OcAfterBootCompatLib: Added ForceBooterSignature quirk for Mac EFI

Also fixed enabling `DisableSingleUser` when related quirks are off.
N1addict · Mar 6, 2021 · 7bb41aa · 7bb41aa
1 parent e54b600
commit 7bb41aa
Show file tree

Hide file tree

Showing 17 changed files with 222 additions and 74 deletions.
diff --git a/Application/OpenCore/OpenCore.c b/Application/OpenCore/OpenCore.c
@@ -52,6 +52,10 @@ STATIC
 OC_CPU_INFO
 mOpenCoreCpuInfo;
 
+STATIC
+UINT8
+mOpenCoreBooterHash[SHA1_DIGEST_SIZE];
+
 STATIC
 OC_RSA_PUBLIC_KEY *
 mOpenCoreVaultKey;
@@ -131,9 +135,16 @@ OcMain (
   DEBUG ((DEBUG_INFO, "OC: OcLoadNvramSupport...\n"));
   OcLoadNvramSupport (Storage, &mOpenCoreConfiguration);
   DEBUG ((DEBUG_INFO, "OC: OcMiscMiddleInit...\n"));
-  OcMiscMiddleInit (Storage, &mOpenCoreConfiguration, mStorageRoot, LoadPath, mStorageHandle);
+  OcMiscMiddleInit (
+    Storage,
+    &mOpenCoreConfiguration,
+    mStorageRoot,
+    LoadPath,
+    mStorageHandle,
+    mOpenCoreConfiguration.Booter.Quirks.ForceBooterSignature ? mOpenCoreBooterHash : NULL
+    );
   DEBUG ((DEBUG_INFO, "OC: OcLoadUefiSupport...\n"));
-  OcLoadUefiSupport (Storage, &mOpenCoreConfiguration, &mOpenCoreCpuInfo);
+  OcLoadUefiSupport (Storage, &mOpenCoreConfiguration, &mOpenCoreCpuInfo, mOpenCoreBooterHash);
   DEBUG_CODE_BEGIN ();
   DEBUG ((DEBUG_INFO, "OC: OcMiscLoadSystemReport...\n"));
   OcMiscLoadSystemReport (&mOpenCoreConfiguration, mStorageHandle);

diff --git a/Changelog.md b/Changelog.md
@@ -10,6 +10,8 @@ OpenCore Changelog
 - Added Memory Type decoding for SMBIOS in `Automatic` mode
 - Properly support setting custom entries as default boot options
 - Fixed creating log file when root file system is not writable
+- Fixed `DisableSingleUser` not being enabled in certain cases
+- Added `ForceBooterSignature` quirk for Mac EFI firmware
 
 #### v0.6.7
 - Fixed ocvalidate return code to be non-zero when issues are found

diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf
diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex
@@ -1525,6 +1525,19 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
   \texttt{RebuildAppleMemoryMap} if the firmware supports memory attributes table (MAT).
   Refer to the \texttt{OCABC: MAT support is 1/0} log entry to determine whether MAT is supported.
 
+\item
+  \texttt{ForceBooterSignature}\\
+  \textbf{Type}: \texttt{plist\ boolean}\\
+  \textbf{Failsafe}: \texttt{false}\\
+  \textbf{Description}: Set macOS \texttt{boot-signature} to OpenCore launcher.
+
+  Booter signature, essentially a SHA-1 hash of the loaded image, is used by Mac EFI
+  to verify the authenticity of the bootloader when waking from hibernation. This
+  option forces macOS to use OpenCore launcher SHA-1 hash as a booter signature to let
+  OpenCore shim hibernation wake on Mac EFI firmware.
+
+  \emph{Note}: OpenCore launcher path is determined from \texttt{LauncherPath} property.
+
 \item
   \texttt{ForceExitBootServices}\\
   \textbf{Type}: \texttt{plist\ boolean}\\
@@ -2997,12 +3010,15 @@ \subsection{Boot Properties}\label{miscbootprops}
 
   \begin{itemize}
   \tightlist
-    \item \texttt{None} --- Avoid hibernation (Recommended).
+    \item \texttt{None} --- Ignore hibernation state.
     \item \texttt{Auto} --- Use RTC and NVRAM detection.
     \item \texttt{RTC} --- Use RTC detection.
     \item \texttt{NVRAM} --- Use NVRAM detection.
   \end{itemize}
 
