diff --git a/Changelog.md b/Changelog.md
index 7567bf4d4512e8dbc632626c375ad20114a55586..9bc06dbbd2e3c4f167d9a98632e8a2bfac46cd73 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -17,6 +17,7 @@ OpenCore Changelog
- Added `AppleRtcRam` protocol implementation
- Renamed `Protocols` to `ProtocolOverrides` for clarity
- Added ResetSystem tool to allow shutdown/reset actions in the menu
+- Added experimental `BootProtect` `Security` option
#### v0.5.7
- Added TimeMachine detection to picker
diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf
index e5d34376b9381fe0f17b01eada874689bc866c81..29a81be997623e17a704b3da3dc1426cba6621a2 100644
Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ
diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex
index 5ef840ab1a055be40ea4c78e4f203afb6f8a670c..d06fe53f8d97578960ef7d1a9fffe74b0404ae80 100755
--- a/Docs/Configuration.tex
+++ b/Docs/Configuration.tex
@@ -2537,6 +2537,35 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
NVRAM and RTC, which despite being removed as soon as OpenCore starts, may be
considered a security risk and thus is optional.
+\item
+ \texttt{BootProtect}\\
+ \textbf{Type}: \texttt{plist\ string}\\
+ \textbf{Failsafe}: \texttt{None}\\
+ \textbf{Description}: Attempt to provide bootloader persistence.
+
+ Valid values:
+
+ \begin{itemize}
+ \tightlist
+ \item \texttt{None} --- do nothing.
+ \item \texttt{Bootstrap} --- create or update top-priority
+ \texttt{\textbackslash EFI\textbackslash OC\textbackslash Bootstrap\textbackslash Bootstrap.efi}
+ boot option (\texttt{Boot9696}) in UEFI variable storage at bootloader startup. For this option
+ to work \texttt{RequestBootVarRouting} is required to be enabled.
+ \end{itemize}
+
+ This option provides integration with third-party operating system installation and upgrade
+ at the times they overwrite \texttt{\textbackslash EFI\textbackslash BOOT\textbackslash BOOTx64.efi}
+ file. By creating a custom option in \texttt{Bootstrap} mode this file path becomes no longer
+ used for bootstraping OpenCore.
+
+ \emph{Note 1}: Some firmewares may have broken NVRAM, no boot option support, or various other
+ incompatibilities of any kind. While unlikely, the use of this option may even cause boot failure.
+ Use at your own risk on boards known to be compatible.
+
+ \emph{Note 2}: Be warned that NVRAM reset will also erase the boot option created in
+ \texttt{Bootstrap} mode.
+
\item
\texttt{ExposeSensitiveData}\\
\textbf{Type}: \texttt{plist\ integer}\\
diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf
index 3317b17cdb4f2791bbc72c72beed072e3de02a29..e1f206383dc869abff95088e5f0bc658b19c9003 100644
Binary files a/Docs/Differences/Differences.pdf and b/Docs/Differences/Differences.pdf differ
diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex
index d9e7d727b186d302f9ce06624f64ea3911099635..6a48782740c14af18f60dc47120d8f57e0c74272 100644
--- a/Docs/Differences/Differences.tex
+++ b/Docs/Differences/Differences.tex
@@ -1,7 +1,7 @@
\documentclass[]{article}
%DIF LATEXDIFF DIFFERENCE FILE
%DIF DEL PreviousConfiguration.tex Tue Apr 7 19:32:13 2020
-%DIF ADD ../Configuration.tex Mon Apr 20 13:11:07 2020
+%DIF ADD ../Configuration.tex Fri Apr 24 00:55:25 2020
\usepackage{lmodern}
\usepackage{amssymb,amsmath}
@@ -2602,7 +2602,41 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
considered a security risk and thus is optional.
