From 94cfeabdfd992e1b78400a02cdba37be304b1e7a Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Thu, 26 Jan 2023 11:29:09 -0700 Subject: [PATCH] sys_patch: Add unpatch validation --- CHANGELOG.md | 2 ++ resources/gui/gui_main.py | 6 +++++- resources/sys_patch/sys_patch_detect.py | 5 +++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bbbc4987e..0187d23dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ - Limited to Ventura currently due to limitations with other color profiles - Applicable for HD3000-based machines (ex. MacBookAir4,x, MacBookPro8,x, Macmini5,x) - Ensure `Moraea_BlurBeta` is set on non-Metal systems +- Implement proper Root Unpatching verification in GUI + - Removes arbitrary patch requirements used against unpatching (ex. network connection) - Increment Binaries: - PatcherSupportPkg 0.8.3 - release diff --git a/resources/gui/gui_main.py b/resources/gui/gui_main.py index 34534edc8..f0e651d14 100644 --- a/resources/gui/gui_main.py +++ b/resources/gui/gui_main.py @@ -1060,6 +1060,7 @@ class wx_python_gui: patches = sys_patch_detect.detect_root_patch(self.computer.real_model, self.constants).detect_patch_set() self.patches = patches + can_unpatch = patches["Validation: Unpatching Possible"] if not any(not patch.startswith("Settings") and not patch.startswith("Validation") and patches[patch] is True for patch in patches): print("- No applicable patches available") patches = [] @@ -1108,6 +1109,8 @@ class wx_python_gui: self.patch_label.Centre(wx.HORIZONTAL) i = i + self.patch_label.GetSize().height + 3 for patch in patches: + if patch == "Validation: Unpatching Possible": + continue if patch.startswith("Validation") and patches[patch] is True: print(f"- Adding check: {patch} - {patches[patch]}") self.patch_label = wx.StaticText(self.frame_modal, label=f"- {patch[12:]}") @@ -1210,7 +1213,8 @@ class wx_python_gui: if patches: if patches["Validation: Patching Possible"] is False: self.start_root_patching.Disable() - self.revert_root_patches.Disable() + if can_unpatch is False: + self.revert_root_patches.Disable() self.frame_modal.SetSize(-1, self.return_to_main_menu.GetPosition().y + self.return_to_main_menu.GetSize().height + 40) self.frame_modal.ShowWindowModal() diff --git a/resources/sys_patch/sys_patch_detect.py b/resources/sys_patch/sys_patch_detect.py index 2a59e05d9..dda189042 100644 --- a/resources/sys_patch/sys_patch_detect.py +++ b/resources/sys_patch/sys_patch_detect.py @@ -468,6 +468,7 @@ class detect_root_patch: "Settings: Supports Auxiliary Cache": not self.requires_root_kc, "Settings: Kernel Debug Kit missing": self.missing_kdk if self.constants.detected_os >= os_data.os_data.ventura.value else False, "Validation: Patching Possible": self.verify_patch_allowed(), + "Validation: Unpatching Possible": self.verify_unpatch_allowed(), f"Validation: SIP is enabled (Required: {self.check_sip()[2]} or higher)": self.sip_enabled, f"Validation: Currently Booted SIP: ({hex(py_sip_xnu.SipXnu().get_sip_status().value)})": self.sip_enabled, "Validation: SecureBootModel is enabled": self.sbm_enabled, @@ -577,6 +578,10 @@ class detect_root_patch: else: return True + def verify_unpatch_allowed(self, print_errors=False): + # Must be called after verify_patch_allowed + return not self.sip_enabled + def generate_patchset(self, hardware_details): all_hardware_patchset = sys_patch_dict.SystemPatchDictionary(self.constants.detected_os, self.constants.detected_os_minor, self.constants.legacy_accel_support) required_patches = {}