OcBootManagementLib: Added experimental `BootProtect` `Security` option

closes acidanthera/bugtracker#859

Changelog.md

@@ -17,6 +17,7 @@ OpenCore Changelog
 - Added `AppleRtcRam` protocol implementation
 - Renamed `Protocols` to `ProtocolOverrides` for clarity
 - Added ResetSystem tool to allow shutdown/reset actions in the menu
+- Added experimental `BootProtect` `Security` option
 
 #### v0.5.7
 - Added TimeMachine detection to picker

Docs/Configuration.tex

@@ -2537,6 +2537,35 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
   NVRAM and RTC, which despite being removed as soon as OpenCore starts, may be
   considered a security risk and thus is optional.
 
+\item
+  \texttt{BootProtect}\\
+  \textbf{Type}: \texttt{plist\ string}\\
+  \textbf{Failsafe}: \texttt{None}\\
+  \textbf{Description}: Attempt to provide bootloader persistence.
+
+  Valid values:
+
+  \begin{itemize}
+  \tightlist
+  \item \texttt{None} --- do nothing.
+  \item \texttt{Bootstrap} --- create or update top-priority
+  \texttt{\textbackslash EFI\textbackslash OC\textbackslash Bootstrap\textbackslash Bootstrap.efi}
+  boot option (\texttt{Boot9696}) in UEFI variable storage at bootloader startup. For this option
+  to work \texttt{RequestBootVarRouting} is required to be enabled.
+  \end{itemize}
+
+  This option provides integration with third-party operating system installation and upgrade
+  at the times they overwrite \texttt{\textbackslash EFI\textbackslash BOOT\textbackslash BOOTx64.efi}
+  file. By creating a custom option in \texttt{Bootstrap} mode this file path becomes no longer
+  used for bootstraping OpenCore.
+
+  \emph{Note 1}: Some firmewares may have broken NVRAM, no boot option support, or various other
+  incompatibilities of any kind. While unlikely, the use of this option may even cause boot failure.
+  Use at your own risk on boards known to be compatible.
+
+  \emph{Note 2}: Be warned that NVRAM reset will also erase the boot option created in
+  \texttt{Bootstrap} mode.
+
 \item
   \texttt{ExposeSensitiveData}\\
   \textbf{Type}: \texttt{plist\ integer}\\

Docs/Differences/Differences.tex

 \documentclass[]{article}
 %DIF LATEXDIFF DIFFERENCE FILE
 %DIF DEL PreviousConfiguration.tex   Tue Apr  7 19:32:13 2020
-%DIF ADD ../Configuration.tex        Mon Apr 20 13:11:07 2020
+%DIF ADD ../Configuration.tex        Fri Apr 24 00:55:25 2020
 
 \usepackage{lmodern}
 \usepackage{amssymb,amsmath}
@@ -2602,7 +2602,41 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
   considered a security risk and thus is optional.
 
 \item
-  \texttt{ExposeSensitiveData}\\
+  \DIFaddbegin \texttt{\DIFadd{BootProtect}}\\
+  \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ string}}\\
+  \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{None}}\\
+  \textbf{\DIFadd{Description}}\DIFadd{: Attempt to provide bootloader persistence.
+}
+
+  \DIFadd{Valid values:
+}
+
+  \begin{itemize}
+  \tightlist
+  \item \texttt{\DIFadd{None}} \DIFadd{--- do nothing.
+  }\item \texttt{\DIFadd{Bootstrap}} \DIFadd{--- create or update top-priority
+  }\texttt{\DIFadd{\textbackslash EFI\textbackslash OC\textbackslash Bootstrap\textbackslash Bootstrap.efi}}
+  \DIFadd{boot option (}\texttt{\DIFadd{Boot9696}}\DIFadd{) in UEFI variable storage at bootloader startup. For this option
+  to work }\texttt{\DIFadd{RequestBootVarRouting}} \DIFadd{is required to be enabled.
+  }\end{itemize}
+
+  \DIFadd{This option provides integration with third-party operating system installation and upgrade
+  at the times they overwrite }\texttt{\DIFadd{\textbackslash EFI\textbackslash BOOT\textbackslash BOOTx64.efi}}
+  \DIFadd{file. By creating a custom option in }\texttt{\DIFadd{Bootstrap}} \DIFadd{mode this file path becomes no longer
+  used for bootstraping OpenCore.
+}
+
+  \emph{\DIFadd{Note 1}}\DIFadd{: Some firmewares may have broken NVRAM, no boot option support, or various other
+  incompatibilities of any kind. While unlikely, the use of this option may even cause boot failure.
+  Use at your own risk on boards known to be compatible.
+}
+
+  \emph{\DIFadd{Note 2}}\DIFadd{: Be warned that NVRAM reset will also erase the boot option created in
+  }\texttt{\DIFadd{Bootstrap}} \DIFadd{mode.
+}
+
+\item
+  \DIFaddend \texttt{ExposeSensitiveData}\\
   \textbf{Type}: \texttt{plist\ integer}\\
   \textbf{Failsafe}: \texttt{0x6}\\
   \textbf{Description}: Sensitive data exposure bitmask (sum) to operating system.