\item
- \texttt{ExposeSensitiveData}\\
+ \DIFaddbegin \texttt{\DIFadd{BootProtect}}\\
+ \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ string}}\\
+ \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{None}}\\
+ \textbf{\DIFadd{Description}}\DIFadd{: Attempt to provide bootloader persistence.
+}
+
+ \DIFadd{Valid values:
+}
+
+ \begin{itemize}
+ \tightlist
+ \item \texttt{\DIFadd{None}} \DIFadd{--- do nothing.
+ }\item \texttt{\DIFadd{Bootstrap}} \DIFadd{--- create or update top-priority
+ }\texttt{\DIFadd{\textbackslash EFI\textbackslash OC\textbackslash Bootstrap\textbackslash Bootstrap.efi}}
+ \DIFadd{boot option (}\texttt{\DIFadd{Boot9696}}\DIFadd{) in UEFI variable storage at bootloader startup. For this option
+ to work }\texttt{\DIFadd{RequestBootVarRouting}} \DIFadd{is required to be enabled.
+ }\end{itemize}
+
+ \DIFadd{This option provides integration with third-party operating system installation and upgrade
+ at the times they overwrite }\texttt{\DIFadd{\textbackslash EFI\textbackslash BOOT\textbackslash BOOTx64.efi}}
+ \DIFadd{file. By creating a custom option in }\texttt{\DIFadd{Bootstrap}} \DIFadd{mode this file path becomes no longer
+ used for bootstraping OpenCore.
+}
+
+ \emph{\DIFadd{Note 1}}\DIFadd{: Some firmewares may have broken NVRAM, no boot option support, or various other
+ incompatibilities of any kind. While unlikely, the use of this option may even cause boot failure.
+ Use at your own risk on boards known to be compatible.
+}
+
+ \emph{\DIFadd{Note 2}}\DIFadd{: Be warned that NVRAM reset will also erase the boot option created in
+ }\texttt{\DIFadd{Bootstrap}} \DIFadd{mode.
+}
+
+\item
+ \DIFaddend \texttt{ExposeSensitiveData}\\
\textbf{Type}: \texttt{plist\ integer}\\
\textbf{Failsafe}: \texttt{0x6}\\
\textbf{Description}: Sensitive data exposure bitmask (sum) to operating system.
diff --git a/Docs/Sample.plist b/Docs/Sample.plist
index b2a96b47a647bbe6396fe38cff0bb26a102d6288..85f1648cbafa83f7f459f3e2f082c43647e3b49f 100644
--- a/Docs/Sample.plist
+++ b/Docs/Sample.plist
@@ -610,6 +610,8 @@
AuthRestart
+ BootProtect
+ None
ExposeSensitiveData
6
HaltLevel
diff --git a/Docs/SampleFull.plist b/Docs/SampleFull.plist
index 98fc2834792b0f552a9d0d08e46ac379d6b4e47a..ccc7417df3ee71d2b81dd39b4933c97c0d6886dc 100644
--- a/Docs/SampleFull.plist
+++ b/Docs/SampleFull.plist
@@ -610,6 +610,8 @@
AuthRestart
+ BootProtect
+ None
ExposeSensitiveData
6
HaltLevel
diff --git a/Include/Library/OcBootManagementLib.h b/Include/Library/OcBootManagementLib.h
index 796ee17f2cb27d81ddd1d0605f796390c12f3493..fe1b05592cf72e346c1cecc09f382c74533bf5f1 100755
--- a/Include/Library/OcBootManagementLib.h
+++ b/Include/Library/OcBootManagementLib.h
@@ -100,6 +100,12 @@ typedef UINT32 OC_BOOT_ENTRY_TYPE;
#define OC_BOOT_RESET_NVRAM BIT7
#define OC_BOOT_SYSTEM (OC_BOOT_RESET_NVRAM)
+/**
+ Default boot option numbers.
+**/
+#define OC_BOOT_OPTION 0x9696
+#define OC_BOOT_OPTION_VARIABLE_NAME L"Boot9696"
+
/**
Picker mode.
