an issue stating file is missing for {self.model}.") + Path(self.constants.pp_kext_folder).mkdir() + Path(self.constants.pp_contents_folder).mkdir() + shutil.copy(pp_map_path, self.constants.pp_contents_folder) + support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("CPUFriendDataProvider.kext")["Enabled"] = True + + def firewire_handling(self): + if self.constants.firewire_boot is True and generate_smbios.check_firewire(self.model) is True: + # Enable FireWire Boot Support + # Applicable for both native FireWire and Thunderbolt to FireWire adapters + print("- Enabling FireWire Boot Support") + support.build_support(self.model, self.constants, self.config).enable_kext("IOFireWireFamily.kext", self.constants.fw_kext, self.constants.fw_family_path) + support.build_support(self.model, self.constants, self.config).enable_kext("IOFireWireSBP2.kext", self.constants.fw_kext, self.constants.fw_sbp2_path) + support.build_support(self.model, self.constants, self.config).enable_kext("IOFireWireSerialBusProtocolTransport.kext", self.constants.fw_kext, self.constants.fw_bus_path) + support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("IOFireWireFamily.kext/Contents/PlugIns/AppleFWOHCI.kext")["Enabled"] = True + + def trackpad_handling(self): + # Pre-Force Touch trackpad support for macOS Ventura + if smbios_data.smbios_dictionary[self.model]["CPU Generation"] < cpu_data.cpu_data.skylake.value: + if self.model.startswith("MacBook"): + # These units got force touch early, so ignore them + if self.model not in ["MacBookPro11,4", "MacBookPro11,5", "MacBookPro12,1", "MacBook8,1"]: + support.build_support(self.model, self.constants, self.config).enable_kext("AppleUSBTopCase.kext", self.constants.topcase_version, self.constants.top_case_path) + support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCButtons.kext")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCKeyboard.kext")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCKeyEventDriver.kext")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).enable_kext("AppleUSBMultitouch.kext", self.constants.multitouch_version, self.constants.multitouch_path) + # Legacy Trackpad support + if self.model in ["MacBook4,1", "MacBook5,2"]: + support.build_support(self.model, self.constants, self.config).enable_kext("AppleUSBTrackpad.kext", self.constants.apple_trackpad, self.constants.apple_trackpad_path) + + def thunderbolt_handling(self): + if self.constants.disable_tb is True and self.model in ["MacBookPro11,1", "MacBookPro11,2", "MacBookPro11,3", "MacBookPro11,4", "MacBookPro11,5"]: + print("- Disabling 2013-2014 laptop Thunderbolt Controller") + if self.model in ["MacBookPro11,3", "MacBookPro11,5"]: + # 15" dGPU models: IOACPIPlane:/_SB/PCI0@0/PEG1@10001/UPSB@0/DSB0@0/NHI0@0 + tb_device_path = "PciRoot(0x0)/Pci(0x1,0x1)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)" + else: + # 13" and 15" iGPU 2013-2014 models: IOACPIPlane:/_SB/PCI0@0/P0P2@10000/UPSB@0/DSB0@0/NHI0@0 + tb_device_path = "PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)" + + self.config["DeviceProperties"]["Add"][tb_device_path] = {"class-code": binascii.unhexlify("FFFFFFFF"), "device-id": binascii.unhexlify("FFFF0000")} + + def webcam_handling(self): + # Legacy iSight patches + if "Legacy iSight" in smbios_data.smbios_dictionary[self.model]: + if smbios_data.smbios_dictionary[self.model]["Legacy iSight"] is True: + support.build_support(self.model, self.constants, self.config).enable_kext("LegacyUSBVideoSupport.kext", self.constants.apple_isight_version, self.constants.apple_isight_path) + + def usb_handling(self): + # USB Map + usb_map_path = Path(self.constants.plist_folder_path) / Path("AppleUSBMaps/Info.plist") + if ( + usb_map_path.exists() + and (self.constants.allow_oc_everywhere is False or self.constants.allow_native_spoofs is True) + and self.model not in ["Xserve2,1", "Dortania1,1"] + and ( + (self.model in model_array.Missing_USB_Map or self.model in model_array.Missing_USB_Map_Ventura) + or self.constants.serial_settings in ["Moderate", "Advanced"]) + ): + print("- Adding USB-Map.kext") + Path(self.constants.map_kext_folder).mkdir() + Path(self.constants.map_contents_folder).mkdir() + shutil.copy(usb_map_path, self.constants.map_contents_folder) + support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("USB-Map.kext")["Enabled"] = True + if self.model in model_array.Missing_USB_Map_Ventura and self.constants.serial_settings not in ["Moderate", "Advanced"]: + support.build_support(self.model, self.constants, self.config).get_kext_by_bundle_path("USB-Map.kext")["MinKernel"] = "22.0.0" + + + def debug_handling(self): + # DEBUG Settings + if self.constants.verbose_debug is True: + print("- Enabling Verbose boot") + self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " -v" + if self.constants.kext_debug is True: + print("- Enabling DEBUG Kexts") + self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " -liludbgall liludump=90" + # Disabled due to macOS Monterey crashing shortly after kernel init + # Use DebugEnhancer.kext instead + # self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " msgbuf=1048576" + support.build_support(self.model, self.constants, self.config).enable_kext("DebugEnhancer.kext", self.constants.debugenhancer_version, self.constants.debugenhancer_path) + if self.constants.opencore_debug is True: + print("- Enabling DEBUG OpenCore") + self.config["Misc"]["Debug"]["Target"] = 0x43 + self.config["Misc"]["Debug"]["DisplayLevel"] = 0x80000042 + + def general_oc_handling(self): + # Add OpenCanopy + print("- Adding OpenCanopy GUI") + shutil.rmtree(self.constants.resources_path, onerror=self.rmtree_handler) + shutil.copy(self.constants.gui_path, self.constants.oc_folder) + support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("OpenCanopy.efi", "UEFI", "Drivers")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("OpenRuntime.efi", "UEFI", "Drivers")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("OpenLinuxBoot.efi", "UEFI", "Drivers")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("ResetNvramEntry.efi", "UEFI", "Drivers")["Enabled"] = True + + + if self.constants.showpicker is True: + print("- Enabling ShowPicker") + self.config["Misc"]["Boot"]["ShowPicker"] = True + else: + print("- Hiding OpenCore picker") + self.config["Misc"]["Boot"]["ShowPicker"] = False + if self.constants.oc_timeout != 5: + print(f"- Setting custom OpenCore picker timeout to {self.constants.oc_timeout} seconds") + self.config["Misc"]["Boot"]["Timeout"] = self.constants.oc_timeout \ No newline at end of file diff --git a/resources/build/security.py b/resources/build/security.py index 77802d2f4..9aaafa584 100644 --- a/resources/build/security.py +++ b/resources/build/security.py @@ -14,4 +14,51 @@ class build_security: def build(self): - return \ No newline at end of file + if self.constants.vault is True: + print("- Setting Vault configuration") + self.config["Misc"]["Security"]["Vault"] = "Secure" + support.build_support(self.model, self.constants, self.config).get_efi_binary_by_path("OpenShell.efi", "Misc", "Tools")["Enabled"] = False + if self.constants.sip_status is False or self.constants.custom_sip_value: + # Work-around 12.3 bug where Electron apps no longer launch with SIP lowered + # Unknown whether this is intended behavior or not, revisit with 12.4 + print("- Adding ipc_control_port_options=0 to boot-args") + self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " ipc_control_port_options=0" + # Adds AutoPkgInstaller for Automatic OpenCore-Patcher installation + # Only install if running the GUI (AutoPkg-Assets.pkg requires the GUI) + if self.constants.wxpython_variant is True: + support.build_support(self.model, self.constants, self.config).enable_kext("AutoPkgInstaller.kext", self.constants.autopkg_version, self.constants.autopkg_path) + if self.constants.custom_sip_value: + print(f"- Setting SIP value to: {self.constants.custom_sip_value}") + self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = utilities.string_to_hex(self.constants.custom_sip_value.lstrip("0x")) + elif self.constants.sip_status is False: + print("- Set SIP to allow Root Volume patching") + self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = binascii.unhexlify("03080000") + + # apfs.kext has an undocumented boot-arg that allows FileVault usage on broken APFS seals (-arv_allow_fv) + # This is however hidden behind kern.development, thus we patch _apfs_filevault_allowed to always return true + # Note this function was added in 11.3 (20E232, 20.4), older builds do not support this (ie. 11.2.3) + print("- Allowing FileVault on Root Patched systems") + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Force