Skip to content

Commit

Permalink
Docs: Update FixupAppleEfiImages wording
Browse files Browse the repository at this point in the history
  • Loading branch information
mikebeaton committed Sep 29, 2024
1 parent 94ec1dc commit 4087300
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 35 deletions.
2 changes: 1 addition & 1 deletion Docs/Configuration.md5
Original file line number Diff line number Diff line change
@@ -1 +1 @@
b793988590c9e9ddd71ce9318abe5369
476c1deb24db35e352f1a9fcf36b8374
Binary file modified Docs/Configuration.pdf
Binary file not shown.
34 changes: 17 additions & 17 deletions Docs/Configuration.tex
Original file line number Diff line number Diff line change
Expand Up @@ -1620,22 +1620,20 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
\texttt{FixupAppleEfiImages}\\
\textbf{Type}: \texttt{plist\ boolean}\\
\textbf{Failsafe}: \texttt{false}\\
\textbf{Description}: Fix errors in early Mac OS X boot.efi images.
\textbf{Description}: Fix permissions and section errors in macOS \texttt{boot.efi} images.

Modern secure PE loaders will refuse to load \texttt{boot.efi} images from
Mac OS X 10.4 to macOS 10.12 due to these files containing \texttt{W\^{}X} errors
(in all versions) and illegal overlapping sections (in 10.4 and 10.5 32-bit
versions only).
Mac OS X \texttt{boot.efi} images contain \texttt{W\^{}X} permissions errors
(in all versions) and in very old versions additionally contain illegal overlapping sections
(affects 10.4 and 10.5 32-bit versions only). Modern secure PE loaders (including the OpenCore
loader in current releases of OpenDuet) will refuse to load these images
unless additional mitigations are applied.

This quirk detects these issues and pre-processes such images in memory,
This quirk detects these issues and pre-processes such images in memory
so that a modern loader will accept them.

Pre-processing in memory is incompatible with secure boot, as the image loaded
is not the image on disk, so you cannot sign files which are loaded in this way
based on their original disk image contents.
Certain firmware will offer to register the hash of new, unknown images - this would
still work. On the other hand, it is not particularly realistic to want to
start these early, insecure images with secure boot anyway.
If on a system with such a secure loader, this quirk is required to load
Mac OS X 10.4 to macOS 10.12, and is required for all newer
macOS when \texttt{SecureBootModel} is set to \texttt{Disabled}.

\emph{Note 1}: The quirk is never applied during the Apple secure boot path for
newer macOS. The Apple secure boot path includes its own separate mitigations
Expand All @@ -1652,11 +1650,13 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
within their filesystem.
\end{itemize}

\emph{Note 3}: This quirk is needed for Mac OS X 10.4 to macOS 10.12 (and
higher, if Apple secure boot is not enabled), but only when the firmware
itself includes a modern, more secure PE COFF image loader. This applies to
current builds of OpenDuet, and to OVMF if built from audk source code.

\emph{Note 3}: Pre-processing in memory is incompatible with secure boot, as the image loaded
is not the image on disk, so you cannot sign files which are loaded in this way
based on their original disk image contents.
Certain firmware will offer to register the hash of new, unknown images - this would
still work. On the other hand, it is not particularly realistic to want to
start these early, insecure images with secure boot anyway.

\item
\texttt{ForceBooterSignature}\\
\textbf{Type}: \texttt{plist\ boolean}\\
Expand Down
Binary file modified Docs/Differences/Differences.pdf
Binary file not shown.
45 changes: 28 additions & 17 deletions Docs/Differences/Differences.tex
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
\documentclass[]{article}
%DIF LATEXDIFF DIFFERENCE FILE
%DIF DEL PreviousConfiguration.tex Fri Aug 16 15:32:06 2024
%DIF ADD ../Configuration.tex Fri Aug 16 15:32:06 2024
%DIF DEL PreviousConfiguration.tex Tue Sep 3 09:18:54 2024
%DIF ADD ../Configuration.tex Sun Sep 29 21:16:14 2024

