archive-gh-me/OpenCorePkg
1
0
Fork 0
mirror of https://github.com/acidanthera/OpenCorePkg.git synced 2025-12-08 19:25:01 +00:00
Code Issues Projects Releases Wiki Activity

OcVariableRuntimeDxe: Minor updates to comment lines and docs

Browse Source
This commit is contained in:
MikeBeaton 2022-07-30 08:50:57 +01:00
parent 2bf83a1cc5
commit c9ba16fb98
8 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Docs/Configuration.md5
View File

@ -1 +1 @@
099da6a2cb197e5be23a304b2fdb0af5
b69e893d885e6cd6904e007721e87592

BIN
Docs/Configuration.pdf
View File

Binary file not shown.

13
Docs/Configuration.tex
View File

@ -7064,11 +7064,14 @@ as the value for the following three GUID keys in \texttt{LegacySchema}:
\item 7C436110-AB2A-4BBB-A880-FE41995C9F82
\item 8BE4DF61-93CA-11D2-AA0D-00E098032B8C
\end{itemize}
This enables all variables saved by \texttt{Launchd.command}, and additionally all arbitrary user
test variables (e.g. as set by \texttt{sudo nvram foo="bar"}), to be saved to \texttt{nvram.plist}.
However, once set up, only allowing strictly required variables (as shown in OpenCore's sample
\texttt{.plist} files) is considerably more secure, and please note the following warning about the
overall security of loading nvram variables from a non-vaulted file.
This enables all variables saved by \texttt{Launchd.command} to be saved to \texttt{nvram.plist},
therefore it allows all arbitrary user test variables (e.g. as set by \texttt{sudo nvram foo=bar})
to be saved. Using this permissive policy is also future-proof against any changes in the variables
which need to be passed from macOS update setup to the \texttt{macOS Installer} stage, in order for
it to succeed.
Nevertheless, once emulated NVRAM is set up, only allowing known strictly required variables
(as shown in OpenCore's sample \texttt{.plist} files) is considerably more secure. See also the
following warning about the overall security of loading NVRAM variables from a non-vaulted file.
\textbf{Warning}: The ability to load NVRAM from a file on disk can be dangerous, as it
passes unprotected data to firmware variable services. Only use when no hardware NVRAM

BIN
Docs/Differences/Differences.pdf
View File

Binary file not shown.

15
Docs/Differences/Differences.tex
View File

@ -1,7 +1,7 @@
\documentclass[]{article}
%DIF LATEXDIFF DIFFERENCE FILE
%DIF DEL PreviousConfiguration.tex Wed Jul 27 21:20:07 2022
%DIF ADD ../Configuration.tex Thu Jul 28 23:20:08 2022
%DIF ADD ../Configuration.tex Sat Jul 30 08:47:48 2022
\usepackage{lmodern}
\usepackage{amssymb,amsmath}
@ -7328,11 +7328,14 @@ root }\texttt{\DIFadd{plist\ dictionary}} \DIFadd{type and contain two fields:
}\item \DIFadd{7C436110-AB2A-4BBB-A880-FE41995C9F82
}\item \DIFadd{8BE4DF61-93CA-11D2-AA0D-00E098032B8C
}\end{itemize}
\DIFadd{This enables all variables saved by }\texttt{\DIFadd{Launchd.command}}\DIFadd{, and additionally all arbitrary user
test variables (e.g. as set by }\texttt{\DIFadd{sudo nvram foo="bar"}}\DIFadd{), to be saved to }\texttt{\DIFadd{nvram.plist}}\DIFadd{.
However, once set up, only allowing strictly required variables (as shown in OpenCore's sample
}\texttt{\DIFadd{.plist}} \DIFadd{files) is considerably more secure, and please note the following warning about the
overall security of loading nvram variables from a non-vaulted file.
\DIFadd{This enables all variables saved by }\texttt{\DIFadd{Launchd.command}} \DIFadd{to be saved to }\texttt{\DIFadd{nvram.plist}}\DIFadd{,
therefore it allows all arbitrary user test variables (e.g. as set by }\texttt{\DIFadd{sudo nvram foo=bar}}\DIFadd{)
to be saved. Using this permissive policy is also future-proof against any changes in the variables
which need to be passed from macOS update setup to the }\texttt{\DIFadd{macOS Installer}} \DIFadd{stage, in order for
it to succeed.
Nevertheless, once emulated NVRAM is set up, only allowing known strictly required variables
(as shown in OpenCore's sample }\texttt{\DIFadd{.plist}} \DIFadd{files) is considerably more secure. See also the
following warning about the overall security of loading NVRAM variables from a non-vaulted file.
}
\textbf{\DIFadd{Warning}}\DIFadd{: The ability to load NVRAM from a file on disk can be dangerous, as it

BIN
Docs/Errata/Errata.pdf
View File

Binary file not shown.

3
Include/Acidanthera/Library/OcBootManagementLib.h
View File

@ -1,6 +1,5 @@
/** @file
Copyright (C) 2019, vit9696. All rights reserved.<BR>
Copyright (C) 2021, Mike Beaton. All rights reserved.<BR>
Copyright (C) 2019-2022, vit9696, mikebeaton. All rights reserved.<BR>
SPDX-License-Identifier: BSD-3-Clause
**/

2
Library/OcVariableLib/Sip.c
View File

@ -1,7 +1,7 @@
/** @file
Manage Apple SIP variable csr-active-config.
Copyright (C) 2022, mikebeaton. All rights reserved.<BR>
Copyright (C) 2021-2022, Mike Beaton. All rights reserved.<BR>
SPDX-License-Identifier: BSD-3-Clause
**/