diff --git a/Changelog.md b/Changelog.md index 0b2b34eec6ad2ddda0ff80be77cde24756a05ecd..4134ae07a7dc6364401c0bda113d3c9f86b6519c 100644 --- a/Changelog.md +++ b/Changelog.md @@ -11,6 +11,8 @@ OpenCore Changelog - Added `SupportsCsm` and option in `PlatformInfo/Generic` - Added `OSInfo` protocol support - Added `SignalAppleOS` `Booter` quirk to enable IGPU on Macs in other OS +- Added `AppleSmcIo`protocol support (replaces `VirtualSmc` UEFI driver) +- Added `AuthRestart` security property for VirtualSMC authenticated restart #### v0.5.3 - Update builtin firmware versions diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf index 9ba894626836ed0cbd037e7728ecbb4d34f66bcb..61548dbdff605691cc6779409ae340d5ef83b1fd 100644 Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex index 6c778f66abcc9d12aec9cc3cd9efcacae92bd0e2..d72408c2b51e4808809bc18ad12623c20dbbd266 100755 --- a/Docs/Configuration.tex +++ b/Docs/Configuration.tex @@ -2258,6 +2258,21 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log | \textbf{Description}: Allow \texttt{CMD+OPT+P+R} handling and enable showing \texttt{NVRAM Reset} entry in boot picker. +\item + \texttt{AuthRestart}\\ + \textbf{Type}: \texttt{plist\ boolean}\\ + \textbf{Failsafe}: \texttt{false}\\ + \textbf{Description}: Enable \texttt{VirtualSMC}-compatible authenticated restart. + + Authenticated restart is a way to reboot FileVault 2 enabled macOS without entering + the password. To perform authenticated restart one can use a dedicated terminal + command: \texttt{sudo fdesetup authrestart}. It is also used when installing + operating system updates. + + VirtualSMC performs authenticated restart by saving disk encryption key split in + NVRAM and RTC, which despite being removed as soon as OpenCore starts, may be + considered a security risk and thus is optional. + \item \texttt{ExposeSensitiveData}\\ \textbf{Type}: \texttt{plist\ integer}\\ @@ -3545,12 +3560,6 @@ and supplementary utilities can be used. --- USB keyboard driver adding the support of \texttt{AppleKeyMapAggregator} protocols on top of a custom USB keyboard driver implementation. This is an alternative to builtin \texttt{KeySupport}, which may work better or worse depending on the firmware. - \item \href{https://github.com/acidanthera/VirtualSMC}{\texttt{VirtualSmc}} - --- UEFI SMC driver, required for proper FileVault 2 functionality and potentially - other macOS specifics. An alternative, named \texttt{SMCHelper}, is not compatible - with \texttt{VirtualSmc} and OpenCore, which is unaware of its specific interfaces. - In case \texttt{FakeSMC} kernel extension is used, manual NVRAM variable addition - may be needed and \texttt{VirtualSmc} driver should still be used. \item \href{https://github.com/acidanthera/AppleSupportPkg}{\texttt{VBoxHfs}} --- HFS file system driver with bless support. This driver is an alternative to a closed source \texttt{HFSPlus} driver commonly found in Apple firmwares. While @@ -3746,6 +3755,17 @@ build -a X64 -b RELEASE -t XCODE5 -p MdeModulePkg/MdeModulePkg.dsc \textbf{Description}: Reinstalls Apple Key Map protocols with builtin versions. +\item + \texttt{AppleSmcIo}\\ + \textbf{Type}: \texttt{plist\ boolean}\\ + \textbf{Failsafe}: \texttt{false}\\ + \textbf{Description}: Reinstalls Apple SMC I/O protocol with a builtin + version. + + This protocol replaces legacy \texttt{VirtualSmc} UEFI driver, and is compatible + with any SMC kernel extension. However, in case \texttt{FakeSMC} kernel extension + is used, manual NVRAM key variable addition may be needed. + \item \texttt{AppleUserInterfaceTheme}\\ \textbf{Type}: \texttt{plist\ boolean}\\ diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf