Modified SIP/CSR feature to work ON MACS when the csr-active-config

[refind] / refind / apple.c

diff --git a/refind/apple.c b/refind/apple.c
index e5bc99a3b29117fe0b3e0e4986b2de3460bc0f88..437b52343bd8b30670fc74a08fb2712b5ad7284d 100644 (file)
--- a/refind/apple.c
+++ b/refind/apple.c
@@ -24,12 +24,15 @@
 #include "lib.h"
 #include "screen.h"
 #include "apple.h"
+#include "mystrings.h"
 #include "refit_call_wrapper.h"
 
-CHAR16 *gCsrStatus = NULL;
+CHAR16 gCsrStatus[256];
 
 // Get CSR (Apple's System Integrity Protection [SIP], or "rootless") status
-// information.
+// information. If the variable is not present and the firmware is Apple, fake
+// it and claim it's enabled, since that's how OS X 10.11 treats a system with
+// the variable absent.
 EFI_STATUS GetCsrStatus(UINT32 *CsrStatus) {
     UINT32     *ReturnValue = NULL;
     UINTN      CsrLength;
@@ -43,14 +46,18 @@ EFI_STATUS GetCsrStatus(UINT32 *CsrStatus) {
                 *CsrStatus = *ReturnValue;
             } else {
                 Status = EFI_BAD_BUFFER_SIZE;
+                SPrint(gCsrStatus, 255, L" Unknown System Integrity Protection version");
             }
             MyFreePool(ReturnValue);
+        } else if ((Status == EFI_NOT_FOUND) && (StriSubCmp(L"Apple", ST->FirmwareVendor))) {
+            *CsrStatus = SIP_ENABLED;
+            Status = EFI_SUCCESS;
         } // if (Status == EFI_SUCCESS)
     } // if (CsrStatus)
     return Status;
 } // INTN GetCsrStatus()
 
-// Store string describing CSR status byte in gCsrStatus variable, which appears
+// Store string describing CSR status value in gCsrStatus variable, which appears
 // on the Info page. If DisplayMessage is TRUE, displays the new value of
 // gCsrStatus on the screen for three seconds.
 VOID RecordgCsrStatus(UINT32 CsrStatus, BOOLEAN DisplayMessage) {
@@ -61,9 +68,6 @@ VOID RecordgCsrStatus(UINT32 CsrStatus, BOOLEAN DisplayMessage) {
     BGColor.r = 100;
     BGColor.a = 0;
 
-    if (gCsrStatus == NULL)
-        gCsrStatus = AllocateZeroPool(256 * sizeof(CHAR16));
-
     switch (CsrStatus) {
         case SIP_ENABLED:
             SPrint(gCsrStatus, 255, L" System Integrity Protection is enabled (0x%02x)", CsrStatus);
@@ -78,16 +82,14 @@ VOID RecordgCsrStatus(UINT32 CsrStatus, BOOLEAN DisplayMessage) {
         egDisplayMessage(gCsrStatus, &BGColor);
         PauseSeconds(3);
     } // if
-} // VOID RecordgCsrStatus
+} // VOID RecordgCsrStatus()
 
 // Find the current CSR status and reset it to the next one in the
 // GlobalConfig.CsrValues list, or to the first value if the current
 // value is not on the list.
-// Returns the value to which the CSR is being set.
 VOID RotateCsrValue(VOID) {
-    UINT32       CurrentValue;
+    UINT32       CurrentValue, TargetCsr;
     UINT32_LIST  *ListItem;
-    UINT32       TargetCsr;
     EFI_GUID     CsrGuid = CSR_GUID;
     EFI_STATUS   Status;
 
@@ -104,8 +106,10 @@ VOID RotateCsrValue(VOID) {
         Status = EfivarSetRaw(&CsrGuid, L"csr-active-config", (CHAR8 *) &TargetCsr, 4, TRUE);
         if (Status == EFI_SUCCESS)
             RecordgCsrStatus(TargetCsr, TRUE);
+        else
+            SPrint(gCsrStatus, 255, L" Error setting System Integrity Protection code.");
     } // if
-} // INTN RotateCsrValue()
+} // VOID RotateCsrValue()
 
 
 /*
@@ -158,7 +162,7 @@ EFI_STATUS SetAppleOSInfo() {
                 Print(L"Out of resources in SetAppleOSInfo!\n");
             }
             if ((Status == EFI_SUCCESS) && (SetOs->Version == 2))
-                Status = refit_call1_wrapper (SetOs->SetOsVendor, "Apple Inc.");
+                Status = refit_call1_wrapper (SetOs->SetOsVendor, (CHAR8 *) "Apple Inc.");
             MyFreePool(AppleOSVersion);
         } // if (AppleOSVersion)
     } // if