Allow FileVault on Root Patched systems

2026-04-13 20:28:21 +10:00 · 2021-09-12 10:34:28 -06:00
parent a907e05bca
commit ab4089c37b
4 changed files with 41 additions and 2 deletions
--- a/OpenCore-Patcher.command
+++ b/OpenCore-Patcher.command
@@ -44,9 +44,10 @@ class OpenCoreLegacyPatcher:
                # self.constants.secure_status = True  # Monterey
                self.constants.amfi_status = True
            else:
-                self.constants.sip_status = False  # Unsigned kexts
+                self.constants.sip_status = False  #    Unsigned kexts
                self.constants.secure_status = False  # Root volume modified
-                self.constants.amfi_status = False  # Unsigned binaries
+                self.constants.amfi_status = False  #   Unsigned binaries
+                self.constants.allow_fv_root = True  #  Allow FileVault on broken seal
        if model in ModelArray.ModernGPU:
            if host_is_target and model in ["iMac13,1", "iMac13,3"] and self.computer.dgpu:
                # Some models have a supported dGPU, others don't
--- a/Resources/Build.py
+++ b/Resources/Build.py
@@ -686,6 +686,13 @@ class BuildOpenCore:
        if self.model in ModelArray.dGPU_switch:
            print("- Allowing GMUX switching in Windows")
            self.config["Booter"]["Quirks"]["SignalAppleOS"] = True
+        # if self.constants.allow_fv_root is True:
+            # apfs.kext has an undocumented boot-arg that allows FileVault usage on broken APFS seals (-arv_allow_fv)
+            # This is however hidden behind kern.development, thus we patch _apfs_filevault_allowed to always return true
+            # Note this function was added in 11.3 (20E232, 20.4), older builds do not support this (ie. 11.2.3)
+        print("- Allowing FileVault on Root Patched systems")
+        self.get_item_by_kv(self.config["Kernel"]["Patch"], "Identifier", "com.apple.filesystems.apfs")["Enabled"] = True
+

    def set_smbios(self):
        spoofed_model = self.model
--- a/Resources/Constants.py
+++ b/Resources/Constants.py
@@ -118,6 +118,7 @@ class Constants:
        self.os_support = 12.0
        self.detected_os = 0  #        Major Kernel Version
        self.detected_os_minor = 0  #  Minor Kernel Version
+        self.allow_fv_root = False  #  Allow FileVault on broken sealed snapshots

        ## Boot Volume Settings
        self.firewire_boot = False  # Allow macOS FireWire Boot
--- a/payloads/Config/config.plist
+++ b/payloads/Config/config.plist
@@ -1032,6 +1032,36 @@
 				<key>Skip</key>
 				<integer>0</integer>
 			</dict>
+			<dict>
+				<key>Arch</key>
+				<string>x86_64</string>
+				<key>Base</key>
+				<string>_apfs_filevault_allowed</string>
+				<key>Comment</key>
+				<string>Force FileVault on Broken Seal</string>
+				<key>Count</key>
+				<integer>0</integer>
+				<key>Enabled</key>
+				<false/>
+				<key>Find</key>
+				<data></data>
+				<key>Identifier</key>
+				<string>com.apple.filesystems.apfs</string>
+				<key>Limit</key>
+				<integer>0</integer>
+				<key>Mask</key>
+				<data></data>
+				<key>MaxKernel</key>
+				<string></string>
+				<key>MinKernel</key>
+				<string>20.4.0</string>
+				<key>Replace</key>
+				<data>uAEAAADD</data>
+				<key>ReplaceMask</key>
+				<data></data>
+				<key>Skip</key>
+				<integer>0</integer>
+			</dict>
 		</array>
 		<key>Quirks</key>
 		<dict>