**/
@@ -1099,4 +1105,20 @@ OcToggleVoiceOver (
IN UINT32 File OPTIONAL
);
+/**
+ Register top-most priority boot option.
+
+ @param[in] OptionName Option name to create.
+ @param[in] DeviceHandle Device handle of the file system.
+ @param[in] FilePath Bootloader path.
+
+ @retval EFI_SUCCESS on success.
+**/
+EFI_STATUS
+OcRegisterBootOption (
+ IN CONST CHAR16 *OptionName,
+ IN EFI_HANDLE DeviceHandle,
+ IN CONST CHAR16 *FilePath
+ );
+
#endif // OC_BOOT_MANAGEMENT_LIB_H
diff --git a/Include/Library/OcConfigurationLib.h b/Include/Library/OcConfigurationLib.h
index 4cfd84acc27f7a62749da866f4a5501f459b0a51..c0998b08be4a04dbd9ba750927044977541c2fbd 100644
--- a/Include/Library/OcConfigurationLib.h
+++ b/Include/Library/OcConfigurationLib.h
@@ -305,6 +305,7 @@ typedef enum {
} OCS_VAULT_MODE;
#define OC_MISC_SECURITY_FIELDS(_, __) \
+ _(OC_STRING , BootProtect , , OC_STRING_CONSTR ("None", _, __), OC_DESTR (OC_STRING) ) \
_(OC_STRING , Vault , , OC_STRING_CONSTR ("Secure", _, __), OC_DESTR (OC_STRING) ) \
_(UINT32 , ScanPolicy , , OC_SCAN_DEFAULT_POLICY , ()) \
_(BOOLEAN , AllowNvramReset , , FALSE , ()) \
diff --git a/Include/OpenCore.h b/Include/OpenCore.h
index 1a98e2c1417f583b1cf530db573b8390ced69b52..bc875546a8c28b5f983c18a182e5c53aa8561a3c 100644
--- a/Include/OpenCore.h
+++ b/Include/OpenCore.h
@@ -45,6 +45,8 @@
#error "Unknown target definition"
#endif
+#define OPEN_CORE_BOOTSTRAP_PATH L"EFI\\OC\\Bootsrap\\Bootstrap.efi"
+
#define OPEN_CORE_DRIVER_PATH L"EFI\\OC\\OpenCore.efi"
#define OPEN_CORE_ROOT_PATH L"EFI\\OC"
diff --git a/Library/OcBootManagementLib/BootArguments.c b/Library/OcBootManagementLib/BootArguments.c
index d97b95a41d9f3485baf30accfe3333beb15ffc50..d0d90a7e3fa538e03733e59915eab6fe78618582 100644
--- a/Library/OcBootManagementLib/BootArguments.c
+++ b/Library/OcBootManagementLib/BootArguments.c
@@ -159,7 +159,7 @@ OcAppendArgumentToCmd (
// Account for extra space.