+  \emph{Note}: If the firmware can handle hibernation itself (valid for Mac EFI firmware),
+  then \texttt{None} should be specified to hand-off hibernation state as is to OpenCore.
+
 \item
   \texttt{HideAuxiliary}\\
   \textbf{Type}: \texttt{plist\ boolean}\\
@@ -3044,6 +3060,13 @@ \subsection{Boot Properties}\label{miscbootprops}
   \tightlist
     \item This variant is useful for some older types of firmware, typically from Insyde,
     that are unable to manage full device paths.
+  \end{itemize}
+  \item \texttt{System} --- create no boot option but assume specified custom option is blessed.
+    \begin{itemize}
+  \tightlist
+    \item This variant is useful when relying on \texttt{ForceBooterSignature} quirk and
+    OpenCore launcher path management happens through \texttt{bless} utilities without
+    involving OpenCore.
   \end{itemize} \medskip
   \end{itemize}
 

diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf
diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex
@@ -1,7 +1,7 @@
 \documentclass[]{article}
 %DIF LATEXDIFF DIFFERENCE FILE
-%DIF DEL PreviousConfiguration.tex   Wed Mar  3 13:01:22 2021
-%DIF ADD ../Configuration.tex        Wed Mar  3 13:04:50 2021
+%DIF DEL PreviousConfiguration.tex   Wed Mar  3 01:46:28 2021
+%DIF ADD ../Configuration.tex        Sun Mar  7 00:32:05 2021
 
 \usepackage{lmodern}
 \usepackage{amssymb,amsmath}
@@ -1590,7 +1590,23 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
   Refer to the \texttt{OCABC: MAT support is 1/0} log entry to determine whether MAT is supported.
 
 \item
-  \texttt{ForceExitBootServices}\\
+  \DIFaddbegin \texttt{\DIFadd{ForceBooterSignature}}\\
+  \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\
+  \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\
+  \textbf{\DIFadd{Description}}\DIFadd{: Set macOS }\texttt{\DIFadd{boot-signature}} \DIFadd{to OpenCore launcher.
+}
+
+  \DIFadd{Booter signature, essentially a SHA-1 hash of the loaded image, is used by Mac EFI
+  to verify the authenticity of the bootloader when waking from hibernation. This
+  option forces macOS to use OpenCore launcher SHA-1 hash as a booter signature to let
+  OpenCore shim hibernation wake on Mac EFI firmware.
+}
+
+  \emph{\DIFadd{Note}}\DIFadd{: OpenCore launcher path is determined from }\texttt{\DIFadd{LauncherPath}} \DIFadd{property.
+}
+
+\item
+  \DIFaddend \texttt{ForceExitBootServices}\\
   \textbf{Type}: \texttt{plist\ boolean}\\
   \textbf{Failsafe}: \texttt{false}\\
   \textbf{Description}: Retry \texttt{ExitBootServices} with new memory map on failure.
@@ -2662,7 +2678,7 @@ \subsection{Quirks Properties}\label{kernelpropsquirks}
   IOUSBHostFamily.kext) to remove USB port count limit of 15 ports.
 
   \emph{Note}: This option should be avoided whenever possible\DIFdelbegin \DIFdel{and may no longer
-  }%DIFDELCMD < \href{https://github.com/acidanthera/bugtracker/issues/1514}{function correctly} %%%
+  }\href{https://github.com/acidanthera/bugtracker/issues/1514}{\DIFdel{function correctly}} %DIFAUXCMD
 \DIFdel{in macOS 11.
   }\DIFdelend \DIFaddbegin \DIFadd{. }\DIFaddend USB port limit
   is imposed by the amount of used bits in locationID format and there is no
@@ -2880,7 +2896,8 @@ \subsection{Introduction}\label{miscintro}
   % Scan policy restrictions are actually checked here as we want the function to be self-contained
   % for non-scan based startup.
   \item Perform fixups (e.g. NVMe subtype correction) and expansion (e.g. for Boot Camp) of the device path.
-  \item Obtain the device handle by locating the device path of the resulting device path (ignore it on failure).
+  \item \DIFaddbegin \DIFadd{On failure, if it is an OpenCore custom entry device path, pre-construct the corresponding custom entry and succeed.
+  }\item \DIFaddend Obtain the device handle by locating the device path of the resulting device path (ignore it on failure).
   \item Locate the device handle in the list of partition handles (ignore it if missing).
   % To determine device path type we can use LocateDevicePath RemainingDevicePath argument.
   % Just check whether it points to the END device path.
@@ -2905,7 +2922,7 @@ \subsection{Introduction}\label{miscintro}
   \item Lookup alternate entries by ``bless'' recovery option list retrieval and predefined paths.
   \item Register the resulting entries as alternate auxiliary options and determine their types if found.
   \end{itemize}
-\item Custom entries and tools are added as primary options without any checks with respect to \texttt{Auxiliary}.
+\item Custom entries and tools\DIFaddbegin \DIFadd{, except such pre-constructed previously, }\DIFaddend are added as primary options without any checks with respect to \texttt{Auxiliary}.
 \item System entries, such as \texttt{Reset NVRAM}, are added as primary auxiliary options.
 \end{enumerate}
 
