diff --git a/Resources/SysPatch.py b/Resources/SysPatch.py index 0885798a8..312e446b9 100644 --- a/Resources/SysPatch.py +++ b/Resources/SysPatch.py @@ -448,14 +448,18 @@ class PatchSysVolume: ) def verify_patch_allowed(self): - self.sip_enabled, self.sbm_enabled, self.amfi_enabled, self.fv_enabled = Utilities.patching_status() + sip = self.constants.root_patch_sip_big_sur if self.constants.detected_os > self.constants.catalina else self.constants.root_patch_sip_mojave + if sip == self.constants.root_patch_sip_mojave: + sip_value = "For Hackintoshes, please set csr-active-config to '03060000' (0x603)\nFor non-OpenCore Macs, please run 'csrutil disable' in RecoveryOS" + else: + sip_value = "For Hackintoshes, please set csr-active-config to '030A0000' (0xA03)\nFor non-OpenCore Macs, please run 'csrutil disable' and \n'csrutil authenticated-root disable' in RecoveryOS" + self.sip_enabled, self.sbm_enabled, self.amfi_enabled, self.fv_enabled = Utilities.patching_status(sip) if self.sip_enabled is True: print("\nCannot patch! Please disable System Integrity Protection (SIP).") print("Disable SIP in Patcher Settings and Rebuild OpenCore\n") print("Ensure the following bits are set for csr-active-config:") - print("\n".join(self.constants.root_patch_sip_big_sur if self.constants.detected_os > self.constants.catalina else self.constants.root_patch_sip_mojave)) - print("For Hackintoshes, please set csr-active-config to '030E0000' (0xE03)") - print("For non-OpenCore Macs, please run 'csrutil disable' and \n'csrutil authenticated-root disable' in RecoveryOS") + print("\n".join(sip)) + print(sip_value) if self.sbm_enabled is True: print("\nCannot patch! Please disable Apple Secure Boot.") diff --git a/Resources/Utilities.py b/Resources/Utilities.py index 710e09a3c..3fa454cff 100644 --- a/Resources/Utilities.py +++ b/Resources/Utilities.py @@ -49,7 +49,7 @@ def get_disk_path(): return root_mount_path -def csr_decode(csr_active_config): +def csr_decode(csr_active_config, os_sip): if csr_active_config is None: csr_active_config = b"\x00\x00\x00\x00" sip_int = int.from_bytes(csr_active_config, byteorder="little") @@ -60,7 +60,7 @@ def csr_decode(csr_active_config): i = i + 1 # Can be adjusted to whatever OS needs patching - sip_needs_change = all(Constants.Constants.csr_values[i] for i in Constants.Constants.root_patch_sip_big_sur) + sip_needs_change = all(Constants.Constants.csr_values[i] for i in os_sip) if sip_needs_change is True: return False else: @@ -71,7 +71,7 @@ def friendly_hex(integer: int): return "{:02X}".format(integer) -def patching_status(): +def patching_status(os_sip): # Detection for Root Patching sip_enabled = True # System Integrity Protection sbm_enabled = True # Secure Boot Status (SecureBootModel) @@ -86,7 +86,7 @@ def patching_status(): if get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False) not in Constants.Constants.sbm_values: sbm_enabled = False - if get_nvram("csr-active-config", decode=False) and csr_decode(get_nvram("csr-active-config", decode=False)) is False: + if get_nvram("csr-active-config", decode=False) and csr_decode(get_nvram("csr-active-config", decode=False), os_sip) is False: sip_enabled = False fv_status: str = subprocess.run("fdesetup status".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout.decode()