sys_patch: Implement RSR handling for root patched Macs

Ref: https://github.com/dortania/OpenCore-Legacy-Patcher/issues/1019
2026-04-23 19:40:15 +10:00 · 2023-01-09 23:03:18 -07:00
parent 6504442d4f
commit bebbf646e1
9 changed files with 61 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,10 @@
  - Improved menubar blur
 - Add Nvidia Kepler GOP Driver injection
  - Primarily for GPUs lacking GOPs and can't have a newer VBIOS flashed
 - Resolve Rapid Security Response support for Haswell Macs requiring KDKs
  - Implemented via:
    - Userspace: RSRRepair at `/etc/rc.server` (2b1c9e3)
    - Kernelspace: RSRHelper.kext (cbe1be9)
 - Increment Binaries:
  - OpenCorePkg 0.8.8 - release
  - PatcherSupportPkg 0.8.0 - release
--- a/payloads/Config/config.plist
+++ b/payloads/Config/config.plist
@@ -1545,6 +1545,24 @@
 				<key>PlistPath</key>
 				<string>Contents/Info.plist</string>
 			</dict>
 			<dict>
 				<key>Arch</key>
 				<string>x86_64</string>
 				<key>BundlePath</key>
 				<string>RSRHelper.kext</string>
 				<key>Comment</key>
 				<string>RSRHelper</string>
 				<key>Enabled</key>
 				<false/>
 				<key>ExecutablePath</key>
 				<string>Contents/MacOS/RSRHelper</string>
 				<key>MaxKernel</key>
 				<string></string>
 				<key>MinKernel</key>
 				<string>20.0.0</string>
 				<key>PlistPath</key>
 				<string>Contents/Info.plist</string>
 			</dict>
 		</array>
 		<key>Block</key>
 		<array/>
--- a/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-DEBUG.zip
+++ b/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-DEBUG.zip
--- a/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-RELEASE.zip
+++ b/payloads/Kexts/Acidanthera/RSRHelper-v1.0.0-RELEASE.zip
--- a/payloads/Tools/RSRRepair
+++ b/payloads/Tools/RSRRepair
--- a/resources/build/security.py
+++ b/resources/build/security.py
@@ -41,6 +41,12 @@ class build_security:
            # Lets us check in sys_patch.py if config supports FileVault
            self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += " -allow_fv"
            # Patch KC UUID panics due to RSR installation
            # - Ref: https://github.com/dortania/OpenCore-Legacy-Patcher/issues/1019
            print("- Enabling KC UUID mismatch patch")
            self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " -nokcmismatchpanic"
            support.build_support(self.model, self.constants, self.config).enable_kext("RSRHelper.kext", self.constants.rsrhelper_version, self.constants.rsrhelper_path)
        if self.constants.disable_cs_lv is True:
            print("- Disabling Library Validation")
            # In Ventura, LV patch broke. For now, add AMFI arg
--- a/resources/constants.py
+++ b/resources/constants.py
@@ -79,6 +79,7 @@ class Constants:
        self.mce_version = "1.0.0"  #                AppleMCEReporterDisabler
        self.btspoof_version = "1.0.0"  #            Bluetooth-Spoof
        self.aspp_override_version = "1.0.1"  #      ACPI_SMC_PlatformPlugin Override
        self.rsrhelper_version = "1.0.0"  #          RSRHelper
        ## Syncretic
        ## https://forums.macrumors.com/members/syncretic.1173816/
@@ -448,6 +449,10 @@ class Constants:
    def cryptexfixup_path(self):
        return self.payload_kexts_path / Path(f"Acidanthera/CryptexFixup-v{self.cryptexfixup_version}-{self.kext_variant}.zip")
    @property
    def rsrhelper_path(self):
        return self.payload_kexts_path / Path(f"Acidanthera/RSRHelper-v{self.rsrhelper_version}-{self.kext_variant}.zip")
    @property
    def innie_path(self):
        return self.payload_kexts_path / Path(f"Misc/Innie-v{self.innie_version}.zip")
@@ -590,6 +595,10 @@ class Constants:
    def oclp_helper_path(self):
        return self.payload_path / Path("Tools/OCLP-Helper")
    @property
    def rsrrepair_userspace_path(self):
        return self.payload_path / Path("Tools/RSRRepair")
    # Icons
    @property
    def app_icon_path(self):
--- a/resources/sys_patch/sys_patch.py
+++ b/resources/sys_patch/sys_patch.py
@@ -295,6 +295,9 @@ class PatchSysVolume:
            for file in ["KextPolicy", "KextPolicy-shm", "KextPolicy-wal"]:
                self.remove_file("/private/var/db/SystemPolicyConfiguration/", file)
        else:
            # Install RSRHelper utility to handle desynced KCs
            sys_patch_helpers.sys_patch_helpers(self.constants).install_rsr_repair_binary()
        print("- Successfully built new kernel cache")
        return True
--- a/resources/sys_patch/sys_patch_helpers.py
+++ b/resources/sys_patch/sys_patch_helpers.py
@@ -184,3 +184,23 @@ class sys_patch_helpers:
            with open(file_path, "wb") as f:
                plistlib.dump(data, f, sort_keys=False)
            subprocess.run(["killall", "NotificationCenter"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
    def install_rsr_repair_binary(self):
        # With macOS 13.2, Apple implemented the Rapid Security Response System
        # However Apple added a half baked snapshot reversion system if seal was broken,
        # which forgets to handle Preboot BootKC syncing
        # Thus this application will try to re-sync the BootKC with SysKC in the event of a panic
        # Reference: https://github.com/dortania/OpenCore-Legacy-Patcher/issues/1019
        # This is a (hopefully) temporary work-around, however likely to stay.
        # RSRRepair has the added bonus of fixing desynced KCs from 'bless', so useful in Big Sur+
        if self.constants.detected_os < os_data.os_data.big_sur:
            return
        print("- Installing RSRRepair userspace utility")
        result = utilities.elevated([self.constants.rsrrepair_userspace_path, "--install"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
        if result.returncode != 0:
            print(f"  - Failed to install RSRRepair: {result.stdout.decode()}")