@@ -3063,13 +3080,17 @@ \subsection{Boot Properties}\label{miscbootprops}
 
   \begin{itemize}
   \tightlist
-    \item \texttt{None} --- Avoid hibernation (Recommended).
+    \item \texttt{None} --- \DIFdelbegin \DIFdel{Avoid hibernation (Recommended)}\DIFdelend \DIFaddbegin \DIFadd{Ignore hibernation state}\DIFaddend .
     \item \texttt{Auto} --- Use RTC and NVRAM detection.
     \item \texttt{RTC} --- Use RTC detection.
     \item \texttt{NVRAM} --- Use NVRAM detection.
   \end{itemize}
 
-\item
+  \DIFaddbegin \emph{\DIFadd{Note}}\DIFadd{: If the firmware can handle hibernation itself (valid for Mac EFI firmware),
+  then }\texttt{\DIFadd{None}} \DIFadd{should be specified to hand-off hibernation state as is to OpenCore.
+}
+
+\DIFaddend \item
   \texttt{HideAuxiliary}\\
   \textbf{Type}: \texttt{plist\ boolean}\\
   \textbf{Failsafe}: \texttt{false}\\
@@ -3110,7 +3131,14 @@ \subsection{Boot Properties}\label{miscbootprops}
   \tightlist
     \item This variant is useful for some older types of firmware, typically from Insyde,
     that are unable to manage full device paths.
-  \end{itemize} \medskip
+  \end{itemize}
+  \DIFaddbegin \item \texttt{\DIFadd{System}} \DIFadd{--- create no boot option but assume specified custom option is blessed.
+    }\begin{itemize}
+  \tightlist
+    \item \DIFadd{This variant is useful when relying on }\texttt{\DIFadd{ForceBooterSignature}} \DIFadd{quirk and
+    OpenCore launcher path management happens through }\texttt{\DIFadd{bless}} \DIFadd{utilities without
+    involving OpenCore.
+  }\end{itemize} \DIFaddend \medskip
   \end{itemize}
 
   This option allows integration with third-party operating system installation and upgrades

diff --git a/Docs/Errata/Errata.pdf b/Docs/Errata/Errata.pdf
diff --git a/Docs/Sample.plist b/Docs/Sample.plist
@@ -291,6 +291,8 @@
 			<true/>
 			<key>EnableWriteUnprotector</key>
 			<true/>
+			<key>ForceBooterSignature</key>
+			<false/>
 			<key>ForceExitBootServices</key>
 			<false/>
 			<key>ProtectMemoryRegions</key>

diff --git a/Docs/SampleCustom.plist b/Docs/SampleCustom.plist
@@ -291,6 +291,8 @@
 			<true/>
 			<key>EnableWriteUnprotector</key>
 			<true/>
+			<key>ForceBooterSignature</key>
+			<false/>
 			<key>ForceExitBootServices</key>
 			<false/>
 			<key>ProtectMemoryRegions</key>

diff --git a/Include/Acidanthera/Library/OcAfterBootCompatLib.h b/Include/Acidanthera/Library/OcAfterBootCompatLib.h
@@ -15,6 +15,7 @@
 #ifndef OC_AFTER_BOOT_COMPAT_LIB_H
 #define OC_AFTER_BOOT_COMPAT_LIB_H
 