\usepackage{lmodern}
\usepackage{amssymb,amsmath}
Expand Down Expand Up @@ -118,7 +118,7 @@
%DIF HYPERREF PREAMBLE %DIF PREAMBLE
\providecommand{\DIFadd}[1]{\texorpdfstring{\DIFaddtex{#1}}{#1}} %DIF PREAMBLE
\providecommand{\DIFdel}[1]{\texorpdfstring{\DIFdeltex{#1}}{}} %DIF PREAMBLE
%DIF LISTINGS PREAMBLE %DIF PREAMBLE
%DIF COLORLISTINGS PREAMBLE %DIF PREAMBLE
\RequirePackage{listings} %DIF PREAMBLE
\RequirePackage{color} %DIF PREAMBLE
\lstdefinelanguage{DIFcode}{ %DIF PREAMBLE
Expand Down Expand Up @@ -1680,22 +1680,28 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
\texttt{FixupAppleEfiImages}\\
\textbf{Type}: \texttt{plist\ boolean}\\
\textbf{Failsafe}: \texttt{false}\\
\textbf{Description}: Fix errors in early Mac OS X boot.efi images.
\textbf{Description}: Fix \DIFdelbegin \DIFdel{errors in early Mac OS X boot.efi }\DIFdelend \DIFaddbegin \DIFadd{permissions and section errors in macOS }\texttt{\DIFadd{boot.efi}} \DIFaddend images.

Modern secure PE loaders will refuse to load \texttt{boot.efi} images from
Mac OS X 10.4 to macOS 10.12 due to these files containing \texttt{W\^{}X} errors
(in all versions) and illegal overlapping sections (in 10.4 and 10.5 32-bit
versions only).
\DIFdelbegin \DIFdel{Modern secure PE loaders will refuse to load }\texttt{\DIFdel{boot.efi}} %DIFAUXCMD
\DIFdel{images from
}\DIFdelend Mac OS X \DIFdelbegin \DIFdel{10.4 to macOS 10.12 due to these files containing }\DIFdelend \DIFaddbegin \texttt{\DIFadd{boot.efi}} \DIFadd{images contain }\DIFaddend \texttt{W\^{}X} \DIFaddbegin \DIFadd{permissions }\DIFaddend errors
(in all versions) and \DIFaddbegin \DIFadd{in very old versions additionally contain }\DIFaddend illegal overlapping sections
(\DIFdelbegin \DIFdel{in }\DIFdelend \DIFaddbegin \DIFadd{affects }\DIFaddend 10.4 and 10.5 32-bit versions only). \DIFaddbegin \DIFadd{Modern secure PE loaders (including the OpenCore
loader in current releases of OpenDuet) will refuse to load these images
unless additional mitigations are applied.
}\DIFaddend

This quirk detects these issues and pre-processes such images in memory,
so that a modern loader will accept them.
This quirk detects these issues and pre-processes such images in memory
\DIFdelbegin \DIFdel{,
}\DIFdelend so that a modern loader will accept them.

Pre-processing in memory is incompatible with secure boot, as the image loaded
\DIFdelbegin \DIFdel{Pre-processing in memory is incompatible with secure boot, as the image loaded
is not the image on disk, so you cannot sign files which are loaded in this way
based on their original disk image contents.
Certain firmware will offer to register the hash of new, unknown images - this would
still work. On the other hand, it is not particularly realistic to want to
start these early, insecure images with secure boot anyway.
still work. On the other hand, it is not particularly realistic to want to start these early, insecure images with secure boot anyway}\DIFdelend \DIFaddbegin \DIFadd{If on a system with such a secure loader, this quirk is required to load
Mac OS X 10.4 to macOS 10.12, and is required for all newer
macOS when }\texttt{\DIFadd{SecureBootModel}} \DIFadd{is set to }\texttt{\DIFadd{Disabled}}\DIFaddend .

\emph{Note 1}: The quirk is never applied during the Apple secure boot path for
newer macOS. The Apple secure boot path includes its own separate mitigations
Expand All @@ -1712,10 +1718,15 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
within their filesystem.
\end{itemize}

\emph{Note 3}: This quirk is needed for Mac OS X 10.4 to macOS 10.12 (and
higher, if Apple secure boot is not enabled), but only when the firmware
itself includes a modern, more secure PE COFF image loader. This applies to
current builds of OpenDuet, and to OVMF if built from audk source code.
\emph{Note 3}: \DIFdelbegin \DIFdel{This quirk is needed for Mac OS X 10.4 to macOS 10.12 (and
higher, if Apple secure bootis not enabled), but only when the firmware
itself includes a modern, more secure PE COFF image loader.
This applies to current builds of OpenDuet, and to OVMF if built from audk source code}\DIFdelend \DIFaddbegin \DIFadd{Pre-processing in memory is incompatible with secure boot, as the image loaded
is not the image on disk, so you cannot sign files which are loaded in this way
based on their original disk image contents.
Certain firmware will offer to register the hash of new, unknown images - this would
still work. On the other hand, it is not particularly realistic to want to
start these early, insecure images with secure boot anyway}\DIFaddend .

\item
\texttt{ForceBooterSignature}\\
Expand Down
Binary file modified Docs/Errata/Errata.pdf
Binary file not shown.

0 comments on commit 4087300

Please sign in to comment.