//
if (Len + (Len > 0 ? 1 : 0) + ArgumentLength >= BOOT_LINE_LENGTH) {
- DEBUG ((DEBUG_INFO, "OCBM: boot-args are invalid, ignoring\n"));
+ DEBUG ((DEBUG_INFO, "OCB: boot-args are invalid, ignoring\n"));
return FALSE;
}
diff --git a/Library/OcBootManagementLib/BootEntryInfo.c b/Library/OcBootManagementLib/BootEntryInfo.c
index b8d4b24f2d17b23af42498b7c0cde8ecfd7911a5..9be58cd4a3b37bb975f062290089bdea128470ae 100644
--- a/Library/OcBootManagementLib/BootEntryInfo.c
+++ b/Library/OcBootManagementLib/BootEntryInfo.c
@@ -50,7 +50,7 @@ InternalGetAppleDiskLabel (
}
UnicodeSPrint (DiskLabelPath, DiskLabelPathSize, L"%s%s", BootDirectoryName, LabelFilename);
- DEBUG ((DEBUG_INFO, "OCBM: Trying to get label from %s\n", DiskLabelPath));
+ DEBUG ((DEBUG_INFO, "OCB: Trying to get label from %s\n", DiskLabelPath));
AsciiDiskLabel = (CHAR8 *) ReadFile (FileSystem, DiskLabelPath, &DiskLabelLength, OC_MAX_VOLUME_LABEL_SIZE);
FreePool (DiskLabelPath);
@@ -88,7 +88,7 @@ InternalGetAppleImage (
}
UnicodeSPrint (ImagePath, ImagePathSize, L"%s%s", DirectoryName, LabelFilename);
- DEBUG ((DEBUG_INFO, "OCBM: Trying to get image from %s\n", ImagePath));
+ DEBUG ((DEBUG_INFO, "OCB: Trying to get image from %s\n", ImagePath));
*ImageData = ReadFile (FileSystem, ImagePath, DataSize, BASE_16MB);
@@ -315,7 +315,7 @@ InternalGetRecoveryOsBooter (
DEBUG_CODE_BEGIN ();
DevicePathText = ConvertDevicePathToText (*FilePath, FALSE, FALSE);
if (DevicePathText != NULL) {
- DEBUG ((DEBUG_INFO, "OCBM: Got recovery dp %s\n", DevicePathText));
+ DEBUG ((DEBUG_INFO, "OCB: Got recovery dp %s\n", DevicePathText));
FreePool (DevicePathText);
}
DEBUG_CODE_END ();
diff --git a/Library/OcBootManagementLib/DefaultEntryChoice.c b/Library/OcBootManagementLib/DefaultEntryChoice.c
index d20d4435f7333091c73db7e4988f48e210924c7a..966cc37800bf582a68bdb61c52b34ff881f8b979 100644
--- a/Library/OcBootManagementLib/DefaultEntryChoice.c
+++ b/Library/OcBootManagementLib/DefaultEntryChoice.c
@@ -20,6 +20,7 @@
#include
#include
+#include
#include
#include
@@ -998,94 +999,225 @@ OcSetDefaultBootEntry (
return Status;
}
-#if 0
STATIC
-VOID
-InternalReportLoadOption (
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,
- IN EFI_GUID *BootGuid
+EFI_STATUS
+InternalRegisterBootOption (
+ IN CONST CHAR16 *OptionName,
+ IN EFI_HANDLE DeviceHandle,
+ IN CONST CHAR16 *FilePath
)
{
- EFI_STATUS Status;
- UINTN DevicePathSize;
- UINTN LoadOptionSize;
- EFI_LOAD_OPTION *LoadOption;
- UINT16 LoadOptionNo;
- EFI_LOAD_OPTION *CurrLoadOption;
- CONST CHAR16 *LoadOptionName;
- UINTN LoadOptionNameSize;
- UINTN CurrLoadOptionSize;
-
- //
- // Always report valid option in BootCurrent.
- // Unless done there is no way for Windows to properly hibernate.
