diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf index 608635f9..0a91eee8 100644 Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex index 1dda27a3..dec725bc 100644 --- a/Docs/Configuration.tex +++ b/Docs/Configuration.tex @@ -31,7 +31,7 @@ frame=tb, columns=fullflexible, captionpos=b, - morekeywords={git, make, build, ioreg, grep, nvram, sort, sudo, diskutil}, + morekeywords={git, make, build, ioreg, grep, nvram, sort, sudo, diskutil, gfxutil}, literate = {"}{{\textquotedbl}}1 {'}{{\textquotesingle}}1 @@ -364,7 +364,7 @@ entries include: \break Main booter driver responsible for operating system loading. \item - \texttt{config.hash} + \texttt{vault.plist} \break Hashes for all files potentially loadable by \texttt{OC Config}. \item @@ -372,9 +372,9 @@ entries include: \break \texttt{OC Config}. \item - \texttt{config.sig} + \texttt{vault.sig} \break - Signature for \texttt{config.hash}. + Signature for \texttt{vault.plist}. \end{itemize} \begin{center} @@ -412,9 +412,9 @@ entries include: child [missing] {} child [missing] {} child { node [selected] {OpenCore.efi}} - child { node [optional] {config.hash}} + child { node [optional] {vault.plist}} child { node {config.plist}} - child { node [optional] {config.sig}} + child { node [optional] {vault.sig}} }; \end{tikzpicture} \break @@ -789,6 +789,16 @@ Device configuration is provided to macOS with a dedicated buffer, called \texttt{EfiDevicePropertyDatabase}. This buffer is a serialised map of DevicePaths to a map of property names and their values. +Property data can be debugged with +\href{https://github.com/acidanthera/gfxutil}{gfxutil}. +To obtain current property data use the following command in macOS: +\begin{lstlisting}[label=gfxutil, style=ocbash] +ioreg -lw0 -p IODeviceTree -n efi -r -x | grep device-properties | + sed 's/.*.*//' > /tmp/device-properties.hex && + gfxutil /tmp/device-properties.hex /tmp/device-properties.plist && + cat /tmp/device-properties.plist +\end{lstlisting} + \subsection{Properties}\label{devpropsprops} \begin{enumerate} @@ -1365,6 +1375,27 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log | of this option, but setting it to \texttt{true} will ensure configuration sanity, and abort the boot process. + The complete set of commands to: + + \begin{itemize} + \tightlist + \item Create \texttt{vault.plist}. + \item Create a new RSA key. + \item Embed it into \texttt{OpenCore.efi}. + \item Create \texttt{vault.sig}. + \end{itemize} + + Can look as follows: + + FIXME! + +\begin{lstlisting}[label=createvault, style=ocbash] +ioreg -lw0 -p IODeviceTree -n efi -r -x | grep device-properties | + sed 's/.*.*//' > /tmp/device-properties.hex && + gfxutil /tmp/device-properties.hex /tmp/device-properties.plist && + cat /tmp/device-properties.plist +\end{lstlisting} + \end{enumerate} \section{NVRAM}\label{nvram} diff --git a/Platform/OpenCore/OpenCore.c b/Platform/OpenCore/OpenCore.c index 5b604c4b..419eeb32 100644 --- a/Platform/OpenCore/OpenCore.c +++ b/Platform/OpenCore/OpenCore.c @@ -215,11 +215,15 @@ OcMain ( Status = OcConfigurationInit (&mOpenCoreConfiguration, Config, ConfigSize); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "OC: Failed to parse configuration!\n")); + CpuDeadLoop (); + return; ///< Should be unreachable. } FreePool (Config); } else { DEBUG ((DEBUG_ERROR, "OC: Failed to load configuration!\n")); + CpuDeadLoop (); + return; ///< Should be unreachable. } // @@ -332,6 +336,9 @@ OcBootstrapRerun ( OcStorageFree (&mOpenCoreStorage); } else { DEBUG ((DEBUG_ERROR, "OC: Failed to open root FS - %r!\n", Status)); + if (Status == EFI_SECURITY_VIOLATION) { + CpuDeadLoop (); ///< Should not return. + } } } else { DEBUG ((DEBUG_ERROR, "OC: Nested ReRun is not supported\n")); diff --git a/Platform/OpenCore/OpenCoreVault.c b/Platform/OpenCore/OpenCoreVault.c index 04dfd779..17bf2b9e 100644 --- a/Platform/OpenCore/OpenCoreVault.c +++ b/Platform/OpenCore/OpenCoreVault.c @@ -48,7 +48,7 @@ OcGetVaultKey ( // AllZero = TRUE; - for (Index = 0; sizeof (RSA_PUBLIC_KEY); ++Index) { + for (Index = 0; Index < sizeof (RSA_PUBLIC_KEY); ++Index) { if (((UINT8 *) &mOpenCoreVaultKey.VaultKey)[Index] != 0) { AllZero = FALSE; break;