From df709afa8d423636f719c834b3c5d96b11a16fd9 Mon Sep 17 00:00:00 2001
From: Mykola Grymalyuk <48863253+khronokernel@users.noreply.github.com>
Date: Tue, 21 Sep 2021 20:08:54 -0600
Subject: [PATCH] Add AMFI check

---
 Resources/Build.py     | 1 +
 Resources/Utilities.py | 9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Resources/Build.py b/Resources/Build.py
index ad1ac8f29..e55bc8c45 100644
--- a/Resources/Build.py
+++ b/Resources/Build.py
@@ -676,6 +676,7 @@ class BuildOpenCore:
         if self.constants.disable_cs_lv is True:
             print("- Disabling Library Validation")
             self.get_item_by_kv(self.config["Kernel"]["Patch"], "Comment", "Disable Library Validation Enforcement")["Enabled"] = True
+            self.config["NVRAM"]["Add"]["4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102"]["OCLP-Settings"] += "-allow_amfi"
         if self.constants.secure_status is False:
             print("- Disabling SecureBootModel")
             self.config["Misc"]["Security"]["SecureBootModel"] = "Disabled"
diff --git a/Resources/Utilities.py b/Resources/Utilities.py
index 7e34c8066..0f8d54477 100644
--- a/Resources/Utilities.py
+++ b/Resources/Utilities.py
@@ -131,7 +131,9 @@ def friendly_hex(integer: int):
 def amfi_status():
     amfi_1 = "amfi_get_out_of_my_way=0x1"
     amfi_2 = "amfi_get_out_of_my_way=1"
-    if get_nvram("boot-args", decode=False) and (amfi_1 in get_nvram("boot-args", decode=False) or amfi_2 in get_nvram("boot-args", decode=False)):
+    if (get_nvram("OCLP-Settings", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=False) and "-allow_amfi" in get_nvram("OCLP-Settings", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=False)) or (
+        get_nvram("boot-args", decode=False) and (amfi_1 in get_nvram("boot-args", decode=False) or amfi_2 in get_nvram("boot-args", decode=False))
+    ):
         return False
     return True
 
@@ -165,6 +167,7 @@ def check_metal_support(device_probe, computer):
     else:
         return True
 
+
 def check_filevault_skip():
     # Check whether we can skip FileVault check with Root Patching
     if get_nvram("OCLP-Settings", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=False) and "-allow_fv" in get_nvram("OCLP-Settings", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=False):
@@ -172,6 +175,7 @@ def check_filevault_skip():
     else:
         return False
 
+
 def patching_status(os_sip, os):
     # Detection for Root Patching
     sip_enabled = True  #  System Integrity Protection
@@ -183,8 +187,7 @@ def patching_status(os_sip, os):
     gen6_kext = "/System/Library/Extension/AppleIntelHDGraphics.kext"
     gen7_kext = "/System/Library/Extension/AppleIntelHD3000Graphics.kext"
 
-    if os > Constants.Constants().catalina and not check_oclp_boot():
-        # Assume non-OCLP Macs don't patch _cs_require_lv
+    if os > Constants.Constants().catalina:
         amfi_enabled = amfi_status()
     else:
         # Catalina and older supports individually disabling Library Validation