+#include <Library/OcCryptoLib.h>
 #include <Library/OcCpuLib.h>
 
 /**
@@ -153,6 +154,17 @@ typedef struct OC_ABC_SETTINGS_ {
   ///
   BOOLEAN  SignalAppleOS;
   ///
+  /// Provide OpenCore boot-signature when loading macOS.
+  /// This resolves the ability to wake from hibernate on Mac EFI, which
+  /// checks that the hibernation signature matches the SHA-1 hash of the
+  /// EFI image it launches prior to exposing the image key.
+  ///
+  BOOLEAN  ForceBooterSignature;
+  ///
+  /// Booter signature for ForceBooterSignature.
+  ///
+  UINT8    BooterSignature[SHA1_DIGEST_SIZE];
+  ///
   /// CoreImage may update and restore GetMemoryMap during loading (see InsertImageRecord)
   /// as it needs this for segment splitting. Unfortunately it assumes nobody else
   /// changes GetMemoryMap, and thus restores to its own CoreGetMemoryMap instead of

diff --git a/Include/Acidanthera/Library/OcConfigurationLib.h b/Include/Acidanthera/Library/OcConfigurationLib.h
@@ -139,6 +139,7 @@
   _(BOOLEAN                     , DiscardHibernateMap       ,     , FALSE  , ()) \
   _(BOOLEAN                     , EnableSafeModeSlide       ,     , FALSE  , ()) \
   _(BOOLEAN                     , EnableWriteUnprotector    ,     , FALSE  , ()) \
+  _(BOOLEAN                     , ForceBooterSignature      ,     , FALSE  , ()) \
   _(BOOLEAN                     , ForceExitBootServices     ,     , FALSE  , ()) \
   _(BOOLEAN                     , ProtectMemoryRegions      ,     , FALSE  , ()) \
   _(BOOLEAN                     , ProtectSecureBoot         ,     , FALSE  , ()) \

diff --git a/Include/Acidanthera/Library/OcMainLib.h b/Include/Acidanthera/Library/OcMainLib.h
@@ -195,12 +195,14 @@ OcLoadPlatformSupport (
   @param[in]  Storage   OpenCore storage.
   @param[in]  Config    OpenCore configuration.
   @param[in]  CpuInfo   CPU information.
+  @param[out] Signature OpenCore SHA-1 booter signature, all zero when unavailable.
 **/
 VOID
 OcLoadUefiSupport (
   IN OC_STORAGE_CONTEXT  *Storage,
   IN OC_GLOBAL_CONFIG    *Config,
-  IN OC_CPU_INFO         *CpuInfo
+  IN OC_CPU_INFO         *CpuInfo,
+  IN UINT8               *Signature
   );
 
 /**
@@ -276,11 +278,12 @@ OcMiscEarlyInit (
 /**
   Load middle miscellaneous support like device path.
 
-  @param[in]  Storage    OpenCore storage.
-  @param[in]  Config     OpenCore configuration.
-  @param[in]  RootPath   Root load path.
-  @param[in]  LoadPath   OpenCore loading path.
-  @param[in]  LoadHandle OpenCore loading handle.
+  @param[in]  Storage        OpenCore storage.
+  @param[in]  Config         OpenCore configuration.
+  @param[in]  RootPath       Root load path (e.g. path to OC directory).
+  @param[in]  LoadPath       OpenCore loading device path (absolute).
+  @param[in]  StorageHandle  OpenCore storage loading handle (e.g. FS handle).
+  @param[out] Signature      OpenCore SHA-1 booter signature, optional.
 
   @retval EFI_SUCCESS on success, informational.
 **/
@@ -290,7 +293,8 @@ OcMiscMiddleInit (
   IN  OC_GLOBAL_CONFIG          *Config,
   IN  CONST CHAR16              *RootPath,
   IN  EFI_DEVICE_PATH_PROTOCOL  *LoadPath,
-  IN  EFI_HANDLE                LoadHandle
+  IN  EFI_HANDLE                StorageHandle,
+  OUT UINT8                     *Signature  OPTIONAL
   );
 
 /**

diff --git a/Library/OcAfterBootCompatLib/KernelSupport.c b/Library/OcAfterBootCompatLib/KernelSupport.c
@@ -352,16 +352,28 @@ AppleMapPrepareForBooting (
     // First, there is a BootArgs entry for XNU.
     //
     OcRemoveArgumentFromCmd (BA.CommandLine, "-s");
+  }
 