Docs/Sample.plist

@@ -610,6 +610,8 @@
 			<false/>
 			<key>AuthRestart</key>
 			<false/>
+			<key>BootProtect</key>
+			<string>None</string>
 			<key>ExposeSensitiveData</key>
 			<integer>6</integer>
 			<key>HaltLevel</key>

Docs/SampleFull.plist

@@ -610,6 +610,8 @@
 			<false/>
 			<key>AuthRestart</key>
 			<false/>
+			<key>BootProtect</key>
+			<string>None</string>
 			<key>ExposeSensitiveData</key>
 			<integer>6</integer>
 			<key>HaltLevel</key>

Include/Library/OcBootManagementLib.h

@@ -100,6 +100,12 @@ typedef UINT32 OC_BOOT_ENTRY_TYPE;
 #define OC_BOOT_RESET_NVRAM         BIT7
 #define OC_BOOT_SYSTEM              (OC_BOOT_RESET_NVRAM)
 
+/**
+  Default boot option numbers.
+**/
+#define OC_BOOT_OPTION                0x9696
+#define OC_BOOT_OPTION_VARIABLE_NAME  L"Boot9696"
+
 /**
   Picker mode.
 **/
@@ -1099,4 +1105,20 @@ OcToggleVoiceOver (
   IN  UINT32             File  OPTIONAL
   );
 
+/**
+  Register top-most priority boot option.
+
+  @param[in]  OptionName    Option name to create.
+  @param[in]  DeviceHandle  Device handle of the file system.
+  @param[in]  FilePath      Bootloader path.
+
+  @retval EFI_SUCCESS on success.
+**/
+EFI_STATUS
+OcRegisterBootOption (
+  IN CONST CHAR16    *OptionName,
+  IN EFI_HANDLE      DeviceHandle,
+  IN CONST CHAR16    *FilePath
+  );
+
 #endif // OC_BOOT_MANAGEMENT_LIB_H

Include/Library/OcConfigurationLib.h

@@ -305,6 +305,7 @@ typedef enum {
 } OCS_VAULT_MODE;
 
 #define OC_MISC_SECURITY_FIELDS(_, __) \
+  _(OC_STRING                   , BootProtect                 ,      , OC_STRING_CONSTR ("None", _, __), OC_DESTR (OC_STRING) ) \
   _(OC_STRING                   , Vault                       ,      , OC_STRING_CONSTR ("Secure", _, __), OC_DESTR (OC_STRING) ) \
   _(UINT32                      , ScanPolicy                  ,      , OC_SCAN_DEFAULT_POLICY  , ()) \
   _(BOOLEAN                     , AllowNvramReset             ,      , FALSE                   , ()) \

Include/OpenCore.h

@@ -45,6 +45,8 @@
 #error "Unknown target definition"
 #endif
 
+#define OPEN_CORE_BOOTSTRAP_PATH   L"EFI\\OC\\Bootsrap\\Bootstrap.efi"
+
 #define OPEN_CORE_DRIVER_PATH      L"EFI\\OC\\OpenCore.efi"
 
 #define OPEN_CORE_ROOT_PATH        L"EFI\\OC"

