|
1 | 1 | \documentclass[]{article} |
2 | 2 | %DIF LATEXDIFF DIFFERENCE FILE |
3 | | -%DIF DEL PreviousConfiguration.tex Mon Oct 9 15:13:53 2023 |
4 | | -%DIF ADD ../Configuration.tex Mon Oct 9 15:31:36 2023 |
| 3 | +%DIF DEL PreviousConfiguration.tex Sat Oct 14 23:52:14 2023 |
| 4 | +%DIF ADD ../Configuration.tex Fri Nov 3 11:07:05 2023 |
5 | 5 |
|
6 | 6 | \usepackage{lmodern} |
7 | 7 | \usepackage{amssymb,amsmath} |
|
118 | 118 | %DIF HYPERREF PREAMBLE %DIF PREAMBLE |
119 | 119 | \providecommand{\DIFadd}[1]{\texorpdfstring{\DIFaddtex{#1}}{#1}} %DIF PREAMBLE |
120 | 120 | \providecommand{\DIFdel}[1]{\texorpdfstring{\DIFdeltex{#1}}{}} %DIF PREAMBLE |
121 | | -%DIF COLORLISTINGS PREAMBLE %DIF PREAMBLE |
| 121 | +%DIF LISTINGS PREAMBLE %DIF PREAMBLE |
122 | 122 | \RequirePackage{listings} %DIF PREAMBLE |
123 | 123 | \RequirePackage{color} %DIF PREAMBLE |
124 | 124 | \lstdefinelanguage{DIFcode}{ %DIF PREAMBLE |
@@ -1671,7 +1671,41 @@ \subsection{Quirks Properties}\label{booterpropsquirks} |
1671 | 1671 | Refer to the \texttt{OCABC: MAT support is 1/0} log entry to determine whether MAT is supported. |
1672 | 1672 |
|
1673 | 1673 | \item |
1674 | | - \texttt{ForceBooterSignature}\\ |
| 1674 | + \DIFaddbegin \texttt{\DIFadd{FixupAppleEfiImages}}\\ |
| 1675 | + \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\ |
| 1676 | + \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\ |
| 1677 | + \textbf{\DIFadd{Description}}\DIFadd{: Fix errors in early Mac OS X boot.efi images. |
| 1678 | +} |
| 1679 | + |
| 1680 | + \DIFadd{Modern secure PE loaders will refuse to load }\texttt{\DIFadd{boot.efi}} \DIFadd{images from |
| 1681 | + Mac OS X 10.4 and 10.5 due to these files containing }\texttt{\DIFadd{W\^{}X}} \DIFadd{errors |
| 1682 | + and illegal overlapping sections. |
| 1683 | +} |
| 1684 | + |
| 1685 | + \DIFadd{This quirk detects these issues and pre-processes such images in memory, |
| 1686 | + so that a modern loader can accept them. |
| 1687 | +} |
| 1688 | + |
| 1689 | + \DIFadd{Pre-processing in memory is incompatible with secure boot, as the image loaded |
| 1690 | + is not the image on disk, so you cannot sign files which are loaded in this way |
| 1691 | + based on their original disk image contents. |
| 1692 | + Certain firmware will offer to register the hash of new, unknown images - this would |
| 1693 | + still work. On the other hand, it is not particularly realistic to want to |
| 1694 | + start such early, insecure images with secure boot anyway. |
| 1695 | +} |
| 1696 | + |
| 1697 | + \emph{\DIFadd{Note 1}}\DIFadd{: The quirk is only applied to Apple-specific `fat' (both 32-bit and 64-bit |
| 1698 | + versions in one image) }\texttt{\DIFadd{.efi}} \DIFadd{files, and is never applied during the Apple secure |
| 1699 | + boot path for newer macOS. |
| 1700 | +} |
| 1701 | + |
| 1702 | + \emph{\DIFadd{Note 2}}\DIFadd{: The quirk is only needed for loading Mac OS X 10.4 and 10.5, and even then |
| 1703 | + only if the firmware itself includes a modern, more secure PE COFF image loader. This includes |
| 1704 | + current builds of OpenDuet. |
| 1705 | +} |
| 1706 | + |
| 1707 | +\item |
| 1708 | + \DIFaddend \texttt{ForceBooterSignature}\\ |
1675 | 1709 | \textbf{Type}: \texttt{plist\ boolean}\\ |
1676 | 1710 | \textbf{Failsafe}: \texttt{false}\\ |
1677 | 1711 | \textbf{Description}: Set macOS \texttt{boot-signature} to OpenCore launcher. |
|
0 commit comments