timamsk/OpenCore-Legacy-Patcher
1
0
Fork 0
mirror of https://github.com/dortania/OpenCore-Legacy-Patcher.git synced 2026-06-20 14:10:51 +10:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into vmm

Browse Source
This commit is contained in:
Mykola Grymalyuk
2021-10-17 11:25:40 -06:00
committed by GitHub
parent 6381910639 0ff6a18e83
commit 9f4d96d446
9 changed files with 79 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
resources/build.py
+13 -3
View File
@@ -723,7 +723,10 @@ class BuildOpenCore:
print("- Setting Vault configuration")
self.config["Misc"]["Security"]["Vault"] = "Secure"
self.get_efi_binary_by_path("OpenShell.efi", "Misc", "Tools")["Enabled"] = False
if self.constants.sip_status is False:
if self.constants.custom_sip_value:
print(f"- Setting SIP value to: {self.constants.custom_sip_value}")
self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = utilities.string_to_hex(self.constants.custom_sip_value.lstrip("0x"))
elif self.constants.sip_status is False:
print("- Disabling SIP")
self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = binascii.unhexlify("030E0000")
# if self.constants.amfi_status is False:
@@ -1042,8 +1045,15 @@ class BuildOpenCore:
def sign_files(self):
if self.constants.vault is True:
print("- Vaulting EFI")
subprocess.run([str(self.constants.vault_path), f"{self.constants.oc_folder}/"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
if utilities.check_command_line_tools() is True:
# sign.command checks for the existance of '/usr/bin/strings' however does not verify whether it's executable
# sign.command will continue to run and create an unbootable OpenCore.efi due to the missing strings binary
# macOS has dummy binaries that just reroute to the actual binaries after you install Xcode's Command Line Tools
print("- Vaulting EFI")
subprocess.run([str(self.constants.vault_path), f"{self.constants.oc_folder}/"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
else:
print("- Missing Command Line tools, skipping Vault for saftey reasons")
print("- Install via 'xcode-select --install' and rerun OCLP if you wish to vault this config")
def build_opencore(self):
self.build_efi()
resources/cli_menu.py
+28 -2
View File
@@ -163,7 +163,7 @@ Note: For security reasons, OpenShell will be disabled when Vault is set.
utilities.cls()
utilities.header(["Set System Integrity protection"])
print(
"""SIP is used to ensure proper secuirty measures are set,
f"""SIP is used to ensure proper secuirty measures are set,
however to patch the root volume this must be disabled.
Only disable is absolutely necessary. SIP value = 0xE03
@@ -171,6 +171,7 @@ Valid options:
1. Enable SIP
2. Disable SIP
3. Set Custom SIP value {self.constants.custom_sip_value}
Q. Return to previous menu
"""
@@ -180,6 +181,8 @@ Q. Return to previous menu
self.constants.sip_status = True
elif change_menu == "2":
self.constants.sip_status = False
elif change_menu == "3":
self.set_custom_sip_value()
elif change_menu in {"q", "Q", "Quit", "quit"}:
print("Returning to previous menu")
else:
@@ -766,6 +769,29 @@ the event there's issues.
print("Returning to previous menu")
else:
self.set_surplus()
def set_custom_sip_value(self):
utilities.cls()
utilities.header(["Set Custom SIP Value"])
print(
"""
By default OCLP will use the SIP value of 0x00 as the enabled and
0xE03 for machines that require root patching. For users who wish
to flip additional bits in SIP may use this option.
To disable SIP outright, set it to 0xFEF
"""
)
change_menu = input("Set Custom SIP Value (0xFEF): ")
try:
# Verify whether input is a valid hex value
int(change_menu, 16)
# Convert to binary hex
self.constants.custom_sip_value = change_menu
except ValueError:
print("Invalid input, returning to previous menu")
self.set_custom_sip_value()
def credits(self):
utilities.TUIOnlyPrint(
@@ -914,7 +940,7 @@ system_profiler SPHardwareDataType | grep 'Model Identifier'
# MenuOptions(self.constants.custom_model or self.constants.computer.real_model, self.constants).set_amfi,
# ],
[
f"Set System Integrity Protection (SIP):\tCurrently {self.constants.sip_status}",
f"Set System Integrity Protection (SIP):\tCurrently {self.constants.custom_sip_value or self.constants.sip_status}",
MenuOptions(self.constants.custom_model or self.constants.computer.real_model, self.constants).change_sip,
],
[
resources/constants.py
+1
View File
@@ -158,6 +158,7 @@ class Constants:
self.disable_msr_power_ctl = False # Disable MSR Power Control (missing battery throttling)
self.software_demux = False # Enable Software Demux patch set
self.force_vmm = False # Force VMM patch
self.custom_sip_value = None # Set custom SIP value
# OS Versions
## Based off Major Kernel Version
resources/utilities.py
+12 -4
View File
@@ -196,10 +196,10 @@ def patching_status(os_sip, os):
# Catalina and older supports individually disabling Library Validation
amfi_enabled = False
if (
get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False)
and get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False) not in constants.Constants().sbm_values
):
if get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False):
if get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False) not in constants.Constants().sbm_values:
sbm_enabled = False
else:
sbm_enabled = False
if get_nvram("csr-active-config", decode=False) and csr_decode(get_nvram("csr-active-config", decode=False), os_sip) is False:
@@ -238,6 +238,14 @@ def cls():
else:
print("\u001Bc")
def check_command_line_tools():
# Determine whether Command Line Tools exist
# xcode-select -p
xcode_select = subprocess.run("xcode-select -p".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
if xcode_select.returncode == 0:
return True
else:
return False
def get_nvram(variable: str, uuid: str = None, *, decode: bool = False):
# TODO: Properly fix for El Capitan, which does not print the XML representation even though we say to