OpenCoreUefi: Implement SMC support with authrestart

Changelog.md

@@ -11,6 +11,8 @@ OpenCore Changelog
 - Added `SupportsCsm` and option in `PlatformInfo/Generic`
 - Added `OSInfo` protocol support
 - Added `SignalAppleOS` `Booter` quirk to enable IGPU on Macs in other OS
+- Added `AppleSmcIo`protocol support (replaces `VirtualSmc` UEFI driver)
+- Added `AuthRestart` security property for VirtualSMC authenticated restart
 
 #### v0.5.3
 - Update builtin firmware versions

Docs/Configuration.tex

@@ -2258,6 +2258,21 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
   \textbf{Description}: Allow \texttt{CMD+OPT+P+R} handling and enable
   showing \texttt{NVRAM Reset} entry in boot picker.
 
+\item
+  \texttt{AuthRestart}\\
+  \textbf{Type}: \texttt{plist\ boolean}\\
+  \textbf{Failsafe}: \texttt{false}\\
+  \textbf{Description}: Enable \texttt{VirtualSMC}-compatible authenticated restart.
+
+  Authenticated restart is a way to reboot FileVault 2 enabled macOS without entering
+  the password. To perform authenticated restart one can use a dedicated terminal
+  command: \texttt{sudo fdesetup authrestart}. It is also used when installing
+  operating system updates.
+
+  VirtualSMC performs authenticated restart by saving disk encryption key split in
+  NVRAM and RTC, which despite being removed as soon as OpenCore starts, may be
+  considered a security risk and thus is optional.
+
 \item
   \texttt{ExposeSensitiveData}\\
   \textbf{Type}: \texttt{plist\ integer}\\
@@ -3545,12 +3560,6 @@ and supplementary utilities can be used.
   --- USB keyboard driver adding the support of \texttt{AppleKeyMapAggregator} protocols
   on top of a custom USB keyboard driver implementation. This is an alternative to
   builtin \texttt{KeySupport}, which may work better or worse depending on the firmware.
-  \item \href{https://github.com/acidanthera/VirtualSMC}{\texttt{VirtualSmc}}
-  --- UEFI SMC driver, required for proper FileVault 2 functionality and potentially
-  other macOS specifics. An alternative, named \texttt{SMCHelper}, is not compatible
-  with \texttt{VirtualSmc} and OpenCore, which is unaware of its specific interfaces.
-  In case \texttt{FakeSMC} kernel extension is used, manual NVRAM variable addition
-  may be needed and \texttt{VirtualSmc} driver should still be used.
   \item \href{https://github.com/acidanthera/AppleSupportPkg}{\texttt{VBoxHfs}}
   --- HFS file system driver with bless support. This driver is an alternative to
   a closed source \texttt{HFSPlus} driver commonly found in Apple firmwares. While
@@ -3746,6 +3755,17 @@ build -a X64 -b RELEASE -t XCODE5 -p MdeModulePkg/MdeModulePkg.dsc
   \textbf{Description}: Reinstalls Apple Key Map protocols with builtin
   versions.
 
+\item
+  \texttt{AppleSmcIo}\\
+  \textbf{Type}: \texttt{plist\ boolean}\\
+  \textbf{Failsafe}: \texttt{false}\\
+  \textbf{Description}: Reinstalls Apple SMC I/O protocol with a builtin
+  version.
+
+  This protocol replaces legacy \texttt{VirtualSmc} UEFI driver, and is compatible
+  with any SMC kernel extension. However, in case \texttt{FakeSMC} kernel extension
+  is used, manual NVRAM key variable addition may be needed.
+
 \item
   \texttt{AppleUserInterfaceTheme}\\
   \textbf{Type}: \texttt{plist\ boolean}\\

Docs/Differences/Differences.tex

@@ -1,7 +1,7 @@
 \documentclass[]{article}
 %DIF LATEXDIFF DIFFERENCE FILE
 %DIF DEL PreviousConfiguration.tex   Tue Dec 10 15:40:50 2019
-%DIF ADD ../Configuration.tex        Sun Jan  5 21:08:43 2020
+%DIF ADD ../Configuration.tex        Mon Jan  6 15:57:19 2020
 
 \usepackage{lmodern}
 \usepackage{amssymb,amsmath}
@@ -2326,7 +2326,25 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
   showing \texttt{NVRAM Reset} entry in boot picker.
 
