From ab4089c37b6280155f3c70a6abb0de53694e5e2a Mon Sep 17 00:00:00 2001
From: Mykola Grymalyuk <48863253+khronokernel@users.noreply.github.com>
Date: Sun, 12 Sep 2021 10:34:28 -0600
Subject: [PATCH] Allow FileVault on Root Patched systems
---
OpenCore-Patcher.command | 5 +++--
Resources/Build.py | 7 +++++++
Resources/Constants.py | 1 +
payloads/Config/config.plist | 30 ++++++++++++++++++++++++++++++
4 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/OpenCore-Patcher.command b/OpenCore-Patcher.command
index f6ca2d35e..1a75a1d1e 100755
--- a/OpenCore-Patcher.command
+++ b/OpenCore-Patcher.command
@@ -44,9 +44,10 @@ class OpenCoreLegacyPatcher:
# self.constants.secure_status = True # Monterey
self.constants.amfi_status = True
else:
- self.constants.sip_status = False # Unsigned kexts
+ self.constants.sip_status = False # Unsigned kexts
self.constants.secure_status = False # Root volume modified
- self.constants.amfi_status = False # Unsigned binaries
+ self.constants.amfi_status = False # Unsigned binaries
+ self.constants.allow_fv_root = True # Allow FileVault on broken seal
if model in ModelArray.ModernGPU:
if host_is_target and model in ["iMac13,1", "iMac13,3"] and self.computer.dgpu:
# Some models have a supported dGPU, others don't
diff --git a/Resources/Build.py b/Resources/Build.py
index 0d65f7a6a..6b11d9a69 100644
--- a/Resources/Build.py
+++ b/Resources/Build.py
@@ -686,6 +686,13 @@ class BuildOpenCore:
if self.model in ModelArray.dGPU_switch:
print("- Allowing GMUX switching in Windows")
self.config["Booter"]["Quirks"]["SignalAppleOS"] = True
+ # if self.constants.allow_fv_root is True:
+ # apfs.kext has an undocumented boot-arg that allows FileVault usage on broken APFS seals (-arv_allow_fv)
+ # This is however hidden behind kern.development, thus we patch _apfs_filevault_allowed to always return true
+ # Note this function was added in 11.3 (20E232, 20.4), older builds do not support this (ie. 11.2.3)
+ print("- Allowing FileVault on Root Patched systems")
+ self.get_item_by_kv(self.config["Kernel"]["Patch"], "Identifier", "com.apple.filesystems.apfs")["Enabled"] = True
+
def set_smbios(self):
spoofed_model = self.model
diff --git a/Resources/Constants.py b/Resources/Constants.py
index bfc540a29..a45f8f6a2 100644
--- a/Resources/Constants.py
+++ b/Resources/Constants.py
@@ -118,6 +118,7 @@ class Constants:
self.os_support = 12.0
self.detected_os = 0 # Major Kernel Version
self.detected_os_minor = 0 # Minor Kernel Version
+ self.allow_fv_root = False # Allow FileVault on broken sealed snapshots
## Boot Volume Settings
self.firewire_boot = False # Allow macOS FireWire Boot
diff --git a/payloads/Config/config.plist b/payloads/Config/config.plist
index 9f3c367ae..3c03d2685 100644
--- a/payloads/Config/config.plist
+++ b/payloads/Config/config.plist
@@ -1032,6 +1032,36 @@
Skip
0
+
+ Arch
+ x86_64
+ Base
+ _apfs_filevault_allowed
+ Comment
+ Force FileVault on Broken Seal
+ Count
+ 0
+ Enabled
+
+ Find
+
+ Identifier
+ com.apple.filesystems.apfs
+ Limit
+ 0
+ Mask
+
+ MaxKernel
+
+ MinKernel
+ 20.4.0
+ Replace
+ uAEAAADD
+ ReplaceMask
+
+ Skip
+ 0
+
Quirks