OcBootManagementLib: Added BlacklistAppleUpdate to fix update optout

closes acidanthera/bugtraker#1255
hoangnova · Nov 4, 2020 · 3998399 · 3998399
1 parent e39f07e
commit 3998399
Show file tree

Hide file tree

Showing 15 changed files with 185 additions and 12 deletions.
diff --git a/Changelog.md b/Changelog.md
@@ -1,5 +1,9 @@
 OpenCore Changelog
 ==================
+
+#### v0.6.4
+- Added `BlacklistAppleUpdate` to fix 11.0 broken update optout
+
 #### v0.6.3
 - Added support for xml comments in plist files
 - Updated underlying EDK II package to edk2-stable202008

diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf
diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex
@@ -3376,6 +3376,17 @@ \subsection{Security Properties}\label{miscsecurityprops}
   NVRAM and RTC, which despite being removed as soon as OpenCore starts, may be
   considered a security risk and thus is optional.
 
+\item
+  \texttt{BlacklistAppleUpdate}\\
+  \textbf{Type}: \texttt{plist\ boolean}\\
+  \textbf{Failsafe}: \texttt{false}\\
+  \textbf{Description}: Ignore boot options trying to update Apple peripheral firmware
+  (e.g. \texttt{MultiUpdater.efi}).
+
+  \emph{Note}: This option exists due to some operating systems, namely macOS Big Sur,
+  being \href{https://github.com/acidanthera/bugtracker/issues/1255}{incapable} of
+  disabling firmware updates with the NVRAM variable (\texttt{run-efi-updater}).
+
 \item
   \texttt{BootProtect}\\
   \textbf{Type}: \texttt{plist\ string}\\

diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf
diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex
@@ -1,7 +1,7 @@
 \documentclass[]{article}
 %DIF LATEXDIFF DIFFERENCE FILE
-%DIF DEL PreviousConfiguration.tex   Tue Nov  3 14:21:51 2020
-%DIF ADD ../Configuration.tex        Tue Nov  3 14:25:08 2020
+%DIF DEL PreviousConfiguration.tex   Wed Nov  4 05:07:23 2020
+%DIF ADD ../Configuration.tex        Wed Nov  4 12:01:16 2020
 
 \usepackage{lmodern}
 \usepackage{amssymb,amsmath}
@@ -3437,7 +3437,20 @@ \subsection{Security Properties}\label{miscsecurityprops}
   considered a security risk and thus is optional.
 
 \item
-  \texttt{BootProtect}\\
+  \DIFaddbegin \texttt{\DIFadd{BlacklistAppleUpdate}}\\
+  \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\
+  \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\
+  \textbf{\DIFadd{Description}}\DIFadd{: Ignore boot options trying to update Apple peripheral firmware
+  (e.g. }\texttt{\DIFadd{MultiUpdater.efi}}\DIFadd{).
+}
+
+  \emph{\DIFadd{Note}}\DIFadd{: This option exists due to some operating systems, namely macOS Big Sur,
+  being }\href{https://github.com/acidanthera/bugtracker/issues/1255}{incapable} \DIFadd{of
+  disabling firmware updates with the NVRAM variable (}\texttt{\DIFadd{run-efi-updater}}\DIFadd{).
+}
+
+\item
+  \DIFaddend \texttt{BootProtect}\\
   \textbf{Type}: \texttt{plist\ string}\\
   \textbf{Failsafe}: \texttt{None}\\
   \textbf{Description}: Attempt to provide bootloader persistence.

diff --git a/Docs/Errata/Errata.pdf b/Docs/Errata/Errata.pdf
diff --git a/Docs/Sample.plist b/Docs/Sample.plist
@@ -780,6 +780,8 @@
 			<integer>0</integer>
 			<key>AuthRestart</key>
 			<false/>
+			<key>BlacklistAppleUpdate</key>
+			<true/>
 			<key>BootProtect</key>
 			<string>Bootstrap</string>
 			<key>DmgLoading</key>

diff --git a/Docs/SampleCustom.plist b/Docs/SampleCustom.plist
@@ -780,6 +780,8 @@
 			<integer>0</integer>
 			<key>AuthRestart</key>
 			<false/>
+			<key>BlacklistAppleUpdate</key>
+			<true/>
 			<key>BootProtect</key>
 			<string>Bootstrap</string>
 			<key>DmgLoading</key>

diff --git a/Include/Acidanthera/Library/OcBootManagementLib.h b/Include/Acidanthera/Library/OcBootManagementLib.h
@@ -656,6 +656,10 @@ struct OC_PICKER_CONTEXT_ {
   //
   BOOLEAN                    ApplePickerUnsupported;
   //
+  // Ignore Apple peripheral firmware updates.
+  //
+  BOOLEAN                    BlacklistAppleUpdate;
+  //
   // Recommended audio protocol, optional.
   //
   OC_AUDIO_PROTOCOL          *OcAudio;

