diff --git a/CHANGELOG.md b/CHANGELOG.md
index c874843bf..82f509f0c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,10 @@
- Improved menubar blur
- Add Nvidia Kepler GOP Driver injection
- Primarily for GPUs lacking GOPs and can't have a newer VBIOS flashed
+- Resolve Rapid Security Response support for Haswell Macs requiring KDKs
+ - Implemented via:
+ - Userspace: RSRRepair at `/etc/rc.server` (2b1c9e3)
+ - Kernelspace: RSRHelper.kext (cbe1be9)
- Increment Binaries:
- OpenCorePkg 0.8.8 - release
- PatcherSupportPkg 0.8.0 - release
diff --git a/payloads/Config/config.plist b/payloads/Config/config.plist
index 2cb5d5964..83d2492e8 100644
--- a/payloads/Config/config.plist
+++ b/payloads/Config/config.plist
@@ -1545,6 +1545,24 @@
PlistPath
Contents/Info.plist
+
+ Arch
+ x86_64
+ BundlePath
+ RSRHelper.kext
+ Comment
+ RSRHelper
+ Enabled
+
+ ExecutablePath
+ Contents/MacOS/RSRHelper
+ MaxKernel
+
+ MinKernel
+ 20.0.0
+ PlistPath
+ Contents/Info.plist
+
Block
diff --git a/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-DEBUG.zip b/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-DEBUG.zip
new file mode 100644
index 000000000..b167bad7e
Binary files /dev/null and b/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-DEBUG.zip differ
diff --git a/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-RELEASE.zip b/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-RELEASE.zip
new file mode 100644
index 000000000..928b4f37e
Binary files /dev/null and b/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-RELEASE.zip differ
diff --git a/payloads/Tools/RSRRepair b/payloads/Tools/RSRRepair
new file mode 100755
index 000000000..88eb01961
Binary files /dev/null and b/payloads/Tools/RSRRepair differ
diff --git a/resources/build/security.py b/resources/build/security.py
index fed93466d..0a89639b1 100644
--- a/resources/build/security.py
+++ b/resources/build/security.py
@@ -41,6 +41,12 @@ class build_security:
# Lets us check in sys_patch.py if config supports FileVault
self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_fv"
+ # Patch KC UUID panics due to RSR installation
+ # - Ref: https://github.com/dortania/OpenCore-Legacy-Patcher/issues/1019
+ print("- Enabling KC UUID mismatch patch")
+ self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " -nokcmismatchpanic"
+ support.build_support(self.model, self.constants, self.config).enable_kext("RSRHelper.kext", self.constants.rsrhelper_version, self.constants.rsrhelper_path)
+
if self.constants.disable_cs_lv is True:
print("- Disabling Library Validation")
# In Ventura, LV patch broke. For now, add AMFI arg
diff --git a/resources/constants.py b/resources/constants.py
index d589070f5..57e765780 100644
--- a/resources/constants.py
+++ b/resources/constants.py
@@ -79,6 +79,7 @@ class Constants:
self.mce_version = "1.0.0" # AppleMCEReporterDisabler
self.btspoof_version = "1.0.0" # Bluetooth-Spoof
self.aspp_override_version = "1.0.1" # ACPI_SMC_PlatformPlugin Override
+ self.rsrhelper_version = "1.0.0" # RSRHelper
## Syncretic
## https://forums.macrumors.com/members/syncretic.1173816/
@@ -448,6 +449,10 @@ class Constants:
def cryptexfixup_path(self):
return self.payload_kexts_path / Path(f"Acidanthera/CryptexFixup-v{self.cryptexfixup_version}-{self.kext_variant}.zip")
+ @property
+ def rsrhelper_path(self):
+ return self.payload_kexts_path / Path(f"Acidanthera/RSRHelper-v{self.rsrhelper_version}-{self.kext_variant}.zip")
+
@property
def innie_path(self):
return self.payload_kexts_path / Path(f"Misc/Innie-v{self.innie_version}.zip")
@@ -590,6 +595,10 @@ class Constants:
def oclp_helper_path(self):
return self.payload_path / Path("Tools/OCLP-Helper")
+ @property
+ def rsrrepair_userspace_path(self):
+ return self.payload_path / Path("Tools/RSRRepair")
+
# Icons
@property
def app_icon_path(self):
diff --git a/resources/sys_patch/sys_patch.py b/resources/sys_patch/sys_patch.py
index 4b2118152..a5867ae65 100644
--- a/resources/sys_patch/sys_patch.py
+++ b/resources/sys_patch/sys_patch.py
@@ -295,6 +295,9 @@ class PatchSysVolume:
for file in ["KextPolicy", "KextPolicy-shm", "KextPolicy-wal"]:
self.remove_file("/private/var/db/SystemPolicyConfiguration/", file)
+ else:
+ # Install RSRHelper utility to handle desynced KCs
+ sys_patch_helpers.sys_patch_helpers(self.constants).install_rsr_repair_binary()
print("- Successfully built new kernel cache")
return True
diff --git a/resources/sys_patch/sys_patch_helpers.py b/resources/sys_patch/sys_patch_helpers.py
index 18511562b..42301ace2 100644
--- a/resources/sys_patch/sys_patch_helpers.py
+++ b/resources/sys_patch/sys_patch_helpers.py
@@ -183,4 +183,24 @@ class sys_patch_helpers:
if did_find:
with open(file_path, "wb") as f:
plistlib.dump(data, f, sort_keys=False)
- subprocess.run(["killall", "NotificationCenter"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
\ No newline at end of file
+ subprocess.run(["killall", "NotificationCenter"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+
+
+ def install_rsr_repair_binary(self):
+ # With macOS 13.2, Apple implemented the Rapid Security Response System
+ # However Apple added a half baked snapshot reversion system if seal was broken,
+ # which forgets to handle Preboot BootKC syncing
+
+ # Thus this application will try to re-sync the BootKC with SysKC in the event of a panic
+ # Reference: https://github.com/dortania/OpenCore-Legacy-Patcher/issues/1019
+
+ # This is a (hopefully) temporary work-around, however likely to stay.
+ # RSRRepair has the added bonus of fixing desynced KCs from 'bless', so useful in Big Sur+
+
+ if self.constants.detected_os < os_data.os_data.big_sur:
+ return
+
+ print("- Installing RSRRepair userspace utility")
+ result = utilities.elevated([self.constants.rsrrepair_userspace_path, "--install"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ if result.returncode != 0:
+ print(f" - Failed to install RSRRepair: {result.stdout.decode()}")
\ No newline at end of file