Skip to content

Commit

Permalink
OcAppleImg4Lib: Added missing Secure Boot NVRAM variables for 11.0
Browse files Browse the repository at this point in the history
  • Loading branch information
vit9696 committed Nov 1, 2020
1 parent ba10b5d commit 1b00414
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 1 deletion.
3 changes: 2 additions & 1 deletion Changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ OpenCore Changelog
- Add `ForceResolution` option for enabling non-default resolutions
- Fixed Ps2MouseDxe not properly loading under OpenDuetPkg
- Added workaround for read-only errors on some X299 boards
- Added support for `x86legacy` secure boot model
- Added support for `x86legacy` Secure Boot model
- Added missing Secure Boot NVRAM variables required by 11.0

#### v0.6.2
- Updated builtin firmware versions for SMBIOS and the rest
Expand Down
37 changes: 37 additions & 0 deletions Library/OcAppleImg4Lib/OcAppleImg4Lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ typedef struct OC_SB_MODEL_DESC_ {
UINT32 BoardId;
} OC_SB_MODEL_DESC;

STATIC CHAR8 mCryptoDigestMethod[16] = "sha2-384";
STATIC DERImg4Environment mEnvInfo;
STATIC CONST CHAR8 *mModelDefault = "j137";
///
Expand Down Expand Up @@ -362,6 +363,7 @@ OcAppleImg4BootstrapValues (
mEnvInfo.effectiveSecurityMode = 1;
mEnvInfo.internalUseOnlyUnit = FALSE;
mEnvInfo.xugs = 1;
mEnvInfo.allowMixNMatch = FALSE;

//
// Expose all the variables via NVRAM.
Expand All @@ -388,6 +390,17 @@ OcAppleImg4BootstrapValues (
return Status;
}

Status = gRT->SetVariable (
L"CertificateEpoch",
&gAppleSecureBootVariableGuid,
EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
sizeof (mEnvInfo.certificateEpoch),
&mEnvInfo.certificateEpoch
);
if (EFI_ERROR (Status)) {
return Status;
}

Status = gRT->SetVariable (
L"ApBoardID",
&gAppleSecureBootVariableGuid,
Expand Down Expand Up @@ -465,6 +478,30 @@ OcAppleImg4BootstrapValues (
return Status;
}

Status = gRT->SetVariable (
L"ApMixNMatchPreventionStatus",
&gAppleSecureBootVariableGuid,
EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
sizeof (mEnvInfo.allowMixNMatch),
&mEnvInfo.allowMixNMatch
);
if (EFI_ERROR (Status)) {
return Status;
}

Status = gRT->SetVariable (
L"CryptoDigestMethod",
&gAppleSecureBootVariableGuid,
EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
sizeof (mCryptoDigestMethod),
&mCryptoDigestMethod
);
if (EFI_ERROR (Status)) {
return Status;
}



return EFI_SUCCESS;
}

Expand Down

0 comments on commit 1b00414

Please sign in to comment.