mirror of
https://github.com/acidanthera/OpenCorePkg.git
synced 2025-12-08 19:25:01 +00:00
OcVariableRuntimeDxe: Minor updates to comment lines and docs
This commit is contained in:
MikeBeaton
parent
2bf83a1cc5
commit
c9ba16fb98
@ -1 +1 @@
|
|||||||
099da6a2cb197e5be23a304b2fdb0af5
|
b69e893d885e6cd6904e007721e87592
|
||||||
|
|||||||
Binary file not shown.
@ -7064,11 +7064,14 @@ as the value for the following three GUID keys in \texttt{LegacySchema}:
|
|||||||
\item 7C436110-AB2A-4BBB-A880-FE41995C9F82
|
\item 7C436110-AB2A-4BBB-A880-FE41995C9F82
|
||||||
\item 8BE4DF61-93CA-11D2-AA0D-00E098032B8C
|
\item 8BE4DF61-93CA-11D2-AA0D-00E098032B8C
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
This enables all variables saved by \texttt{Launchd.command}, and additionally all arbitrary user
|
This enables all variables saved by \texttt{Launchd.command} to be saved to \texttt{nvram.plist},
|
||||||
test variables (e.g. as set by \texttt{sudo nvram foo="bar"}), to be saved to \texttt{nvram.plist}.
|
therefore it allows all arbitrary user test variables (e.g. as set by \texttt{sudo nvram foo=bar})
|
||||||
However, once set up, only allowing strictly required variables (as shown in OpenCore's sample
|
to be saved. Using this permissive policy is also future-proof against any changes in the variables
|
||||||
\texttt{.plist} files) is considerably more secure, and please note the following warning about the
|
which need to be passed from macOS update setup to the \texttt{macOS Installer} stage, in order for
|
||||||
overall security of loading nvram variables from a non-vaulted file.
|
it to succeed.
|
||||||
|
Nevertheless, once emulated NVRAM is set up, only allowing known strictly required variables
|
||||||
|
(as shown in OpenCore's sample \texttt{.plist} files) is considerably more secure. See also the
|
||||||
|
following warning about the overall security of loading NVRAM variables from a non-vaulted file.
|
||||||
|
|
||||||
\textbf{Warning}: The ability to load NVRAM from a file on disk can be dangerous, as it
|
\textbf{Warning}: The ability to load NVRAM from a file on disk can be dangerous, as it
|
||||||
passes unprotected data to firmware variable services. Only use when no hardware NVRAM
|
passes unprotected data to firmware variable services. Only use when no hardware NVRAM
|
||||||
|
|||||||
Binary file not shown.
@ -1,7 +1,7 @@
|
|||||||
\documentclass[]{article}
|
\documentclass[]{article}
|
||||||
%DIF LATEXDIFF DIFFERENCE FILE
|
%DIF LATEXDIFF DIFFERENCE FILE
|
||||||
%DIF DEL PreviousConfiguration.tex Wed Jul 27 21:20:07 2022
|
%DIF DEL PreviousConfiguration.tex Wed Jul 27 21:20:07 2022
|
||||||
%DIF ADD ../Configuration.tex Thu Jul 28 23:20:08 2022
|
%DIF ADD ../Configuration.tex Sat Jul 30 08:47:48 2022
|
||||||
|
|
||||||
\usepackage{lmodern}
|
\usepackage{lmodern}
|
||||||
\usepackage{amssymb,amsmath}
|
\usepackage{amssymb,amsmath}
|
||||||
@ -7328,11 +7328,14 @@ root }\texttt{\DIFadd{plist\ dictionary}} \DIFadd{type and contain two fields:
|
|||||||
}\item \DIFadd{7C436110-AB2A-4BBB-A880-FE41995C9F82
|
}\item \DIFadd{7C436110-AB2A-4BBB-A880-FE41995C9F82
|
||||||
}\item \DIFadd{8BE4DF61-93CA-11D2-AA0D-00E098032B8C
|
}\item \DIFadd{8BE4DF61-93CA-11D2-AA0D-00E098032B8C
|
||||||
}\end{itemize}
|
}\end{itemize}
|
||||||
\DIFadd{This enables all variables saved by }\texttt{\DIFadd{Launchd.command}}\DIFadd{, and additionally all arbitrary user
|
\DIFadd{This enables all variables saved by }\texttt{\DIFadd{Launchd.command}} \DIFadd{to be saved to }\texttt{\DIFadd{nvram.plist}}\DIFadd{,
|
||||||
test variables (e.g. as set by }\texttt{\DIFadd{sudo nvram foo="bar"}}\DIFadd{), to be saved to }\texttt{\DIFadd{nvram.plist}}\DIFadd{.
|
therefore it allows all arbitrary user test variables (e.g. as set by }\texttt{\DIFadd{sudo nvram foo=bar}}\DIFadd{)
|
||||||
However, once set up, only allowing strictly required variables (as shown in OpenCore's sample
|
to be saved. Using this permissive policy is also future-proof against any changes in the variables
|
||||||
}\texttt{\DIFadd{.plist}} \DIFadd{files) is considerably more secure, and please note the following warning about the
|
which need to be passed from macOS update setup to the }\texttt{\DIFadd{macOS Installer}} \DIFadd{stage, in order for
|
||||||
overall security of loading nvram variables from a non-vaulted file.
|
it to succeed.
|
||||||
|
Nevertheless, once emulated NVRAM is set up, only allowing known strictly required variables
|
||||||
|
(as shown in OpenCore's sample }\texttt{\DIFadd{.plist}} \DIFadd{files) is considerably more secure. See also the
|
||||||
|
following warning about the overall security of loading NVRAM variables from a non-vaulted file.
|
||||||
}
|
}
|
||||||
|
|
||||||
\textbf{\DIFadd{Warning}}\DIFadd{: The ability to load NVRAM from a file on disk can be dangerous, as it
|
\textbf{\DIFadd{Warning}}\DIFadd{: The ability to load NVRAM from a file on disk can be dangerous, as it
|
||||||
|
|||||||
Binary file not shown.
@ -1,6 +1,5 @@
|
|||||||
/** @file
|
/** @file
|
||||||
Copyright (C) 2019, vit9696. All rights reserved.<BR>
|
Copyright (C) 2019-2022, vit9696, mikebeaton. All rights reserved.<BR>
|
||||||
Copyright (C) 2021, Mike Beaton. All rights reserved.<BR>
|
|
||||||
SPDX-License-Identifier: BSD-3-Clause
|
SPDX-License-Identifier: BSD-3-Clause
|
||||||
**/
|
**/
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/** @file
|
/** @file
|
||||||
Manage Apple SIP variable csr-active-config.
|
Manage Apple SIP variable csr-active-config.
|
||||||
|
|
||||||
Copyright (C) 2022, mikebeaton. All rights reserved.<BR>
|
Copyright (C) 2021-2022, Mike Beaton. All rights reserved.<BR>
|
||||||
SPDX-License-Identifier: BSD-3-Clause
|
SPDX-License-Identifier: BSD-3-Clause
|
||||||
**/
|
**/
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user