Library/OcBootManagementLib/BootArguments.c

@@ -159,7 +159,7 @@ OcAppendArgumentToCmd (
   // Account for extra space.
   //
   if (Len + (Len > 0 ? 1 : 0) + ArgumentLength >= BOOT_LINE_LENGTH) {
-    DEBUG ((DEBUG_INFO, "OCBM: boot-args are invalid, ignoring\n"));
+    DEBUG ((DEBUG_INFO, "OCB: boot-args are invalid, ignoring\n"));
     return FALSE;
   }
 

Library/OcBootManagementLib/BootEntryInfo.c

@@ -50,7 +50,7 @@ InternalGetAppleDiskLabel (
   }
 
   UnicodeSPrint (DiskLabelPath, DiskLabelPathSize, L"%s%s", BootDirectoryName, LabelFilename);
-  DEBUG ((DEBUG_INFO, "OCBM: Trying to get label from %s\n", DiskLabelPath));
+  DEBUG ((DEBUG_INFO, "OCB: Trying to get label from %s\n", DiskLabelPath));
 
   AsciiDiskLabel = (CHAR8 *) ReadFile (FileSystem, DiskLabelPath, &DiskLabelLength, OC_MAX_VOLUME_LABEL_SIZE);
   FreePool (DiskLabelPath);
@@ -88,7 +88,7 @@ InternalGetAppleImage (
   }
 
   UnicodeSPrint (ImagePath, ImagePathSize, L"%s%s", DirectoryName, LabelFilename);
-  DEBUG ((DEBUG_INFO, "OCBM: Trying to get image from %s\n", ImagePath));
+  DEBUG ((DEBUG_INFO, "OCB: Trying to get image from %s\n", ImagePath));
 
   *ImageData = ReadFile (FileSystem, ImagePath, DataSize, BASE_16MB);
 
@@ -315,7 +315,7 @@ InternalGetRecoveryOsBooter (
           DEBUG_CODE_BEGIN ();
           DevicePathText = ConvertDevicePathToText (*FilePath, FALSE, FALSE);
           if (DevicePathText != NULL) {
-            DEBUG ((DEBUG_INFO, "OCBM: Got recovery dp %s\n", DevicePathText));
+            DEBUG ((DEBUG_INFO, "OCB: Got recovery dp %s\n", DevicePathText));
             FreePool (DevicePathText);
           }
           DEBUG_CODE_END ();

Library/OcBootManagementLib/DefaultEntryChoice.c

@@ -20,6 +20,7 @@
 #include <Guid/OcVariables.h>
 
 #include <Protocol/LoadedImage.h>
+#include <Protocol/OcFirmwareRuntime.h>
 #include <Protocol/SimpleFileSystem.h>
 
 #include <Library/BaseMemoryLib.h>
@@ -998,94 +999,225 @@ OcSetDefaultBootEntry (
   return Status;
 }
 
-#if 0
 STATIC
-VOID
-InternalReportLoadOption (
-  IN EFI_DEVICE_PATH_PROTOCOL  *DevicePath,
-  IN EFI_GUID                  *BootGuid
+EFI_STATUS
+InternalRegisterBootOption (
+  IN CONST CHAR16    *OptionName,
+  IN EFI_HANDLE      DeviceHandle,
+  IN CONST CHAR16    *FilePath
   )
 {
-  EFI_STATUS          Status;
-  UINTN               DevicePathSize;
-  UINTN               LoadOptionSize;
-  EFI_LOAD_OPTION     *LoadOption;
-  UINT16              LoadOptionNo;
-  EFI_LOAD_OPTION     *CurrLoadOption;
-  CONST CHAR16        *LoadOptionName;
-  UINTN               LoadOptionNameSize;
-  UINTN               CurrLoadOptionSize;
-
-  //
-  // Always report valid option in BootCurrent.
-  // Unless done there is no way for Windows to properly hibernate.
-  //
+  EFI_STATUS                 Status;
+  EFI_LOAD_OPTION            *Option;
+  UINTN                      OptionNameSize;
+  UINTN                      DevicePathSize;
+  UINTN                      OptionSize;
+  EFI_DEVICE_PATH_PROTOCOL   *DevicePath;
+  EFI_DEVICE_PATH_PROTOCOL   *CurrDevicePath;
+  UINTN                      Index;
+  UINT16                     *BootOrder;
+  UINTN                      BootOrderSize;
+  UINT32                     BootOrderAttributes;
+  UINT16                     NewBootOrder;
+  BOOLEAN                    CurrOptionValid;
+
+  Status = gBS->HandleProtocol (
+    DeviceHandle,
+    &gEfiDevicePathProtocolGuid,
+    (VOID **) &DevicePath
+    );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_INFO, "OCB: Failed to obtain device path for boot option - %r\n", Status));
+    return Status;
+  }
 