FileVault on Broken Seal")["Enabled"] = True + # Lets us check in sys_patch.py if config supports FileVault + self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_fv" + + if self.constants.disable_cs_lv is True: + print("- Disabling Library Validation") + # In Ventura, LV patch broke. For now, add AMFI arg + # Before merging into mainline, this needs to be resolved + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Disable Library Validation Enforcement")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Disable _csr_check() in _vnode_check_signature")["Enabled"] = True + if self.constants.disable_amfi is True: + self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " amfi=0x80" + self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_amfi" + # CSLVFixup simply patches out __RESTRICT and __restrict out of the Music.app Binary + # Ref: https://pewpewthespells.com/blog/blocking_code_injection_on_ios_and_os_x.html + support.build_support(self.model, self.constants, self.config).enable_kext("CSLVFixup.kext", self.constants.cslvfixup_version, self.constants.cslvfixup_path) + if self.constants.secure_status is False: + print("- Disabling SecureBootModel") + self.config["Misc"]["Security"]["SecureBootModel"] = "Disabled" + if self.constants.force_vmm is True: + print("- Forcing VMM patchset to support OTA updates") + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (1)")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (2) Legacy")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (2) Ventura")["Enabled"] = True diff --git a/resources/build/smbios.py b/resources/build/smbios.py index fa136def2..8588d7b76 100644 --- a/resources/build/smbios.py +++ b/resources/build/smbios.py @@ -1,5 +1,6 @@ from resources import constants, utilities, generate_smbios +from resources.build import support from data import smbios_data, cpu_data, model_array import subprocess, plistlib, binascii, uuid, ast @@ -12,6 +13,41 @@ class build_smbios: self.constants: constants.Constants = versions self.config = config + def build(self): + if self.constants.allow_oc_everywhere is False or self.constants.allow_native_spoofs is True: + if self.constants.serial_settings == "None": + # Credit to Parrotgeek1 for boot.efi and hv_vmm_present patch sets + # print("- Enabling Board ID exemption patch") + # support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Booter"]["Patch"], "Comment", "Skip Board ID check")["Enabled"] = True + + print("- Enabling VMM exemption patch") + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (1)")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (2) Legacy")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Reroute kern.hv_vmm_present patch (2) Ventura")["Enabled"] = True + + # Patch HW_BID to OC_BID + # Set OC_BID to iMac18,1 Board ID (Mac-F60DEB81FF30ACF6) + # Goal is to only allow OS booting through OCLP, otherwise failing + print("- Enabling HW_BID reroute") + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Booter"]["Patch"], "Comment", "Reroute HW_BID to OC_BID")["Enabled"] = True + self.config["NVRAM"]["Add"]["4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14"]["OC_BID"] = "Mac-BE088AF8C5EB4FA2" + self.config["NVRAM"]["Delete"]["4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14"] += ["OC_BID"] + else: + print("- Enabling SMC exemption patch") + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["Kernel"]["Patch"], "Identifier", "com.apple.driver.AppleSMC")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).enable_kext("SMC-Spoof.kext", self.constants.smcspoof_version, self.constants.smcspoof_path) + + + + if self.constants.serial_settings in ["Moderate", "Advanced"]: + print("- Enabling USB Rename Patches") + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["ACPI"]["Patch"], "Comment", "XHC1 to SHC1")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["ACPI"]["Patch"], "Comment", "EHC1 to EH01")["Enabled"] = True + support.build_support(self.model, self.constants, self.config).get_item_by_kv(self.config["ACPI"]["Patch"], "Comment", "EHC2 to EH02")["Enabled"] = True + + if self.model == self.constants.override_smbios: + print("- Adding -no_compat_check") + self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " -no_compat_check" def set_smbios(self): spoofed_model = self.model