- //
+ EFI_STATUS Status;
+ EFI_LOAD_OPTION *Option;
+ UINTN OptionNameSize;
+ UINTN DevicePathSize;
+ UINTN OptionSize;
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;
+ EFI_DEVICE_PATH_PROTOCOL *CurrDevicePath;
+ UINTN Index;
+ UINT16 *BootOrder;
+ UINTN BootOrderSize;
+ UINT32 BootOrderAttributes;
+ UINT16 NewBootOrder;
+ BOOLEAN CurrOptionValid;
+
+ Status = gBS->HandleProtocol (
+ DeviceHandle,
+ &gEfiDevicePathProtocolGuid,
+ (VOID **) &DevicePath
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "OCB: Failed to obtain device path for boot option - %r\n", Status));
+ return Status;
+ }
- LoadOptionName = L"OC Boot";
- LoadOptionNameSize = L_STR_SIZE (L"OC Boot");
- DevicePathSize = GetDevicePathSize (DevicePath);
- LoadOptionSize = sizeof (EFI_LOAD_OPTION) + LoadOptionNameSize + DevicePathSize;
+ DevicePath = AppendFileNameDevicePath (DevicePath, (CHAR16 *) FilePath);
+ if (DevicePath == NULL) {
+ DEBUG ((DEBUG_INFO, "OCB: Failed to append %s loader path for boot option - %r\n", FilePath));
+ return EFI_OUT_OF_RESOURCES;
+ }
- LoadOption = AllocatePool (LoadOptionSize);
- if (LoadOption == NULL) {
- DEBUG ((DEBUG_INFO, "OCB: Failed to allocate BootFFFF (%u)\n", (UINT32) LoadOptionSize));
- return;
+ CurrDevicePath = InternalGetBootOptionData (OC_BOOT_OPTION, &gEfiGlobalVariableGuid, NULL, NULL, NULL);
+ if (CurrDevicePath != NULL) {
+ CurrOptionValid = IsDevicePathEqual (DevicePath, CurrDevicePath);
+ FreePool (CurrDevicePath);
+ } else {
+ CurrOptionValid = FALSE;
}
- LoadOption->Attributes = LOAD_OPTION_HIDDEN;
- LoadOption->FilePathListLength = (UINT16) DevicePathSize;
- CopyMem (LoadOption + 1, LoadOptionName, LoadOptionNameSize);
- CopyMem ((UINT8 *) (LoadOption + 1) + LoadOptionNameSize, DevicePath, DevicePathSize);
+ DEBUG ((
+ DEBUG_INFO,
+ "OCB: Have existing option %d, valid %d\n",
+ CurrDevicePath != NULL,
+ CurrOptionValid
+ ));
+
+ if (!CurrOptionValid) {
+ OptionNameSize = StrSize (OptionName);
+ DevicePathSize = GetDevicePathSize (DevicePath);
+ OptionSize = sizeof (EFI_LOAD_OPTION) + OptionNameSize + DevicePathSize;
- CurrLoadOption = NULL;
- CurrLoadOptionSize = 0;
- Status = GetVariable2 (
- L"BootFFFF",
- BootGuid,
- (VOID **) &CurrLoadOption,
- &CurrLoadOptionSize
+ DEBUG ((DEBUG_INFO, "OCB: Creating boot option %s of %u bytes\n", OptionName, (UINT32) OptionSize));
+
+ Option = AllocatePool (OptionSize);
+ if (Option == NULL) {
+ DEBUG ((DEBUG_INFO, "OCB: Failed to allocate boot option (%u)\n", (UINT32) OptionSize));
+ FreePool (DevicePath);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Option->Attributes = LOAD_OPTION_ACTIVE | LOAD_OPTION_CATEGORY_BOOT;
+ Option->FilePathListLength = (UINT16) DevicePathSize;
+ CopyMem (Option + 1, OptionName, OptionNameSize);
+ CopyMem ((UINT8 *) (Option + 1) + OptionNameSize, DevicePath, DevicePathSize);
+
+ Status = gRT->SetVariable (
+ OC_BOOT_OPTION_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS
+ | EFI_VARIABLE_RUNTIME_ACCESS
+ | EFI_VARIABLE_NON_VOLATILE,
+ OptionSize,
+ Option
+ );
+
+ FreePool (Option);
+ FreePool (DevicePath);