-  LoadOptionName     = L"OC Boot";
-  LoadOptionNameSize = L_STR_SIZE (L"OC Boot");
-  DevicePathSize     = GetDevicePathSize (DevicePath);
-  LoadOptionSize     = sizeof (EFI_LOAD_OPTION) + LoadOptionNameSize + DevicePathSize;
+  DevicePath = AppendFileNameDevicePath (DevicePath, (CHAR16 *) FilePath);
+  if (DevicePath == NULL) {
+    DEBUG ((DEBUG_INFO, "OCB: Failed to append %s loader path for boot option - %r\n", FilePath));
+    return EFI_OUT_OF_RESOURCES;
+  }
 
-  LoadOption = AllocatePool (LoadOptionSize);
-  if (LoadOption == NULL) {
-    DEBUG ((DEBUG_INFO, "OCB: Failed to allocate BootFFFF (%u)\n", (UINT32) LoadOptionSize));
-    return;
+  CurrDevicePath = InternalGetBootOptionData (OC_BOOT_OPTION, &gEfiGlobalVariableGuid, NULL, NULL, NULL);
+  if (CurrDevicePath != NULL) {
+    CurrOptionValid = IsDevicePathEqual (DevicePath, CurrDevicePath);
+    FreePool (CurrDevicePath);
+  } else {
+    CurrOptionValid = FALSE;
   }
 
-  LoadOption->Attributes         = LOAD_OPTION_HIDDEN;
-  LoadOption->FilePathListLength = (UINT16) DevicePathSize;
-  CopyMem (LoadOption + 1, LoadOptionName, LoadOptionNameSize);
-  CopyMem ((UINT8 *) (LoadOption + 1) + LoadOptionNameSize, DevicePath, DevicePathSize);
+  DEBUG ((
+    DEBUG_INFO,
+    "OCB: Have existing option %d, valid %d\n",
+    CurrDevicePath != NULL,
+    CurrOptionValid
+    ));
+
+  if (!CurrOptionValid) {
+    OptionNameSize = StrSize (OptionName);
+    DevicePathSize = GetDevicePathSize (DevicePath);
+    OptionSize     = sizeof (EFI_LOAD_OPTION) + OptionNameSize + DevicePathSize;
 
-  CurrLoadOption = NULL;
-  CurrLoadOptionSize = 0;
-  Status = GetVariable2 (
-    L"BootFFFF",
-    BootGuid,
-    (VOID **) &CurrLoadOption,
-    &CurrLoadOptionSize
+    DEBUG ((DEBUG_INFO, "OCB: Creating boot option %s of %u bytes\n", OptionName, (UINT32) OptionSize));
+
+    Option = AllocatePool (OptionSize);
+    if (Option == NULL) {
+      DEBUG ((DEBUG_INFO, "OCB: Failed to allocate boot option (%u)\n", (UINT32) OptionSize));
+      FreePool (DevicePath);
+      return EFI_OUT_OF_RESOURCES;
+    }
+
+    Option->Attributes         = LOAD_OPTION_ACTIVE | LOAD_OPTION_CATEGORY_BOOT;
+    Option->FilePathListLength = (UINT16) DevicePathSize;
+    CopyMem (Option + 1, OptionName, OptionNameSize);
+    CopyMem ((UINT8 *) (Option + 1) + OptionNameSize, DevicePath, DevicePathSize);
+
+    Status = gRT->SetVariable (
+      OC_BOOT_OPTION_VARIABLE_NAME,
+      &gEfiGlobalVariableGuid,
+      EFI_VARIABLE_BOOTSERVICE_ACCESS
+        | EFI_VARIABLE_RUNTIME_ACCESS
+        | EFI_VARIABLE_NON_VOLATILE,
+      OptionSize,
+      Option
+      );
+
+    FreePool (Option);
+    FreePool (DevicePath);
+
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_INFO, "OCB: Failed to store boot option - %r\n", Status));
+      return Status;
+    }
+  }
+
+  BootOrderSize = 0;
+  Status = gRT->GetVariable (
+    EFI_BOOT_ORDER_VARIABLE_NAME,
+    &gEfiGlobalVariableGuid,
+    &BootOrderAttributes,
+    &BootOrderSize,
+    NULL
     );
-  if (EFI_ERROR (Status)
-    || CurrLoadOptionSize != LoadOptionSize
-    || CompareMem (CurrLoadOption, LoadOption, LoadOptionSize) != 0) {
 
