OcMainLib: Forcibly disable single user mode with Apple Secure Boot

For some reason EfiBoot, at least as of 13.3.1, no longer filters -s argument from command-line. Make sure we filter this out ourselves.

OcMainLib: Forcibly disable single user mode with Apple Secure Boot
For some reason EfiBoot, at least as of 13.3.1, no longer filters -s argument from command-line. Make sure we filter this out ourselves.
fe15c15d · vit9696 · Vitaly Cheptsov · 4ea002b0 · fe15c15d · fe15c15d
8 changed file
--- a/Changelog.md
+++ b/Changelog.md
@@ -2,6 +2,7 @@ OpenCore Changelog
 ==================
 #### v0.9.2
 - Added `DisableIoMapperMapping` quirk, thx @CaseySJ
+- Fixed disabling single user mode when Apple Secure Boot is enabled
 #### v0.9.1
 - Fixed long comment printing for ACPI patches, thx @corpnewt

--- a/Docs/Configuration.md5
+++ b/Docs/Configuration.md5
-bdf0519ee81b9b52cd202b10e59c890b
+3eac1335702bdb43a1299da420299a62
--- a/Docs/Configuration.pdf
+++ b/Docs/Configuration.pdf
--- a/Docs/Configuration.tex
+++ b/Docs/Configuration.tex
@@ -1540,6 +1540,8 @@ To view their current state, use the \texttt{pmset -g} command in Terminal.
  \href{https://web.archive.org/web/20200517125051/https://support.apple.com/en-us/HT201573}{archived article}
  to understand how to use single user mode with this quirk enabled.
+  \emph{Note}: When Apple Secure Boot is enabled single user mode is always disabled.
 \item
  \texttt{DisableVariableWrite}\\
  \textbf{Type}: \texttt{plist\ boolean}\\

--- a/Docs/Differences/Differences.pdf
+++ b/Docs/Differences/Differences.pdf
--- a/Docs/Differences/Differences.tex
+++ b/Docs/Differences/Differences.tex
 \documentclass[]{article}
 %DIF LATEXDIFF DIFFERENCE FILE
 %DIF DEL PreviousConfiguration.tex   Thu Apr  6 01:56:05 2023
-%DIF ADD ../Configuration.tex        Thu Apr  6 01:56:05 2023
+%DIF ADD ../Configuration.tex        Sat Apr  8 16:31:21 2023
 \usepackage{lmodern}
 \usepackage{amssymb,amsmath}
@@ -1600,7 +1600,10 @@ To view their current state, use the \texttt{pmset -g} command in Terminal.
  \href{https://web.archive.org/web/20200517125051/https://support.apple.com/en-us/HT201573}{archived article}
  to understand how to use single user mode with this quirk enabled.
-\item
+  \DIFaddbegin \emph{\DIFadd{Note}}\DIFadd{: When Apple Secure Boot is enabled single user mode is always disabled.
+}
+\DIFaddend \item
  \texttt{DisableVariableWrite}\\
  \textbf{Type}: \texttt{plist\ boolean}\\
  \textbf{Failsafe}: \texttt{false}\\

--- a/Docs/Errata/Errata.pdf
+++ b/Docs/Errata/Errata.pdf
--- a/Library/OcMainLib/OpenCoreUefi.c
+++ b/Library/OcMainLib/OpenCoreUefi.c
@@ -561,6 +561,13 @@ OcLoadAppleSecureBoot (
      OcGetLegacySecureBootECID (Config, &Config->Misc.Security.ApECID);
    }
+    //
+    // Forcibly disable single user mode in Apple Secure Boot mode.
+    // Previously EfiBoot correctly removed the -s argument from command-line,
+    // but for some reason it does not now.
+    //
+    Config->Booter.Quirks.DisableSingleUser = TRUE;
    Status = OcAppleImg4BootstrapValues (RealSecureBootModel, Config->Misc.Security.ApECID);
    if (EFI_ERROR (Status)) {
      DEBUG ((DEBUG_ERROR, "OC: Failed to bootstrap IMG4 NVRAM values - %r\n", Status));