From 1b0041493d4693f9505aa6415d93079ea59f7ab0 Mon Sep 17 00:00:00 2001
From: vit9696 <vit9696@users.noreply.github.com>
Date: Sun, 1 Nov 2020 04:00:38 +0300
Subject: [PATCH] OcAppleImg4Lib: Added missing Secure Boot NVRAM variables for
 11.0

---
 Changelog.md                            |  3 +-
 Library/OcAppleImg4Lib/OcAppleImg4Lib.c | 37 +++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/Changelog.md b/Changelog.md
index 23b9ba8b..24407f57 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -23,7 +23,8 @@ OpenCore Changelog
 - Add `ForceResolution` option for enabling non-default resolutions
 - Fixed Ps2MouseDxe not properly loading under OpenDuetPkg
 - Added workaround for read-only errors on some X299 boards
-- Added support for `x86legacy` secure boot model
+- Added support for `x86legacy` Secure Boot model
+- Added missing Secure Boot NVRAM variables required by 11.0
 
 #### v0.6.2
 - Updated builtin firmware versions for SMBIOS and the rest
diff --git a/Library/OcAppleImg4Lib/OcAppleImg4Lib.c b/Library/OcAppleImg4Lib/OcAppleImg4Lib.c
index 4d94d65d..2a817bcc 100644
--- a/Library/OcAppleImg4Lib/OcAppleImg4Lib.c
+++ b/Library/OcAppleImg4Lib/OcAppleImg4Lib.c
@@ -40,6 +40,7 @@ typedef struct OC_SB_MODEL_DESC_ {
   UINT32       BoardId;
 } OC_SB_MODEL_DESC;
 
+STATIC CHAR8 mCryptoDigestMethod[16] = "sha2-384";
 STATIC DERImg4Environment mEnvInfo;
 STATIC CONST CHAR8 *mModelDefault = "j137";
 ///
@@ -362,6 +363,7 @@ OcAppleImg4BootstrapValues (
   mEnvInfo.effectiveSecurityMode      = 1;
   mEnvInfo.internalUseOnlyUnit        = FALSE;
   mEnvInfo.xugs                       = 1;
+  mEnvInfo.allowMixNMatch             = FALSE;
 
   //
   // Expose all the variables via NVRAM.
@@ -388,6 +390,17 @@ OcAppleImg4BootstrapValues (
     return Status;
   }
 
+  Status = gRT->SetVariable (
+    L"CertificateEpoch",
+    &gAppleSecureBootVariableGuid,
+    EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+    sizeof (mEnvInfo.certificateEpoch),
+    &mEnvInfo.certificateEpoch
+    );
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
   Status = gRT->SetVariable (
     L"ApBoardID",
     &gAppleSecureBootVariableGuid,
@@ -465,6 +478,30 @@ OcAppleImg4BootstrapValues (
     return Status;
   }
 
+  Status = gRT->SetVariable (
+    L"ApMixNMatchPreventionStatus",
+    &gAppleSecureBootVariableGuid,
+    EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+    sizeof (mEnvInfo.allowMixNMatch),
+    &mEnvInfo.allowMixNMatch
+    );
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  Status = gRT->SetVariable (
+    L"CryptoDigestMethod",
+    &gAppleSecureBootVariableGuid,
+    EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+    sizeof (mCryptoDigestMethod),
+    &mCryptoDigestMethod
+    );
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  
+
   return EFI_SUCCESS;
 }
 
-- 
GitLab