index 8ce4ddebb5c68e8f637eee38e13cc2f8bb9a2262..4229d5b1217684510cb96361954ec111d73e0509 100644 Binary files a/Docs/Differences/Differences.pdf and b/Docs/Differences/Differences.pdf differ diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex index 463ae6ed229380c1cc8a67d4902a4e79d9b0b3c1..e991fb4e383b38c68dce0a7fd08a8dbb0416a2e5 100644 --- a/Docs/Differences/Differences.tex +++ b/Docs/Differences/Differences.tex @@ -1,7 +1,7 @@ \documentclass[]{article} %DIF LATEXDIFF DIFFERENCE FILE %DIF DEL PreviousConfiguration.tex Tue Dec 10 15:40:50 2019 -%DIF ADD ../Configuration.tex Sun Jan 5 21:08:43 2020 +%DIF ADD ../Configuration.tex Mon Jan 6 15:57:19 2020 \usepackage{lmodern} \usepackage{amssymb,amsmath} @@ -2326,7 +2326,25 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log | showing \texttt{NVRAM Reset} entry in boot picker. \item - \texttt{ExposeSensitiveData}\\ + \DIFaddbegin \texttt{\DIFadd{AuthRestart}}\\ + \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\ + \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\ + \textbf{\DIFadd{Description}}\DIFadd{: Enable }\texttt{\DIFadd{VirtualSMC}}\DIFadd{-compatible authenticated restart. +} + + \DIFadd{Authenticated restart is a way to reboot FileVault 2 enabled macOS without entering + the password. To perform authenticated restart one can use a dedicated terminal + command: }\texttt{\DIFadd{sudo fdesetup authrestart}}\DIFadd{. It is also used when installing + operating system updates. +} + + \DIFadd{VirtualSMC performs authenticated restart by saving disk encryption key split in + NVRAM and RTC, which despite being removed as soon as OpenCore starts, may be + considered a security risk and thus is optional. +} + +\item + \DIFaddend \texttt{ExposeSensitiveData}\\ \textbf{Type}: \texttt{plist\ integer}\\ \textbf{Failsafe}: \texttt{0x6}\\ \textbf{Description}: Sensitive data exposure bitmask (sum) to operating system. @@ -3619,13 +3637,20 @@ and supplementary utilities can be used. --- USB keyboard driver adding the support of \texttt{AppleKeyMapAggregator} protocols on top of a custom USB keyboard driver implementation. This is an alternative to builtin \texttt{KeySupport}, which may work better or worse depending on the firmware. - \item \href{https://github.com/acidanthera/VirtualSMC}{\texttt{VirtualSmc}} - --- UEFI SMC driver, required for proper FileVault 2 functionality and potentially - other macOS specifics. An alternative, named \texttt{SMCHelper}, is not compatible - with \texttt{VirtualSmc} and OpenCore, which is unaware of its specific interfaces. - In case \texttt{FakeSMC} kernel extension is used, manual NVRAM variable addition - may be needed and \texttt{VirtualSmc} driver should still be used. - \item \href{https://github.com/acidanthera/AppleSupportPkg}{\texttt{VBoxHfs}} + \item \DIFdelbegin %DIFDELCMD < \href{https://github.com/acidanthera/VirtualSMC}{\texttt{VirtualSmc}} +%DIFDELCMD < %%% +\DIFdel{--- UEFI SMC driver, required for proper FileVault 2 functionality and potentially + other macOS specifics. An alternative, named }\texttt{\DIFdel{SMCHelper}}%DIFAUXCMD +\DIFdel{, is not compatible + with }\texttt{\DIFdel{VirtualSmc}} %DIFAUXCMD +\DIFdel{and OpenCore, which is unaware of its specific interfaces. + In case }\texttt{\DIFdel{FakeSMC}} %DIFAUXCMD +\DIFdel{kernel extension is used, manual NVRAM variable addition + may be needed and }\texttt{\DIFdel{VirtualSmc}} %DIFAUXCMD +\DIFdel{driver should still be used. + }%DIFDELCMD < \item %%% +\item%DIFAUXCMD +\DIFdelend \href{https://github.com/acidanthera/AppleSupportPkg}{\texttt{VBoxHfs}} --- HFS file system driver with bless support. This driver