From db617db1fd0936c8b809d1be5470d29dc66af959 Mon Sep 17 00:00:00 2001
From: Mykola Grymalyuk <khronokernel@icloud.com>
Date: Sun, 17 Oct 2021 00:13:49 -0600
Subject: [PATCH] Allow for setting custom SIP values via TUI

Closes https://github.com/dortania/OpenCore-Legacy-Patcher/issues/516
---
 CHANGELOG.md           |  1 +
 resources/build.py     |  7 ++++++-
 resources/cli_menu.py  | 30 ++++++++++++++++++++++++++++--
 resources/constants.py |  1 +
 4 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dc63eaa0c..824c68424 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 # OpenCore Legacy Patcher changelog
 
 ## 0.3.1
+- Allow for setting custom SIP values via TUI
 
 ## 0.3.0
 - Fix Nvidia Tesla Acceleration in Monterey Beta 7+
diff --git a/resources/build.py b/resources/build.py
index ca8d5ab3b..a8c3fbc75 100644
--- a/resources/build.py
+++ b/resources/build.py
@@ -692,7 +692,12 @@ class BuildOpenCore:
             print("- Setting Vault configuration")
             self.config["Misc"]["Security"]["Vault"] = "Secure"
             self.get_efi_binary_by_path("OpenShell.efi", "Misc", "Tools")["Enabled"] = False
-        if self.constants.sip_status is False:
+        if self.constants.custom_sip_value:
+            print(f"- Setting SIP value to: {self.constants.custom_sip_value}")
+            sip = self.constants.custom_sip_value.lstrip("0x")
+            # Ensure SIP is 8 characters long
+            self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = utilities.string_to_hex(self.constants.custom_sip_value)
+        elif self.constants.sip_status is False:
             print("- Disabling SIP")
             self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = binascii.unhexlify("030E0000")
         # if self.constants.amfi_status is False:
diff --git a/resources/cli_menu.py b/resources/cli_menu.py
index 4e03ca249..f878b2259 100644
--- a/resources/cli_menu.py
+++ b/resources/cli_menu.py
@@ -160,7 +160,7 @@ Note: For security reasons, OpenShell will be disabled when Vault is set.
         utilities.cls()
         utilities.header(["Set System Integrity protection"])
         print(
-            """SIP is used to ensure proper secuirty measures are set,
+            f"""SIP is used to ensure proper secuirty measures are set,
 however to patch the root volume this must be disabled.
 Only disable is absolutely necessary. SIP value = 0xE03
 
@@ -168,6 +168,7 @@ Valid options:
 
 1. Enable SIP
 2. Disable SIP
+3. Set Custom SIP value {self.constants.custom_sip_value}
 Q. Return to previous menu
 
         """
@@ -177,6 +178,8 @@ Q. Return to previous menu
             self.constants.sip_status = True
         elif change_menu == "2":
             self.constants.sip_status = False
+        elif change_menu == "3":
+            self.set_custom_sip_value()
         elif change_menu in {"q", "Q", "Quit", "quit"}:
             print("Returning to previous menu")
         else:
@@ -763,6 +766,29 @@ the event there's issues.
             print("Returning to previous menu")
         else:
             self.set_surplus()
+    
+    def set_custom_sip_value(self):
+        utilities.cls()
+        utilities.header(["Set Custom SIP Value"])
+        print(
+            """
+By default OCLP will use the SIP value of 0x00 as the enabled and
+0xE03 for machines that require root patching. For users who wish
+to flip additional bits in SIP may use this option.
+
+To disable SIP outright, set it to 0xFEF
+            """
+        )
+        change_menu = input("Set Custom SIP Value (0xFEF): ")
+        try:
+            # Verify whether input is a valid hex value
+            int(change_menu, 16)
+            # Convert to binary hex
+            self.constants.custom_sip_value = change_menu
+        except ValueError:
+            print("Invalid input, returning to previous menu")
+            self.set_custom_sip_value()
+
 
     def credits(self):
         utilities.TUIOnlyPrint(
@@ -911,7 +937,7 @@ system_profiler SPHardwareDataType | grep 'Model Identifier'
                 #     MenuOptions(self.constants.custom_model or self.constants.computer.real_model, self.constants).set_amfi,
                 # ],
                 [
-                    f"Set System Integrity Protection (SIP):\tCurrently {self.constants.sip_status}",
+                    f"Set System Integrity Protection (SIP):\tCurrently {self.constants.custom_sip_value or self.constants.sip_status}",
                     MenuOptions(self.constants.custom_model or self.constants.computer.real_model, self.constants).change_sip,
                 ],
                 [
diff --git a/resources/constants.py b/resources/constants.py
index e3491615b..9c5efd00b 100644
--- a/resources/constants.py
+++ b/resources/constants.py
@@ -157,6 +157,7 @@ class Constants:
         self.force_latest_psp = False  #      Force latest PatcherSupportPkg
         self.disable_msr_power_ctl = False  # Disable MSR Power Control (missing battery throttling)
         self.software_demux = False  #        Enable Software Demux patch set
+        self.custom_sip_value = None  #         Set custom SIP value
 
         # OS Versions
         ## Based off Major Kernel Version