-    //
-    // Second, there is a DT entry.
-    //
+  if (BootCompat->Settings.DisableSingleUser
+    || BootCompat->Settings.ForceBooterSignature) {
     DTInit ((VOID *)(UINTN) *BA.DeviceTreeP, BA.DeviceTreeLength);
     Status = DTLookupEntry (NULL, "/chosen", &Chosen);
     if (!EFI_ERROR (Status)) {
-      Status = DTGetProperty (Chosen, "boot-args", (VOID **) &ArgsStr, &ArgsSize);
-      if (!EFI_ERROR (Status) && ArgsSize > 0) {
-        OcRemoveArgumentFromCmd (ArgsStr, "-s");
+      if (BootCompat->Settings.DisableSingleUser) {
+        //
+        // Second, there is a DT entry.
+        //
+        Status = DTGetProperty (Chosen, "boot-args", (VOID **) &ArgsStr, &ArgsSize);
+        if (!EFI_ERROR (Status) && ArgsSize > 0) {
+          OcRemoveArgumentFromCmd (ArgsStr, "-s");
+        }
+      }
+
+      if (BootCompat->Settings.ForceBooterSignature) {
+        Status = DTGetProperty (Chosen, "boot-signature", (VOID **) &ArgsStr, &ArgsSize);
+        if (!EFI_ERROR (Status) && ArgsSize == SHA1_DIGEST_SIZE) {
+          CopyMem (ArgsStr, BootCompat->Settings.BooterSignature, ArgsSize);
+        }
       }
     }
   }
@@ -612,7 +624,9 @@ AppleMapPrepareKernelJump (
   //
   if (!BootCompat->Settings.AvoidRuntimeDefrag
     && !BootCompat->Settings.DiscardHibernateMap
-    && !BootCompat->Settings.AllowRelocationBlock) {
+    && !BootCompat->Settings.AllowRelocationBlock
+    && !BootCompat->Settings.DisableSingleUser
+    && !BootCompat->Settings.ForceBooterSignature) {
     return;
   }
 

diff --git a/Library/OcAfterBootCompatLib/OcAfterBootCompatLib.c b/Library/OcAfterBootCompatLib/OcAfterBootCompatLib.c
@@ -112,11 +112,12 @@ OcAbcInitialize (
 
   DEBUG ((
     DEBUG_INFO,
-    "OCABC: ALRBL %d RTDFRG %d DEVMMIO %d NOSU %d NOVRWR %d NOSB %d NOHBMAP %d SMSLIDE %d WRUNPROT %d\n",
+    "OCABC: ALRBL %d RTDFRG %d DEVMMIO %d NOSU %d NOVRWR %d NOSB %d FBSIG %d NOHBMAP %d SMSLIDE %d WRUNPROT %d\n",
     Settings->AllowRelocationBlock,
     Settings->AvoidRuntimeDefrag,
     Settings->DevirtualiseMmio,
     Settings->DisableSingleUser,
+    Settings->ForceBooterSignature,
     Settings->DisableVariableWrite,
     Settings->ProtectSecureBoot,
     Settings->DiscardHibernateMap,

diff --git a/Library/OcConfigurationLib/OcConfigurationLib.c b/Library/OcConfigurationLib/OcConfigurationLib.c
@@ -182,6 +182,7 @@ mBooterQuirksSchema[] = {
   OC_SCHEMA_BOOLEAN_IN ("DiscardHibernateMap",    OC_GLOBAL_CONFIG, Booter.Quirks.DiscardHibernateMap),
   OC_SCHEMA_BOOLEAN_IN ("EnableSafeModeSlide",    OC_GLOBAL_CONFIG, Booter.Quirks.EnableSafeModeSlide),
   OC_SCHEMA_BOOLEAN_IN ("EnableWriteUnprotector", OC_GLOBAL_CONFIG, Booter.Quirks.EnableWriteUnprotector),
+  OC_SCHEMA_BOOLEAN_IN ("ForceBooterSignature",   OC_GLOBAL_CONFIG, Booter.Quirks.ForceBooterSignature),
   OC_SCHEMA_BOOLEAN_IN ("ForceExitBootServices",  OC_GLOBAL_CONFIG, Booter.Quirks.ForceExitBootServices),
   OC_SCHEMA_BOOLEAN_IN ("ProtectMemoryRegions",   OC_GLOBAL_CONFIG, Booter.Quirks.ProtectMemoryRegions),
   OC_SCHEMA_BOOLEAN_IN ("ProtectSecureBoot",      OC_GLOBAL_CONFIG, Booter.Quirks.ProtectSecureBoot),