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "OCB: Failed to store boot option - %r\n", Status));
+ return Status;
+ }
+ }
+
+ BootOrderSize = 0;
+ Status = gRT->GetVariable (
+ EFI_BOOT_ORDER_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ &BootOrderAttributes,
+ &BootOrderSize,
+ NULL
);
- if (EFI_ERROR (Status)
- || CurrLoadOptionSize != LoadOptionSize
- || CompareMem (CurrLoadOption, LoadOption, LoadOptionSize) != 0) {
- DEBUG ((
- DEBUG_INFO,
- "OCB: Overwriting BootFFFF (%r/%u)\n",
- Status,
- (UINT32) CurrLoadOptionSize,
- (UINT32) LoadOptionSize
- ));
+ DEBUG ((
+ DEBUG_INFO,
+ "OCB: Have existing order of size %u - %r\n",
+ (UINT32) BootOrderSize,
+ Status
+ ));
- gRT->SetVariable (
- L"BootFFFF",
- BootGuid,
+ if (Status == EFI_BUFFER_TOO_SMALL && BootOrderSize > 0 && BootOrderSize % sizeof (UINT16) == 0) {
+ BootOrder = AllocatePool (BootOrderSize + sizeof (UINT16));
+ if (BootOrder == NULL) {
+ DEBUG ((DEBUG_INFO, "OCB: Failed to allocate boot order\n"));
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Status = gRT->GetVariable (
+ EFI_BOOT_ORDER_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ &BootOrderAttributes,
+ &BootOrderSize,
+ (VOID *) (BootOrder + 1)
+ );
+
+ if (EFI_ERROR (Status) || BootOrderSize == 0 || BootOrderSize % sizeof (UINT16) != 0) {
+ DEBUG ((DEBUG_INFO, "OCB: Failed to obtain boot order %u - %r\n", (UINT32) BootOrderSize, Status));
+ if (!EFI_ERROR (Status)) {
+ FreePool (BootOrder);
+ }
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ if (BootOrder[1] == OC_BOOT_OPTION) {
+ DEBUG ((DEBUG_INFO, "OCB: Boot order has first option as the default option\n"));
+ FreePool (BootOrder);
+ return EFI_SUCCESS;
+ }
+
+ BootOrder[0] = OC_BOOT_OPTION;
+
+ Index = 1;
+ while (Index <= BootOrderSize / sizeof (UINT16)) {
+ if (BootOrder[Index] == OC_BOOT_OPTION) {
+ DEBUG ((DEBUG_INFO, "OCB: Moving boot option to the front from %u position\n", (UINT32) Index));
+ CopyMem (
+ &BootOrder[Index],
+ &BootOrder[Index + 1],
+ BootOrderSize - Index * sizeof (UINT16)
+ );
+ BootOrderSize -= sizeof (UINT16);
+ } else {
+ ++Index;
+ }
+ }
+
+ Status = gRT->SetVariable (
+ EFI_BOOT_ORDER_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
| EFI_VARIABLE_NON_VOLATILE,
- LoadOptionSize,
- LoadOption
+ BootOrderSize + sizeof (UINT16),
+ BootOrder
);
+
+ FreePool (BootOrder);
} else {
- DEBUG ((DEBUG_INFO, "OCB: Accepting same BootFFFF\n"));
+ NewBootOrder = OC_BOOT_OPTION;
+ Status = gRT->SetVariable (
+ EFI_BOOT_ORDER_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS
+ | EFI_VARIABLE_RUNTIME_ACCESS
+ | EFI_VARIABLE_NON_VOLATILE,
+ sizeof (UINT16),
+ &NewBootOrder
+ );
}
- if (CurrLoadOption != NULL) {
- FreePool (CurrLoadOption);
+ DEBUG ((DEBUG_INFO, "OCB: Wrote new boot order with boot option - %r\n", Status));
+ return EFI_SUCCESS;
+}
+
+EFI_STATUS
+OcRegisterBootOption (
+ IN CONST CHAR16 *OptionName,
+ IN EFI_HANDLE DeviceHandle,
+ IN CONST CHAR16 *FilePath
+ )
+{
+ EFI_STATUS Status;
+ OC_FIRMWARE_RUNTIME_PROTOCOL *FwRuntime;
+ OC_FWRT_CONFIG Config;
+