is an alternative to a closed source \texttt{HFSPlus} driver commonly found in Apple firmwares. While it is feature complete, it is approximately 3~times slower and is yet to undergo @@ -3821,7 +3846,20 @@ build -a X64 -b RELEASE -t XCODE5 -p MdeModulePkg/MdeModulePkg.dsc versions. \item - \texttt{AppleUserInterfaceTheme}\\ + \DIFaddbegin \texttt{\DIFadd{AppleSmcIo}}\\ + \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\ + \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\ + \textbf{\DIFadd{Description}}\DIFadd{: Reinstalls Apple SMC I/O protocol with a builtin + version. +} + + \DIFadd{This protocol replaces legacy }\texttt{\DIFadd{VirtualSmc}} \DIFadd{UEFI driver, and is compatible + with any SMC kernel extension. However, in case }\texttt{\DIFadd{FakeSMC}} \DIFadd{kernel extension + is used, manual NVRAM key variable addition may be needed. +} + +\item + \DIFaddend \texttt{AppleUserInterfaceTheme}\\ \textbf{Type}: \texttt{plist\ boolean}\\ \textbf{Failsafe}: \texttt{false}\\ \textbf{Description}: Reinstalls Apple User Interface Theme protocol with a builtin diff --git a/Docs/Sample.plist b/Docs/Sample.plist index 739fc7df8d2de86671b5a95e432db7e9e2ee71d6..cea705e184d5a27eb29cabb2d96f14a612ff8d09 100644 --- a/Docs/Sample.plist +++ b/Docs/Sample.plist @@ -600,6 +600,8 @@ AllowNvramReset + AuthRestart + ExposeSensitiveData 6 HaltLevel @@ -771,6 +773,8 @@ AppleKeyMap + AppleSmcIo + AppleUserInterfaceTheme ConsoleControl diff --git a/Docs/SampleFull.plist b/Docs/SampleFull.plist index 79ac8769fb88de3341ee54e5488fee38c7150819..1f8859547fc0a7a502d5134447bd1b281119f8ff 100644 --- a/Docs/SampleFull.plist +++ b/Docs/SampleFull.plist @@ -600,6 +600,8 @@ AllowNvramReset + AuthRestart + ExposeSensitiveData 6 HaltLevel @@ -874,6 +876,8 @@ AppleKeyMap + AppleSmcIo + AppleUserInterfaceTheme ConsoleControl diff --git a/OpenCorePkg.dsc b/OpenCorePkg.dsc index b7f543021a64b2e0c1823f21c1fb4eedc158dba0..db0e898e003539a42b5ce69e7ceafb05cca32cb4 100755 --- a/OpenCorePkg.dsc +++ b/OpenCorePkg.dsc @@ -90,6 +90,7 @@ OcRtcLib|OcSupportPkg/Library/OcRtcLib/OcRtcLib.inf OcSerializeLib|OcSupportPkg/Library/OcSerializeLib/OcSerializeLib.inf OcSmbiosLib|OcSupportPkg/Library/OcSmbiosLib/OcSmbiosLib.inf + OcSmcLib|OcSupportPkg/Library/OcSmcLib/OcSmcLib.inf OcStorageLib|OcSupportPkg/Library/OcStorageLib/OcStorageLib.inf OcStringLib|OcSupportPkg/Library/OcStringLib/OcStringLib.inf OcTemplateLib|OcSupportPkg/Library/OcTemplateLib/OcTemplateLib.inf diff --git a/Platform/OpenCore/OpenCore.inf b/Platform/OpenCore/OpenCore.inf index 7f45cc684d02820cb74b1378f313c7b99ea135a9..9537e8df6878ff7f47af4dc665174674f7edc143 100644 --- a/Platform/OpenCore/OpenCore.inf +++ b/Platform/OpenCore/OpenCore.inf @@ -90,6 +90,7 @@ OcMiscLib OcOSInfoLib OcSmbiosLib + OcSmcLib OcStorageLib OcUnicodeCollationEngLib OcVirtualFsLib diff --git a/Platform/OpenCore/OpenCoreUefi.c b/Platform/OpenCore/OpenCoreUefi.c index ba40f8ad43831f395fc72071c6dfd33cc52fc6f4..f4e8b0ad0284c14700c6cb1c92f60854cca7fc6a 100644 --- a/Platform/OpenCore/OpenCoreUefi.c +++ b/Platform/OpenCore/OpenCoreUefi.c @@ -34,6 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include #include #include @@ -304,6 +305,10 @@ OcReinstallProtocols ( DEBUG ((DEBUG_ERROR, "OC: Failed to install image conversion protocol\n")); } + if (OcSmcIoInstallProtocol (Config->Uefi.Protocols.AppleSmcIo, Config->Misc.Security.AuthRestart) == NULL) { + DEBUG ((DEBUG_ERROR, "OC: Failed to install smc i/o protocol\n")); + } + if (OcAppleUserInterfaceThemeInstallProtocol (Config->Uefi.Protocols.AppleUserInterfaceTheme) == NULL) { DEBUG ((DEBUG_ERROR, "OC: Failed to install user interface theme protocol\n")); }