-    DEBUG ((
-      DEBUG_INFO,
-      "OCB: Overwriting BootFFFF (%r/%u)\n",
-      Status,
-      (UINT32) CurrLoadOptionSize,
-      (UINT32) LoadOptionSize
-      ));
+  DEBUG ((
+    DEBUG_INFO,
+    "OCB: Have existing order of size %u - %r\n",
+    (UINT32) BootOrderSize,
+    Status
+    ));
 
-    gRT->SetVariable (
-      L"BootFFFF",
-      BootGuid,
+  if (Status == EFI_BUFFER_TOO_SMALL && BootOrderSize > 0 && BootOrderSize % sizeof (UINT16) == 0) {
+    BootOrder = AllocatePool (BootOrderSize + sizeof (UINT16));
+    if (BootOrder == NULL) {
+      DEBUG ((DEBUG_INFO, "OCB: Failed to allocate boot order\n"));
+      return EFI_OUT_OF_RESOURCES;
+    }
+
+    Status = gRT->GetVariable (
+      EFI_BOOT_ORDER_VARIABLE_NAME,
+      &gEfiGlobalVariableGuid,
+      &BootOrderAttributes,
+      &BootOrderSize,
+      (VOID *) (BootOrder + 1)
+      );
+
+    if (EFI_ERROR (Status) || BootOrderSize == 0 || BootOrderSize % sizeof (UINT16) != 0) {
+      DEBUG ((DEBUG_INFO, "OCB: Failed to obtain boot order %u - %r\n", (UINT32) BootOrderSize, Status));
+      if (!EFI_ERROR (Status)) {
+        FreePool (BootOrder);
+      }
+      return EFI_OUT_OF_RESOURCES;
+    }
+
+    if (BootOrder[1] == OC_BOOT_OPTION) {
+      DEBUG ((DEBUG_INFO, "OCB: Boot order has first option as the default option\n"));
+      FreePool (BootOrder);
+      return EFI_SUCCESS;
+    }
+
+    BootOrder[0] = OC_BOOT_OPTION;
+
+    Index = 1;
+    while (Index <= BootOrderSize / sizeof (UINT16)) {
+      if (BootOrder[Index] == OC_BOOT_OPTION) {
+        DEBUG ((DEBUG_INFO, "OCB: Moving boot option to the front from %u position\n", (UINT32) Index));
+        CopyMem (
+          &BootOrder[Index],
+          &BootOrder[Index + 1],
+          BootOrderSize - Index * sizeof (UINT16)
+          );
+        BootOrderSize -= sizeof (UINT16);
+      } else {
+        ++Index;
+      }
+    }
+
+    Status = gRT->SetVariable (
+      EFI_BOOT_ORDER_VARIABLE_NAME,
+      &gEfiGlobalVariableGuid,
       EFI_VARIABLE_BOOTSERVICE_ACCESS
         | EFI_VARIABLE_RUNTIME_ACCESS
         | EFI_VARIABLE_NON_VOLATILE,
-      LoadOptionSize,
-      LoadOption
+      BootOrderSize + sizeof (UINT16),
+      BootOrder
       );
+
+    FreePool (BootOrder);
   } else {
-    DEBUG ((DEBUG_INFO, "OCB: Accepting same BootFFFF\n"));
+    NewBootOrder = OC_BOOT_OPTION;
+    Status = gRT->SetVariable (
+      EFI_BOOT_ORDER_VARIABLE_NAME,
+      &gEfiGlobalVariableGuid,
+      EFI_VARIABLE_BOOTSERVICE_ACCESS
+        | EFI_VARIABLE_RUNTIME_ACCESS
+        | EFI_VARIABLE_NON_VOLATILE,
+      sizeof (UINT16),
+      &NewBootOrder
+      );
   }
 
