OpenCoreVault: Make vault.sig optional

Docs/Configuration.tex

@@ -31,7 +31,7 @@
   frame=tb,
   columns=fullflexible,
   captionpos=b,
-  morekeywords={git, make, build, ioreg, grep, nvram, sort, sudo, diskutil},
+  morekeywords={git, make, build, ioreg, grep, nvram, sort, sudo, diskutil, gfxutil},
   literate =
     {"}{{\textquotedbl}}1
     {'}{{\textquotesingle}}1
@@ -364,7 +364,7 @@ entries include:
   \break
   Main booter driver responsible for operating system loading.
 \item
-  \texttt{config.hash}
+  \texttt{vault.plist}
   \break
   Hashes for all files potentially loadable by \texttt{OC Config}.
 \item
@@ -372,9 +372,9 @@ entries include:
   \break
   \texttt{OC Config}.
 \item
-  \texttt{config.sig}
+  \texttt{vault.sig}
   \break
-  Signature for \texttt{config.hash}.
+  Signature for \texttt{vault.plist}.
 \end{itemize}
 
 \begin{center}
@@ -412,9 +412,9 @@ entries include:
       child [missing] {}
       child [missing] {}
       child { node [selected] {OpenCore.efi}}
-      child { node [optional] {config.hash}}
+      child { node [optional] {vault.plist}}
       child { node {config.plist}}
-      child { node [optional] {config.sig}}
+      child { node [optional] {vault.sig}}
     };
 \end{tikzpicture}
 \break
@@ -789,6 +789,16 @@ Device configuration is provided to macOS with a dedicated buffer,
 called \texttt{EfiDevicePropertyDatabase}. This buffer is a serialised
 map of DevicePaths to a map of property names and their values.
 
+Property data can be debugged with
+\href{https://github.com/acidanthera/gfxutil}{gfxutil}.
+To obtain current property data use the following command in macOS:
+\begin{lstlisting}[label=gfxutil, style=ocbash]
+ioreg -lw0 -p IODeviceTree -n efi -r -x | grep device-properties |
+  sed 's/.*<//;s/>.*//' > /tmp/device-properties.hex &&
+  gfxutil /tmp/device-properties.hex /tmp/device-properties.plist &&
+  cat /tmp/device-properties.plist
+\end{lstlisting}
+
 \subsection{Properties}\label{devpropsprops}
 
 \begin{enumerate}
@@ -1365,6 +1375,27 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
   of this option, but setting it to \texttt{true} will ensure configuration
   sanity, and abort the boot process.
 
+  The complete set of commands to:
+
+  \begin{itemize}
+  \tightlist
+  \item Create \texttt{vault.plist}.
+  \item Create a new RSA key.
+  \item Embed it into \texttt{OpenCore.efi}.
+  \item Create \texttt{vault.sig}.
+  \end{itemize}
+
+  Can look as follows:
+
+  FIXME!
+
+\begin{lstlisting}[label=createvault, style=ocbash]
+ioreg -lw0 -p IODeviceTree -n efi -r -x | grep device-properties |
+  sed 's/.*<//;s/>.*//' > /tmp/device-properties.hex &&
+  gfxutil /tmp/device-properties.hex /tmp/device-properties.plist &&
+  cat /tmp/device-properties.plist
+\end{lstlisting}
+
 \end{enumerate}
 
 \section{NVRAM}\label{nvram}

Platform/OpenCore/OpenCore.c

@@ -215,11 +215,15 @@ OcMain (
     Status = OcConfigurationInit (&mOpenCoreConfiguration, Config, ConfigSize);
     if (EFI_ERROR (Status)) {
       DEBUG ((DEBUG_ERROR, "OC: Failed to parse configuration!\n"));
+      CpuDeadLoop ();
+      return; ///< Should be unreachable.
     }
 
     FreePool (Config);
   } else {
     DEBUG ((DEBUG_ERROR, "OC: Failed to load configuration!\n"));
+    CpuDeadLoop ();
+    return; ///< Should be unreachable.
   }
 
   //
@@ -332,6 +336,9 @@ OcBootstrapRerun (
       OcStorageFree (&mOpenCoreStorage);
     } else {
       DEBUG ((DEBUG_ERROR, "OC: Failed to open root FS - %r!\n", Status));
+      if (Status == EFI_SECURITY_VIOLATION) {
+        CpuDeadLoop (); ///< Should not return.
+      }
     }
   } else {
     DEBUG ((DEBUG_ERROR, "OC: Nested ReRun is not supported\n"));

Platform/OpenCore/OpenCoreVault.c

@@ -48,7 +48,7 @@ OcGetVaultKey (
     //
 
     AllZero = TRUE;
-    for (Index = 0; sizeof (RSA_PUBLIC_KEY); ++Index) {
+    for (Index = 0; Index < sizeof (RSA_PUBLIC_KEY); ++Index) {
       if (((UINT8 *) &mOpenCoreVaultKey.VaultKey)[Index] != 0) {
         AllZero = FALSE;
         break;