 \item
-  \texttt{ExposeSensitiveData}\\
+  \DIFaddbegin \texttt{\DIFadd{AuthRestart}}\\
+  \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\
+  \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\
+  \textbf{\DIFadd{Description}}\DIFadd{: Enable }\texttt{\DIFadd{VirtualSMC}}\DIFadd{-compatible authenticated restart.
+}
+
+  \DIFadd{Authenticated restart is a way to reboot FileVault 2 enabled macOS without entering
+  the password. To perform authenticated restart one can use a dedicated terminal
+  command: }\texttt{\DIFadd{sudo fdesetup authrestart}}\DIFadd{. It is also used when installing
+  operating system updates.
+}
+
+  \DIFadd{VirtualSMC performs authenticated restart by saving disk encryption key split in
+  NVRAM and RTC, which despite being removed as soon as OpenCore starts, may be
+  considered a security risk and thus is optional.
+}
+
+\item
+  \DIFaddend \texttt{ExposeSensitiveData}\\
   \textbf{Type}: \texttt{plist\ integer}\\
   \textbf{Failsafe}: \texttt{0x6}\\
   \textbf{Description}: Sensitive data exposure bitmask (sum) to operating system.
@@ -3619,13 +3637,20 @@ and supplementary utilities can be used.
   --- USB keyboard driver adding the support of \texttt{AppleKeyMapAggregator} protocols
   on top of a custom USB keyboard driver implementation. This is an alternative to
   builtin \texttt{KeySupport}, which may work better or worse depending on the firmware.
-  \item \href{https://github.com/acidanthera/VirtualSMC}{\texttt{VirtualSmc}}
-  --- UEFI SMC driver, required for proper FileVault 2 functionality and potentially
-  other macOS specifics. An alternative, named \texttt{SMCHelper}, is not compatible
-  with \texttt{VirtualSmc} and OpenCore, which is unaware of its specific interfaces.
-  In case \texttt{FakeSMC} kernel extension is used, manual NVRAM variable addition
-  may be needed and \texttt{VirtualSmc} driver should still be used.
-  \item \href{https://github.com/acidanthera/AppleSupportPkg}{\texttt{VBoxHfs}}
+  \item \DIFdelbegin %DIFDELCMD < \href{https://github.com/acidanthera/VirtualSMC}{\texttt{VirtualSmc}}
+%DIFDELCMD <   %%%
+\DIFdel{--- UEFI SMC driver, required for proper FileVault 2 functionality and potentially
+  other macOS specifics. An alternative, named }\texttt{\DIFdel{SMCHelper}}%DIFAUXCMD
+\DIFdel{, is not compatible
+  with }\texttt{\DIFdel{VirtualSmc}} %DIFAUXCMD
+\DIFdel{and OpenCore, which is unaware of its specific interfaces.
+  In case }\texttt{\DIFdel{FakeSMC}} %DIFAUXCMD
+\DIFdel{kernel extension is used, manual NVRAM variable addition
+  may be needed and }\texttt{\DIFdel{VirtualSmc}} %DIFAUXCMD
+\DIFdel{driver should still be used.
+  }%DIFDELCMD < \item %%%
+\item%DIFAUXCMD
+\DIFdelend \href{https://github.com/acidanthera/AppleSupportPkg}{\texttt{VBoxHfs}}
   --- HFS file system driver with bless support. This driver is an alternative to
   a closed source \texttt{HFSPlus} driver commonly found in Apple firmwares. While
   it is feature complete, it is approximately 3~times slower and is yet to undergo
@@ -3821,7 +3846,20 @@ build -a X64 -b RELEASE -t XCODE5 -p MdeModulePkg/MdeModulePkg.dsc
   versions.
 