-  if (CurrLoadOption != NULL) {
-    FreePool (CurrLoadOption);
+  DEBUG ((DEBUG_INFO, "OCB: Wrote new boot order with boot option - %r\n", Status));
+  return EFI_SUCCESS;
+}
+
+EFI_STATUS
+OcRegisterBootOption (
+  IN CONST CHAR16    *OptionName,
+  IN EFI_HANDLE      DeviceHandle,
+  IN CONST CHAR16    *FilePath
+  )
+{
+  EFI_STATUS                    Status;
+  OC_FIRMWARE_RUNTIME_PROTOCOL  *FwRuntime;
+  OC_FWRT_CONFIG                Config;
+
+  Status = gBS->LocateProtocol (
+    &gOcFirmwareRuntimeProtocolGuid,
+    NULL,
+    (VOID **) &FwRuntime
+    );
+
+  if (!EFI_ERROR (Status) && FwRuntime->Revision == OC_FIRMWARE_RUNTIME_REVISION) {
+    ZeroMem (&Config, sizeof (Config));
+    FwRuntime->SetOverride (&Config);
+    DEBUG ((DEBUG_INFO, "OCB: Found FW NVRAM, full access %d\n", Config.BootVariableRedirect));
+  } else {
+    FwRuntime = NULL;
+    DEBUG ((DEBUG_INFO, "OCB: Missing FW NVRAM, going on...\n"));
   }
-  FreePool (LoadOption);
 
-  LoadOptionNo = 0xFFFF;
-  gRT->SetVariable (
-    L"BootCurrent",
-    BootGuid,
-    EFI_VARIABLE_BOOTSERVICE_ACCESS
-      | EFI_VARIABLE_RUNTIME_ACCESS,
-    sizeof (LoadOptionNo),
-    &LoadOptionNo
+  Status = InternalRegisterBootOption (
+    OptionName,
+    DeviceHandle,
+    FilePath
     );
+
+  if (FwRuntime != NULL) {
+    FwRuntime->SetOverride (NULL);
+  }
+
+  return Status;
 }
-#endif
 
 EFI_STATUS
 InternalLoadBootEntry (
@@ -1193,13 +1325,6 @@ InternalLoadBootEntry (
   }
 
   if (!EFI_ERROR (Status)) {
-#if 0
-    InternalReportLoadOption (
-      DevicePath,
-      Context->CustomBootGuid ? &gOcVendorVariableGuid : &gEfiGlobalVariableGuid
-      );
-#endif
-
     OptionalStatus = gBS->HandleProtocol (
       *EntryHandle,
       &gEfiLoadedImageProtocolGuid,

Library/OcConfigurationLib/OcConfigurationLib.c

@@ -354,6 +354,7 @@ mMiscConfigurationSecuritySchema[] = {
   OC_SCHEMA_BOOLEAN_IN ("AllowNvramReset",      OC_GLOBAL_CONFIG, Misc.Security.AllowNvramReset),
   OC_SCHEMA_BOOLEAN_IN ("AllowSetDefault",      OC_GLOBAL_CONFIG, Misc.Security.AllowSetDefault),
   OC_SCHEMA_BOOLEAN_IN ("AuthRestart",          OC_GLOBAL_CONFIG, Misc.Security.AuthRestart),
+  OC_SCHEMA_STRING_IN  ("BootProtect",          OC_GLOBAL_CONFIG, Misc.Security.BootProtect),
   OC_SCHEMA_BOOLEAN_IN ("EnablePassword",       OC_GLOBAL_CONFIG, Misc.Security.EnablePassword),
   OC_SCHEMA_INTEGER_IN ("ExposeSensitiveData",  OC_GLOBAL_CONFIG, Misc.Security.ExposeSensitiveData),
   OC_SCHEMA_INTEGER_IN ("HaltLevel",            OC_GLOBAL_CONFIG, Misc.Security.HaltLevel),

