OcAppleImg4Lib: Added missing Secure Boot NVRAM variables for 11.0

vit9696 · vit9696 · commit 1b0041493d46 · 2020-11-01T04:00:38.000+03:00
diff --git a/Changelog.md b/Changelog.md
@@ -23,7 +23,8 @@ OpenCore Changelog
 - Add `ForceResolution` option for enabling non-default resolutions
 - Fixed Ps2MouseDxe not properly loading under OpenDuetPkg
 - Added workaround for read-only errors on some X299 boards
-- Added support for `x86legacy` secure boot model
+- Added support for `x86legacy` Secure Boot model
+- Added missing Secure Boot NVRAM variables required by 11.0
 
 #### v0.6.2
 - Updated builtin firmware versions for SMBIOS and the rest
diff --git a/Library/OcAppleImg4Lib/OcAppleImg4Lib.c b/Library/OcAppleImg4Lib/OcAppleImg4Lib.c
@@ -40,6 +40,7 @@ typedef struct OC_SB_MODEL_DESC_ {
   UINT32       BoardId;
 } OC_SB_MODEL_DESC;
 
+STATIC CHAR8 mCryptoDigestMethod[16] = "sha2-384";
 STATIC DERImg4Environment mEnvInfo;
 STATIC CONST CHAR8 *mModelDefault = "j137";
 ///
@@ -362,6 +363,7 @@ OcAppleImg4BootstrapValues (
   mEnvInfo.effectiveSecurityMode      = 1;
   mEnvInfo.internalUseOnlyUnit        = FALSE;
   mEnvInfo.xugs                       = 1;
+  mEnvInfo.allowMixNMatch             = FALSE;
 
   //
   // Expose all the variables via NVRAM.
@@ -388,6 +390,17 @@ OcAppleImg4BootstrapValues (
     return Status;
   }
 
+  Status = gRT->SetVariable (
+    L"CertificateEpoch",
+    &gAppleSecureBootVariableGuid,
+    EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+    sizeof (mEnvInfo.certificateEpoch),
+    &mEnvInfo.certificateEpoch
+    );
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
   Status = gRT->SetVariable (
     L"ApBoardID",
     &gAppleSecureBootVariableGuid,
@@ -465,6 +478,30 @@ OcAppleImg4BootstrapValues (
     return Status;
   }
 
+  Status = gRT->SetVariable (
+    L"ApMixNMatchPreventionStatus",
+    &gAppleSecureBootVariableGuid,
+    EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+    sizeof (mEnvInfo.allowMixNMatch),
+    &mEnvInfo.allowMixNMatch
+    );
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  Status = gRT->SetVariable (
+    L"CryptoDigestMethod",
+    &gAppleSecureBootVariableGuid,
+    EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+    sizeof (mCryptoDigestMethod),
+    &mCryptoDigestMethod
+    );
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  
+
   return EFI_SUCCESS;
 }
 
