Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OcAppleKernelLib: Support for PageableKC/SysKC injection #385

Closed
wants to merge 2 commits into from
Closed

OcAppleKernelLib: Support for PageableKC/SysKC injection #385

wants to merge 2 commits into from

Conversation

flagersgit
Copy link

In Ventura, Apple has decided to remove kext binaries from the root volume and require KDK installation in order to generate a new PageableKC/SysKC via kmutil.

The Auxiliary KC remains able to be created without the need of KDK installation, however this is not viable for use cases where kexts in the SysKC must be removed or supplanted.

This is particularly problematic for projects such as OpenCore Legacy Patcher where automation is key and the KDK download is locked behind Apple ID authentication.

Such a feature as this, aside from solving the above problem, opens the door to "vanilla" injection of kexts which have linkage requirements for other kexts which are in the SysKC (e.g. IOGraphicsFamily for a hypothetical fully-featured framebuffer driver from MacHyperVSupport).

While this feature is meant to run in primarily non-UEFI environments1, it ideally should also be functional in a UEFI2 (given a SysKC separately), even if not exposed through the configuration.

Design Goals

  • Functional from UEFI, User-space, and XNU/kernel-space itself (compiled as an external module).
  • If being used from kernel-space, it ideally must be able to use the booted kernel cache3
  1. (continued)...non-UEFI environments, such as user space or kernel space itself by hooking OSKext's and other related routines.
  2. It would not be practical to use this in UEFI as the kexts which reside, or need to reside, in the SysKC are typically much larger (e.g. containing firmware blobs, etc.) and would not fit on the ESP.
    There is no mechanism in UEFI to link an APFS Preboot volume folder (where the BootKC resides) to its paired System volume (where the SysKC resides).
    Further, exposing a modified KC in its entirety to XNU's OSKext would be cumbersome and likely waste memory.
  3. This is so that one may "chain" injections. For example, downgrading IOSurface in BootKC from OpenCore by blocking with Exclude strategy and re-injecting, then from kernel-space (with whichever out-of-scope component may do this) downgrading IOAcceleratorFamily by the same procedure.

PMheart
PMheart reviewed Sep 18, 2022
View reviewed changes
.gitignore
@@ -87,3 +87,4 @@ Utilities/TestProcessKernel/OC/*
Utilities/TestProcessKernel/ProcessKernel
Utilities/TestNtfsDxe/TestNtfsDxe
Utilities/TestExt4Dxe/TestExt4Dxe
Utilities/TestPageableInject/PageableInject
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing newline; same below.

PMheart
PMheart reviewed Sep 18, 2022
View reviewed changes
Utilities/TestPageableInject/Makefile
zlib_uefi.o \
zutil.o
VPATH = ../../Library/OcAppleKernelLib:$\
../../Library/OcCompressionLib/lzss:$\
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indentation.

@mhaeuser mhaeuser closed this Apr 13, 2023
This was referenced Apr 16, 2023
Closed
Closed
@flagersgit flagersgit deleted the pageablekc-support branch August 16, 2023 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PMheart PMheart PMheart left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@flagersgit @PMheart @mhaeuser