diff --git a/Include/Acidanthera/Library/OcConfigurationLib.h b/Include/Acidanthera/Library/OcConfigurationLib.h
@@ -344,6 +344,7 @@ typedef enum {
   _(BOOLEAN                     , AllowSetDefault             ,      , FALSE                   , ()) \
   _(BOOLEAN                     , ExposeSensitiveData         ,      , OCS_EXPOSE_VERSION      , ()) \
   _(BOOLEAN                     , AuthRestart                 ,      , FALSE                   , ()) \
+  _(BOOLEAN                     , BlacklistAppleUpdate        ,      , FALSE                   , ()) \
   _(BOOLEAN                     , EnablePassword              ,      , FALSE                   , ()) \
   _(UINT8                       , PasswordHash                , [64] , {0}                     , ()) \
   _(OC_DATA                     , PasswordSalt                ,      , OC_EDATA_CONSTR (_, __) , OC_DESTR (OC_DATA)) \

diff --git a/Library/OcBootManagementLib/BootEntryManagement.c b/Library/OcBootManagementLib/BootEntryManagement.c
@@ -1680,6 +1680,7 @@ OcScanForBootEntries (
   if (Context->BootOrder == NULL) {
     Context->BootOrder = InternalGetBootOrderForBooting (
       BootContext->BootVariableGuid,
+      Context->BlacklistAppleUpdate,
       &Context->BootOrderCount
       );
   }
@@ -1770,6 +1771,7 @@ OcScanForDefaultBootEntry (
   if (Context->BootOrder == NULL) {
     Context->BootOrder = InternalGetBootOrderForBooting (
       BootContext->BootVariableGuid,
+      Context->BlacklistAppleUpdate,
       &Context->BootOrderCount
       );
   }

diff --git a/Library/OcBootManagementLib/BootManagementInternal.h b/Library/OcBootManagementLib/BootManagementInternal.h
@@ -101,6 +101,7 @@ InternalLoadBootEntry (
 UINT16 *
 InternalGetBootOrderForBooting (
   IN  EFI_GUID  *BootVariableGuid,
+  IN  BOOLEAN   BlacklistAppleUpdate,
   OUT UINTN     *BootOrderCount
   );
 

diff --git a/Library/OcBootManagementLib/DefaultEntryChoice.c b/Library/OcBootManagementLib/DefaultEntryChoice.c
@@ -163,6 +163,7 @@ InternalDebugBootEnvironment (
 
   STATIC CONST CHAR16 *AppleDebugVariables[] = {
     L"efi-boot-device-data",
+    L"efi-boot-next-data",
     L"efi-backup-boot-device-data",
     L"efi-apple-recovery-data"
   };
@@ -317,6 +318,131 @@ InternalGetBootEntryByDevicePath (
   return NULL;
 }
 
+STATIC
+VOID
+InternalClearNextVariables (
+  IN  EFI_GUID  *BootVariableGuid,
+  IN  BOOLEAN   ClearApplePayload
+  )
+{
+  CHAR16  VariableName[32];
+  UINTN   Index;
+
+  //
+  // Next variable data specified by UEFI spec.
+  // For now we do not bother dropping the variable it points to.
+  //
+  gRT->SetVariable (
+    EFI_BOOT_NEXT_VARIABLE_NAME,
+    BootVariableGuid,
+    EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+    0,
+    NULL
+    );
+
+  //
+  // Next variable string (in xml format) specified by Apple macOS.
+  //
+  gRT->SetVariable (
+    L"efi-boot-next",
+    &gAppleBootVariableGuid,
+    EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+    0,
+    NULL
+    );
+
+  //
+  // Next variable blob (in DevicePath format) specified by Apple macOS.
+  //
+  gRT->SetVariable (
+    L"efi-boot-next-data",
+    &gAppleBootVariableGuid,
+    EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+    0,
+    NULL
+    );
+
+  if (ClearApplePayload) {
+    for (Index = 0; Index <= 3; ++Index) {
+      UnicodeSPrint (
+        VariableName,
+        sizeof (VariableName),
+        L"efi-apple-payload%u%a",
+        (UINT32) Index,
+        "-data"
+        );
+
+      gRT->SetVariable (
+        VariableName,
+        &gAppleBootVariableGuid,
+        EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+        0,
+        NULL
+        );
+
+      UnicodeSPrint (
+        VariableName,
+        sizeof (VariableName),
+        L"efi-apple-payload%u%a",
+        (UINT32) Index,
+        ""
+        );
+
+      gRT->SetVariable (
+        VariableName,
+        &gAppleBootVariableGuid,
+        EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+        0,
+        NULL
+        );
+    }
+  }
+}
+
+STATIC
+BOOLEAN
+InternalHasFirmwareUpdateAsNext (
+  IN EFI_GUID  *BootVariableGuid
+  )
+{
+  EFI_STATUS                       Status;
+  UINT32                           VariableAttributes;
+  UINT16                           BootNext;
+  UINTN                            VariableSize;
+  OC_BOOT_ENTRY_TYPE               EntryType;
+  EFI_DEVICE_PATH_PROTOCOL         *UefiDevicePath;
+
+  VariableSize = sizeof (BootNext);
+  Status = gRT->GetVariable (
+    EFI_BOOT_NEXT_VARIABLE_NAME,
+    BootVariableGuid,
+    &VariableAttributes,
+    &VariableSize,
+    &BootNext
+    );
+  if (EFI_ERROR (Status) || VariableSize != sizeof (BootNext)) {
+    return FALSE;
+  }
+
+  UefiDevicePath = InternalGetBootOptionData (
+    BootNext,
+    BootVariableGuid,
+    NULL,
+    NULL,
+    NULL
+    );
+
+  if (UefiDevicePath == NULL) {
+    return FALSE;
+  }
+
+  EntryType = OcGetBootDevicePathType (UefiDevicePath, NULL, NULL);
+  DEBUG ((DEBUG_INFO, "OCB: Found BootNext %04x of type %u\n", BootNext, EntryType));
+  FreePool (UefiDevicePath);
+
+  return EntryType == OC_BOOT_APPLE_FW_UPDATE;
+}
+
 BOOLEAN
 InternalIsAppleLegacyLoadApp (
   IN CONST EFI_DEVICE_PATH_PROTOCOL  *DevicePath
@@ -471,15 +597,26 @@ OcGetBootOrder (
 UINT16 *
 InternalGetBootOrderForBooting (
   IN  EFI_GUID  *BootVariableGuid,
+  IN  BOOLEAN   BlacklistAppleUpdate,
   OUT UINTN     *BootOrderCount
   )
 {
   UINT16                           *BootOrder;
+  BOOLEAN                          HasFwBootNext;
   BOOLEAN                          HasBootNext;
 