Platform/OpenCore/OpenCoreMisc.c

@@ -450,28 +450,38 @@ OcMiscLateInit (
 {
   EFI_STATUS   Status;
   EFI_STATUS   HibernateStatus;
+  CONST CHAR8  *BootProtect;
   CONST CHAR8  *HibernateMode;
   UINT32       HibernateMask;
+  EFI_HANDLE   OcHandle;
 
   if ((Config->Misc.Security.ExposeSensitiveData & OCS_EXPOSE_BOOT_PATH) != 0) {
     OcStoreLoadPath (LoadPath);
   }
 
-  Status = EFI_SUCCESS;
+  OcHandle = NULL;
+  if (LoadPath != NULL) {
+    Status = gBS->LocateDevicePath (
+      &gEfiSimpleFileSystemProtocolGuid,
+      &LoadPath,
+      &OcHandle
+      );
+  } else {
+    Status = EFI_UNSUPPORTED;
+  }
 
-  if (LoadHandle != NULL) {
-    *LoadHandle = NULL;
-    //
-    // Do not disclose self entry unless asked.
-    //
-    if (LoadPath != NULL && Config->Misc.Boot.HideSelf) {
-      Status = gBS->LocateDevicePath (
-        &gEfiSimpleFileSystemProtocolGuid,
-        &LoadPath,
-        LoadHandle
-        );
-      DEBUG ((DEBUG_INFO, "OC: LoadHandle is %p - %r\n", *LoadHandle, Status));
-    }
+  BootProtect = OC_BLOB_GET (&Config->Misc.Security.BootProtect);
+  DEBUG ((DEBUG_INFO, "OC: LoadHandle %p with BootProtect in %a mode - %r\n", OcHandle, BootProtect, Status));
+
+  if (OcHandle != NULL && AsciiStrCmp (BootProtect, "Bootstrap") == 0) {
+    OcRegisterBootOption (L"OpenCore", OcHandle, OPEN_CORE_BOOTSTRAP_PATH);
+  }
+
+  //
+  // Do not disclose self entry unless asked.
+  //
+  if (LoadHandle != NULL && Config->Misc.Boot.HideSelf) {
+    *LoadHandle = OcHandle;
   }
 
   HibernateMode = OC_BLOB_GET (&Config->Misc.Boot.HibernateMode);

macbuild.tool

@@ -14,13 +14,12 @@ package() {
   selfdir=$(pwd)
   pushd "$1" || exit 1
   rm -rf tmp || exit 1
-  mkdir -p tmp/EFI || exit 1
-  mkdir -p tmp/EFI/OC || exit 1
+  mkdir -p tmp/EFI/BOOT || exit 1
   mkdir -p tmp/EFI/OC/ACPI || exit 1
+  mkdir -p tmp/EFI/OC/Bootstrap || exit 1
   mkdir -p tmp/EFI/OC/Drivers || exit 1
   mkdir -p tmp/EFI/OC/Kexts || exit 1
   mkdir -p tmp/EFI/OC/Tools || exit 1
-  mkdir -p tmp/EFI/BOOT || exit 1
   mkdir -p tmp/EFI/OC/Resources/Audio || exit 1
   mkdir -p tmp/EFI/OC/Resources/Font || exit 1
   mkdir -p tmp/EFI/OC/Resources/Image || exit 1
@@ -29,6 +28,7 @@ package() {
   mkdir -p tmp/Utilities || exit 1
   cp BootKicker.efi tmp/EFI/OC/Tools/ || exit 1
   cp BOOTx64.efi tmp/EFI/BOOT/ || exit 1
+  cp BOOTx64.efi tmp/EFI/OC/Bootstrap/Bootstrap.efi || exit 1
   cp ChipTune.efi tmp/EFI/OC/Tools/ || exit 1
   cp CleanNvram.efi tmp/EFI/OC/Tools/ || exit 1
   cp GopStop.efi tmp/EFI/OC/Tools/ || exit 1