diff --git a/Changelog.md b/Changelog.md index 0b2b34ee..4134ae07 100644 --- a/Changelog.md +++ b/Changelog.md @@ -11,6 +11,8 @@ OpenCore Changelog - Added `SupportsCsm` and option in `PlatformInfo/Generic` - Added `OSInfo` protocol support - Added `SignalAppleOS` `Booter` quirk to enable IGPU on Macs in other OS +- Added `AppleSmcIo`protocol support (replaces `VirtualSmc` UEFI driver) +- Added `AuthRestart` security property for VirtualSMC authenticated restart #### v0.5.3 - Update builtin firmware versions diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf index 9ba89462..61548dbd 100644 Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex index 6c778f66..d72408c2 100755 --- a/Docs/Configuration.tex +++ b/Docs/Configuration.tex @@ -2258,6 +2258,21 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log | \textbf{Description}: Allow \texttt{CMD+OPT+P+R} handling and enable showing \texttt{NVRAM Reset} entry in boot picker. +\item + \texttt{AuthRestart}\\ + \textbf{Type}: \texttt{plist\ boolean}\\ + \textbf{Failsafe}: \texttt{false}\\ + \textbf{Description}: Enable \texttt{VirtualSMC}-compatible authenticated restart. + + Authenticated restart is a way to reboot FileVault 2 enabled macOS without entering + the password. To perform authenticated restart one can use a dedicated terminal + command: \texttt{sudo fdesetup authrestart}. It is also used when installing + operating system updates. + + VirtualSMC performs authenticated restart by saving disk encryption key split in + NVRAM and RTC, which despite being removed as soon as OpenCore starts, may be + considered a security risk and thus is optional. + \item \texttt{ExposeSensitiveData}\\ \textbf{Type}: \texttt{plist\ integer}\\ @@ -3545,12 +3560,6 @@ and supplementary utilities can be used. --- USB keyboard driver adding the support of \texttt{AppleKeyMapAggregator} protocols on top of a custom USB keyboard driver implementation. This is an alternative to builtin \texttt{KeySupport}, which may work better or worse depending on the firmware. - \item \href{https://github.com/acidanthera/VirtualSMC}{\texttt{VirtualSmc}} - --- UEFI SMC driver, required for proper FileVault 2 functionality and potentially - other macOS specifics. An alternative, named \texttt{SMCHelper}, is not compatible - with \texttt{VirtualSmc} and OpenCore, which is unaware of its specific interfaces. - In case \texttt{FakeSMC} kernel extension is used, manual NVRAM variable addition - may be needed and \texttt{VirtualSmc} driver should still be used. \item \href{https://github.com/acidanthera/AppleSupportPkg}{\texttt{VBoxHfs}} --- HFS file system driver with bless support. This driver is an alternative to a closed source \texttt{HFSPlus} driver commonly found in Apple firmwares. While @@ -3746,6 +3755,17 @@ build -a X64 -b RELEASE -t XCODE5 -p MdeModulePkg/MdeModulePkg.dsc \textbf{Description}: Reinstalls Apple Key Map protocols with builtin versions. +\item + \texttt{AppleSmcIo}\\ + \textbf{Type}: \texttt{plist\ boolean}\\ + \textbf{Failsafe}: \texttt{false}\\ + \textbf{Description}: Reinstalls Apple SMC I/O protocol with a builtin + version. + + This protocol replaces legacy \texttt{VirtualSmc} UEFI driver, and is compatible + with any SMC kernel extension. However, in case \texttt{FakeSMC} kernel extension + is used, manual NVRAM key variable addition may be needed. + \item \texttt{AppleUserInterfaceTheme}\\ \textbf{Type}: \texttt{plist\ boolean}\\ diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf index 8ce4ddeb..4229d5b1 100644 Binary files a/Docs/Differences/Differences.pdf and b/Docs/Differences/Differences.pdf differ diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex index 463ae6ed..e991fb4e 100644 --- a/Docs/Differences/Differences.tex +++ b/Docs/Differences/Differences.tex @@ -1,7 +1,7 @@ \documentclass[]{article} %DIF LATEXDIFF DIFFERENCE FILE %DIF DEL PreviousConfiguration.tex Tue Dec 10 15:40:50 2019 -%DIF ADD ../Configuration.tex Sun Jan 5 21:08:43 2020 +%DIF ADD ../Configuration.tex Mon Jan 6 15:57:19 2020 \usepackage{lmodern} \usepackage{amssymb,amsmath} @@ -2326,7 +2326,25 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log | showing \texttt{NVRAM Reset} entry in boot picker. \item - \texttt{ExposeSensitiveData}\\ + \DIFaddbegin \texttt{\DIFadd{AuthRestart}}\\ + \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\ + \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\ + \textbf{\DIFadd{Description}}\DIFadd{: Enable }\texttt{\DIFadd{VirtualSMC}}\DIFadd{-compatible authenticated restart. +} + + \DIFadd{Authenticated restart is a way to reboot FileVault 2 enabled macOS without entering + the password. To perform authenticated restart one can use a dedicated terminal + command: }\texttt{\DIFadd{sudo fdesetup authrestart}}\DIFadd{. It is also used when installing + operating system updates. +} + + \DIFadd{VirtualSMC performs authenticated restart by saving disk encryption key split in + NVRAM and RTC, which despite being removed as soon as OpenCore starts, may be + considered a security risk and thus is optional. +} + +\item + \DIFaddend \texttt{ExposeSensitiveData}\\ \textbf{Type}: \texttt{plist\ integer}\\ \textbf{Failsafe}: \texttt{0x6}\\ \textbf{Description}: Sensitive data exposure bitmask (sum) to operating system. @@ -3619,13 +3637,20 @@ and supplementary utilities can be used. --- USB keyboard driver adding the support of \texttt{AppleKeyMapAggregator} protocols on top of a custom USB keyboard driver implementation. This is an alternative to builtin \texttt{KeySupport}, which may work better or worse depending on the firmware. - \item \href{https://github.com/acidanthera/VirtualSMC}{\texttt{VirtualSmc}} - --- UEFI SMC driver, required for proper FileVault 2 functionality and potentially - other macOS specifics. An alternative, named \texttt{SMCHelper}, is not compatible - with \texttt{VirtualSmc} and OpenCore, which is unaware of its specific interfaces. - In case \texttt{FakeSMC} kernel extension is used, manual NVRAM variable addition - may be needed and \texttt{VirtualSmc} driver should still be used. - \item \href{https://github.com/acidanthera/AppleSupportPkg}{\texttt{VBoxHfs}} + \item \DIFdelbegin %DIFDELCMD < \href{https://github.com/acidanthera/VirtualSMC}{\texttt{VirtualSmc}} +%DIFDELCMD < %%% +\DIFdel{--- UEFI SMC driver, required for proper FileVault 2 functionality and potentially + other macOS specifics. An alternative, named }\texttt{\DIFdel{SMCHelper}}%DIFAUXCMD +\DIFdel{, is not compatible + with }\texttt{\DIFdel{VirtualSmc}} %DIFAUXCMD +\DIFdel{and OpenCore, which is unaware of its specific interfaces. + In case }\texttt{\DIFdel{FakeSMC}} %DIFAUXCMD +\DIFdel{kernel extension is used, manual NVRAM variable addition + may be needed and }\texttt{\DIFdel{VirtualSmc}} %DIFAUXCMD +\DIFdel{driver should still be used. + }%DIFDELCMD < \item %%% +\item%DIFAUXCMD +\DIFdelend \href{https://github.com/acidanthera/AppleSupportPkg}{\texttt{VBoxHfs}} --- HFS file system driver with bless support. This driver is an alternative to a closed source \texttt{HFSPlus} driver commonly found in Apple firmwares. While it is feature complete, it is approximately 3~times slower and is yet to undergo @@ -3821,7 +3846,20 @@ build -a X64 -b RELEASE -t XCODE5 -p MdeModulePkg/MdeModulePkg.dsc versions. \item - \texttt{AppleUserInterfaceTheme}\\ + \DIFaddbegin \texttt{\DIFadd{AppleSmcIo}}\\ + \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\ + \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\ + \textbf{\DIFadd{Description}}\DIFadd{: Reinstalls Apple SMC I/O protocol with a builtin + version. +} + + \DIFadd{This protocol replaces legacy }\texttt{\DIFadd{VirtualSmc}} \DIFadd{UEFI driver, and is compatible + with any SMC kernel extension. However, in case }\texttt{\DIFadd{FakeSMC}} \DIFadd{kernel extension + is used, manual NVRAM key variable addition may be needed. +} + +\item + \DIFaddend \texttt{AppleUserInterfaceTheme}\\ \textbf{Type}: \texttt{plist\ boolean}\\ \textbf{Failsafe}: \texttt{false}\\ \textbf{Description}: Reinstalls Apple User Interface Theme protocol with a builtin diff --git a/Docs/Sample.plist b/Docs/Sample.plist index 739fc7df..cea705e1 100644 --- a/Docs/Sample.plist +++ b/Docs/Sample.plist @@ -600,6 +600,8 @@ AllowNvramReset + AuthRestart + ExposeSensitiveData 6 HaltLevel @@ -771,6 +773,8 @@ AppleKeyMap + AppleSmcIo + AppleUserInterfaceTheme ConsoleControl diff --git a/Docs/SampleFull.plist b/Docs/SampleFull.plist index 79ac8769..1f885954 100644 --- a/Docs/SampleFull.plist +++ b/Docs/SampleFull.plist @@ -600,6 +600,8 @@ AllowNvramReset + AuthRestart + ExposeSensitiveData 6 HaltLevel @@ -874,6 +876,8 @@ AppleKeyMap + AppleSmcIo + AppleUserInterfaceTheme ConsoleControl diff --git a/OpenCorePkg.dsc b/OpenCorePkg.dsc index b7f54302..db0e898e 100755 --- a/OpenCorePkg.dsc +++ b/OpenCorePkg.dsc @@ -90,6 +90,7 @@ OcRtcLib|OcSupportPkg/Library/OcRtcLib/OcRtcLib.inf OcSerializeLib|OcSupportPkg/Library/OcSerializeLib/OcSerializeLib.inf OcSmbiosLib|OcSupportPkg/Library/OcSmbiosLib/OcSmbiosLib.inf + OcSmcLib|OcSupportPkg/Library/OcSmcLib/OcSmcLib.inf OcStorageLib|OcSupportPkg/Library/OcStorageLib/OcStorageLib.inf OcStringLib|OcSupportPkg/Library/OcStringLib/OcStringLib.inf OcTemplateLib|OcSupportPkg/Library/OcTemplateLib/OcTemplateLib.inf diff --git a/Platform/OpenCore/OpenCore.inf b/Platform/OpenCore/OpenCore.inf index 7f45cc68..9537e8df 100644 --- a/Platform/OpenCore/OpenCore.inf +++ b/Platform/OpenCore/OpenCore.inf @@ -90,6 +90,7 @@ OcMiscLib OcOSInfoLib OcSmbiosLib + OcSmcLib OcStorageLib OcUnicodeCollationEngLib OcVirtualFsLib diff --git a/Platform/OpenCore/OpenCoreUefi.c b/Platform/OpenCore/OpenCoreUefi.c index ba40f8ad..f4e8b0ad 100644 --- a/Platform/OpenCore/OpenCoreUefi.c +++ b/Platform/OpenCore/OpenCoreUefi.c @@ -34,6 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include #include #include @@ -304,6 +305,10 @@ OcReinstallProtocols ( DEBUG ((DEBUG_ERROR, "OC: Failed to install image conversion protocol\n")); } + if (OcSmcIoInstallProtocol (Config->Uefi.Protocols.AppleSmcIo, Config->Misc.Security.AuthRestart) == NULL) { + DEBUG ((DEBUG_ERROR, "OC: Failed to install smc i/o protocol\n")); + } + if (OcAppleUserInterfaceThemeInstallProtocol (Config->Uefi.Protocols.AppleUserInterfaceTheme) == NULL) { DEBUG ((DEBUG_ERROR, "OC: Failed to install user interface theme protocol\n")); }