 \item
-  \texttt{AppleUserInterfaceTheme}\\
+  \DIFaddbegin \texttt{\DIFadd{AppleSmcIo}}\\
+  \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\
+  \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\
+  \textbf{\DIFadd{Description}}\DIFadd{: Reinstalls Apple SMC I/O protocol with a builtin
+  version.
+}
+
+  \DIFadd{This protocol replaces legacy }\texttt{\DIFadd{VirtualSmc}} \DIFadd{UEFI driver, and is compatible
+  with any SMC kernel extension. However, in case }\texttt{\DIFadd{FakeSMC}} \DIFadd{kernel extension
+  is used, manual NVRAM key variable addition may be needed.
+}
+
+\item
+  \DIFaddend \texttt{AppleUserInterfaceTheme}\\
   \textbf{Type}: \texttt{plist\ boolean}\\
   \textbf{Failsafe}: \texttt{false}\\
   \textbf{Description}: Reinstalls Apple User Interface Theme protocol with a builtin

Docs/Sample.plist

@@ -600,6 +600,8 @@
 		<dict>
 			<key>AllowNvramReset</key>
 			<false/>
+			<key>AuthRestart</key>
+			<false/>
 			<key>ExposeSensitiveData</key>
 			<integer>6</integer>
 			<key>HaltLevel</key>
@@ -771,6 +773,8 @@
 			<false/>
 			<key>AppleKeyMap</key>
 			<false/>
+			<key>AppleSmcIo</key>
+			<false/>
 			<key>AppleUserInterfaceTheme</key>
 			<false/>
 			<key>ConsoleControl</key>

Docs/SampleFull.plist

@@ -600,6 +600,8 @@
 		<dict>
 			<key>AllowNvramReset</key>
 			<false/>
+			<key>AuthRestart</key>
+			<false/>
 			<key>ExposeSensitiveData</key>
 			<integer>6</integer>
 			<key>HaltLevel</key>
@@ -874,6 +876,8 @@
 			<false/>
 			<key>AppleKeyMap</key>
 			<false/>
+			<key>AppleSmcIo</key>
+			<false/>
 			<key>AppleUserInterfaceTheme</key>
 			<false/>
 			<key>ConsoleControl</key>

OpenCorePkg.dsc

@@ -90,6 +90,7 @@
   OcRtcLib|OcSupportPkg/Library/OcRtcLib/OcRtcLib.inf
   OcSerializeLib|OcSupportPkg/Library/OcSerializeLib/OcSerializeLib.inf
   OcSmbiosLib|OcSupportPkg/Library/OcSmbiosLib/OcSmbiosLib.inf
+  OcSmcLib|OcSupportPkg/Library/OcSmcLib/OcSmcLib.inf
   OcStorageLib|OcSupportPkg/Library/OcStorageLib/OcStorageLib.inf
   OcStringLib|OcSupportPkg/Library/OcStringLib/OcStringLib.inf
   OcTemplateLib|OcSupportPkg/Library/OcTemplateLib/OcTemplateLib.inf

Platform/OpenCore/OpenCore.inf

@@ -90,6 +90,7 @@
   OcMiscLib
   OcOSInfoLib
   OcSmbiosLib
+  OcSmcLib
   OcStorageLib
   OcUnicodeCollationEngLib
   OcVirtualFsLib

Platform/OpenCore/OpenCoreUefi.c

@@ -34,6 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/OcFirmwareVolumeLib.h>
 #include <Library/OcHashServicesLib.h>
 #include <Library/OcMiscLib.h>
+#include <Library/OcSmcLib.h>
 #include <Library/OcOSInfoLib.h>
 #include <Library/OcUnicodeCollationEngLib.h>
 #include <Library/PrintLib.h>
@@ -304,6 +305,10 @@ OcReinstallProtocols (
     DEBUG ((DEBUG_ERROR, "OC: Failed to install image conversion protocol\n"));
   }
 
+  if (OcSmcIoInstallProtocol (Config->Uefi.Protocols.AppleSmcIo, Config->Misc.Security.AuthRestart) == NULL) {
+    DEBUG ((DEBUG_ERROR, "OC: Failed to install smc i/o protocol\n"));
+  }
+
   if (OcAppleUserInterfaceThemeInstallProtocol (Config->Uefi.Protocols.AppleUserInterfaceTheme) == NULL) {
     DEBUG ((DEBUG_ERROR, "OC: Failed to install user interface theme protocol\n"));
   }