+  //
+  // Precede variable with boot next unless we were forced to ignore it.
+  //
+  if (BlacklistAppleUpdate) {
+    HasFwBootNext = InternalHasFirmwareUpdateAsNext (BootVariableGuid);
+  } else {
+    HasFwBootNext = FALSE;
+  }
+
   BootOrder = OcGetBootOrder (
     BootVariableGuid,
-    TRUE,
+    HasFwBootNext == FALSE,
     BootOrderCount,
     NULL,
     &HasBootNext
@@ -499,14 +636,8 @@ InternalGetBootOrderForBooting (
   InternalDebugBootEnvironment (BootOrder, BootVariableGuid, *BootOrderCount);
   DEBUG_CODE_END ();
 
-  if (HasBootNext) {
-    gRT->SetVariable (
-      EFI_BOOT_NEXT_VARIABLE_NAME,
-      BootVariableGuid,
-      EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
-      0,
-      NULL
-      );
+  if (HasFwBootNext || HasBootNext) {
+    InternalClearNextVariables (BootVariableGuid, HasFwBootNext);
   }
 
   return BootOrder;

diff --git a/Library/OcConfigurationLib/OcConfigurationLib.c b/Library/OcConfigurationLib/OcConfigurationLib.c
@@ -400,6 +400,7 @@ mMiscConfigurationSecuritySchema[] = {
   OC_SCHEMA_BOOLEAN_IN ("AllowSetDefault",      OC_GLOBAL_CONFIG, Misc.Security.AllowSetDefault),
   OC_SCHEMA_INTEGER_IN ("ApECID",               OC_GLOBAL_CONFIG, Misc.Security.ApECID),
   OC_SCHEMA_BOOLEAN_IN ("AuthRestart",          OC_GLOBAL_CONFIG, Misc.Security.AuthRestart),
+  OC_SCHEMA_BOOLEAN_IN ("BlacklistAppleUpdate", OC_GLOBAL_CONFIG, Misc.Security.BlacklistAppleUpdate),
   OC_SCHEMA_STRING_IN  ("BootProtect",          OC_GLOBAL_CONFIG, Misc.Security.BootProtect),
   OC_SCHEMA_STRING_IN  ("DmgLoading",           OC_GLOBAL_CONFIG, Misc.Security.DmgLoading),
   OC_SCHEMA_BOOLEAN_IN ("EnablePassword",       OC_GLOBAL_CONFIG, Misc.Security.EnablePassword),

diff --git a/Platform/OpenCore/OpenCoreMisc.c b/Platform/OpenCore/OpenCoreMisc.c
@@ -838,6 +838,7 @@ OcMiscBoot (
   Context->PickerMode            = PickerMode;
   Context->ConsoleAttributes     = Config->Misc.Boot.ConsoleAttributes;
   Context->PickerAttributes      = Config->Misc.Boot.PickerAttributes;
+  Context->BlacklistAppleUpdate  = Config->Misc.Security.BlacklistAppleUpdate;
 
   if ((Config->Misc.Security.ExposeSensitiveData & OCS_EXPOSE_VERSION_UI) != 0) {
     Context->TitleSuffix      = OcMiscGetVersionString ();