+ Status = gBS->LocateProtocol (
+ &gOcFirmwareRuntimeProtocolGuid,
+ NULL,
+ (VOID **) &FwRuntime
+ );
+
+ if (!EFI_ERROR (Status) && FwRuntime->Revision == OC_FIRMWARE_RUNTIME_REVISION) {
+ ZeroMem (&Config, sizeof (Config));
+ FwRuntime->SetOverride (&Config);
+ DEBUG ((DEBUG_INFO, "OCB: Found FW NVRAM, full access %d\n", Config.BootVariableRedirect));
+ } else {
+ FwRuntime = NULL;
+ DEBUG ((DEBUG_INFO, "OCB: Missing FW NVRAM, going on...\n"));
}
- FreePool (LoadOption);
- LoadOptionNo = 0xFFFF;
- gRT->SetVariable (
- L"BootCurrent",
- BootGuid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS
- | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof (LoadOptionNo),
- &LoadOptionNo
+ Status = InternalRegisterBootOption (
+ OptionName,
+ DeviceHandle,
+ FilePath
);
+
+ if (FwRuntime != NULL) {
+ FwRuntime->SetOverride (NULL);
+ }
+
+ return Status;
}
-#endif
EFI_STATUS
InternalLoadBootEntry (
@@ -1193,13 +1325,6 @@ InternalLoadBootEntry (
}
if (!EFI_ERROR (Status)) {
-#if 0
- InternalReportLoadOption (
- DevicePath,
- Context->CustomBootGuid ? &gOcVendorVariableGuid : &gEfiGlobalVariableGuid
- );
-#endif
-
OptionalStatus = gBS->HandleProtocol (
*EntryHandle,
&gEfiLoadedImageProtocolGuid,
diff --git a/Library/OcConfigurationLib/OcConfigurationLib.c b/Library/OcConfigurationLib/OcConfigurationLib.c
index d64f04a95652441278d986aa3e0a28c7e5c36fa9..aa3e74b4bd5effdc6e28ae98129c195a8803c7bd 100644
--- a/Library/OcConfigurationLib/OcConfigurationLib.c
+++ b/Library/OcConfigurationLib/OcConfigurationLib.c
@@ -354,6 +354,7 @@ mMiscConfigurationSecuritySchema[] = {
OC_SCHEMA_BOOLEAN_IN ("AllowNvramReset", OC_GLOBAL_CONFIG, Misc.Security.AllowNvramReset),
OC_SCHEMA_BOOLEAN_IN ("AllowSetDefault", OC_GLOBAL_CONFIG, Misc.Security.AllowSetDefault),
OC_SCHEMA_BOOLEAN_IN ("AuthRestart", OC_GLOBAL_CONFIG, Misc.Security.AuthRestart),
+ OC_SCHEMA_STRING_IN ("BootProtect", OC_GLOBAL_CONFIG, Misc.Security.BootProtect),
OC_SCHEMA_BOOLEAN_IN ("EnablePassword", OC_GLOBAL_CONFIG, Misc.Security.EnablePassword),
OC_SCHEMA_INTEGER_IN ("ExposeSensitiveData", OC_GLOBAL_CONFIG, Misc.Security.ExposeSensitiveData),
OC_SCHEMA_INTEGER_IN ("HaltLevel", OC_GLOBAL_CONFIG, Misc.Security.HaltLevel),
diff --git a/Platform/OpenCore/OpenCoreMisc.c b/Platform/OpenCore/OpenCoreMisc.c
index 7a184bae229013473525439f4bb2df0244adf92a..afacf30896850416c0dfa5d265a296970c911205 100644
--- a/Platform/OpenCore/OpenCoreMisc.c
+++ b/Platform/OpenCore/OpenCoreMisc.c
@@ -450,28 +450,38 @@ OcMiscLateInit (
{
EFI_STATUS Status;
EFI_STATUS HibernateStatus;
+ CONST CHAR8 *BootProtect;
CONST CHAR8 *HibernateMode;
UINT32 HibernateMask;
+ EFI_HANDLE OcHandle;
if ((Config->Misc.Security.ExposeSensitiveData & OCS_EXPOSE_BOOT_PATH) != 0) {
OcStoreLoadPath (LoadPath);
}
- Status = EFI_SUCCESS;
+ OcHandle = NULL;
+ if (LoadPath != NULL) {
+ Status = gBS->LocateDevicePath (
+ &gEfiSimpleFileSystemProtocolGuid,
+ &LoadPath,
+ &OcHandle
+ );
+ } else {
+ Status = EFI_UNSUPPORTED;
+ }
- if (LoadHandle != NULL) {
- *LoadHandle = NULL;
- //
- // Do not disclose self entry unless asked.
