Skip to content

Commit

Permalink
Docs: Update FixupAppleEfiImages wording
Browse files Browse the repository at this point in the history
  • Loading branch information
mikebeaton committed Sep 29, 2024
1 parent 94ec1dc commit 9273be6
Showing 1 changed file with 17 additions and 17 deletions.
34 changes: 17 additions & 17 deletions Docs/Configuration.tex
Original file line number Diff line number Diff line change
Expand Up @@ -1620,22 +1620,20 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
\texttt{FixupAppleEfiImages}\\
\textbf{Type}: \texttt{plist\ boolean}\\
\textbf{Failsafe}: \texttt{false}\\
\textbf{Description}: Fix errors in early Mac OS X boot.efi images.
\textbf{Description}: Fix permissions and section errors in macOS \texttt{boot.efi} images.

Modern secure PE loaders will refuse to load \texttt{boot.efi} images from
Mac OS X 10.4 to macOS 10.12 due to these files containing \texttt{W\^{}X} errors
(in all versions) and illegal overlapping sections (in 10.4 and 10.5 32-bit
versions only).
Mac OS X \texttt{boot.efi} images contain \texttt{W\^{}X} permissions errors
(in all versions) and in very old versions additionally contain illegal overlapping sections
(affects 10.4 and 10.5 32-bit versions only). Modern secure PE loaders (including the OpenCore
loader in current releases of OpenDuet) will refuse to load these images
unless additional mitigations are applied.

This quirk detects these issues and pre-processes such images in memory,
This quirk detects these issues and pre-processes such images in memory
so that a modern loader will accept them.

Pre-processing in memory is incompatible with secure boot, as the image loaded
is not the image on disk, so you cannot sign files which are loaded in this way
based on their original disk image contents.
Certain firmware will offer to register the hash of new, unknown images - this would
still work. On the other hand, it is not particularly realistic to want to
start these early, insecure images with secure boot anyway.
If on a system with such a secure loader, this quirk is required to load
Mac OS X 10.4 to macOS 10.12, and is required for all newer
macOS when \texttt{SecureBootModel} is set to \texttt{Disabled}.

\emph{Note 1}: The quirk is never applied during the Apple secure boot path for
newer macOS. The Apple secure boot path includes its own separate mitigations
Expand All @@ -1652,11 +1650,13 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
within their filesystem.
\end{itemize}

\emph{Note 3}: This quirk is needed for Mac OS X 10.4 to macOS 10.12 (and
higher, if Apple secure boot is not enabled), but only when the firmware
itself includes a modern, more secure PE COFF image loader. This applies to
current builds of OpenDuet, and to OVMF if built from audk source code.

\emph{Note 3}: Pre-processing in memory is incompatible with secure boot, as the image loaded
is not the image on disk, so you cannot sign files which are loaded in this way
based on their original disk image contents.
Certain firmware will offer to register the hash of new, unknown images - this would
still work. On the other hand, it is not particularly realistic to want to
start these early, insecure images with secure boot anyway.

\item
\texttt{ForceBooterSignature}\\
\textbf{Type}: \texttt{plist\ boolean}\\
Expand Down

0 comments on commit 9273be6

Please sign in to comment.