- //
- if (LoadPath != NULL && Config->Misc.Boot.HideSelf) {
- Status = gBS->LocateDevicePath (
- &gEfiSimpleFileSystemProtocolGuid,
- &LoadPath,
- LoadHandle
- );
- DEBUG ((DEBUG_INFO, "OC: LoadHandle is %p - %r\n", *LoadHandle, Status));
- }
+ BootProtect = OC_BLOB_GET (&Config->Misc.Security.BootProtect);
+ DEBUG ((DEBUG_INFO, "OC: LoadHandle %p with BootProtect in %a mode - %r\n", OcHandle, BootProtect, Status));
+
+ if (OcHandle != NULL && AsciiStrCmp (BootProtect, "Bootstrap") == 0) {
+ OcRegisterBootOption (L"OpenCore", OcHandle, OPEN_CORE_BOOTSTRAP_PATH);
+ }
+
+ //
+ // Do not disclose self entry unless asked.
+ //
+ if (LoadHandle != NULL && Config->Misc.Boot.HideSelf) {
+ *LoadHandle = OcHandle;
}
HibernateMode = OC_BLOB_GET (&Config->Misc.Boot.HibernateMode);
diff --git a/macbuild.tool b/macbuild.tool
index ffba2f1b1d2d771c6654b272878aa984027103aa..0c5b33e656440a2730b83bb5813b3a21c791c6f4 100755
--- a/macbuild.tool
+++ b/macbuild.tool
@@ -14,13 +14,12 @@ package() {
selfdir=$(pwd)
pushd "$1" || exit 1
rm -rf tmp || exit 1
- mkdir -p tmp/EFI || exit 1
- mkdir -p tmp/EFI/OC || exit 1
+ mkdir -p tmp/EFI/BOOT || exit 1
mkdir -p tmp/EFI/OC/ACPI || exit 1
+ mkdir -p tmp/EFI/OC/Bootstrap || exit 1
mkdir -p tmp/EFI/OC/Drivers || exit 1
mkdir -p tmp/EFI/OC/Kexts || exit 1
mkdir -p tmp/EFI/OC/Tools || exit 1
- mkdir -p tmp/EFI/BOOT || exit 1
mkdir -p tmp/EFI/OC/Resources/Audio || exit 1
mkdir -p tmp/EFI/OC/Resources/Font || exit 1
mkdir -p tmp/EFI/OC/Resources/Image || exit 1
@@ -29,6 +28,7 @@ package() {
mkdir -p tmp/Utilities || exit 1
cp BootKicker.efi tmp/EFI/OC/Tools/ || exit 1
cp BOOTx64.efi tmp/EFI/BOOT/ || exit 1
+ cp BOOTx64.efi tmp/EFI/OC/Bootstrap/Bootstrap.efi || exit 1
cp ChipTune.efi tmp/EFI/OC/Tools/ || exit 1
cp CleanNvram.efi tmp/EFI/OC/Tools/ || exit 1
cp GopStop.efi tmp/EFI/OC/Tools/ || exit 1