- Joined
- Dec 10, 2010
- Messages
- 1,367
- Motherboard
- Gigabyte Z390 Aorus Elite
- CPU
- i9-9900K
- Graphics
- RX 6600 XT
- Mobile Phone
OpenCore 0.7.4 is available. Yo can get it here: https://github.com/acidanthera/OpenCorePkg/releases
vit9696's usual Dortania message has not been published but official OpenCore version 0.7.4 has been released.
Note: This time the (shorter) message is here:
https://github.com/acidanthera/bugtracker/issues/1779#issuecomment-932981707
Main changes are in the changelog.
Changelog
Until now we could have Apple Secure Boot full security in Big Sur but not in Monterey. You can read about Apple Secure Boot here.
Now we can also have full security in Monterey. To have full security it is necessary a SMBIOS model with Apple T2 security chip. If the SMBIOS model does not have T2, we can only have medium security. This is true on real Macs as well.
Note: installing RestrictEvents will not do anything to fix Secure Boot (all the changes in RestrictEvents are guarded by a special boot arg), it does nothing by default and only forces medium security with x86legacy model on any Mac model when enabled.
On the other hand, the need to change the SecureBootModel or SMBIOS model to update Monterey via OTA seems to have disappeared and it is not necessary to have RestrictEvents.kext for this task because the fix is included in OpenCore.
config.plist
It is highly recommended that people using macOS and Linux together carefully read the OpenLinuxBoot section of the OpenCore Configuration PDF. Linux detection has been improved. There are too many changes to be commented here by someone who barely use Linux.
Note: SyncRuntimePermissions quirk may need to be set True to avoid early boot failure of the Linux kernel in some firmwares released after 2017.
Utilities
Added shim-to-cert.tool to extract OEM signing certificate public key (and full db, dbx if present) from GRUB shim file.
vit9696's usual Dortania message has not been published but official OpenCore version 0.7.4 has been released.
Note: This time the (shorter) message is here:
https://github.com/acidanthera/bugtracker/issues/1779#issuecomment-932981707
Main changes are in the changelog.
Changelog
- Fixed Linux kernel sort order
- Added Linux detection optional log detail
- Fixed CPU core count detection for more legacy CPUs
- Added ability to fully override autodetect Linux boot options
- Added large BaseSystem support in AdviseFeatures
- Updated builtin firmware versions for SMBIOS
- Added tool to extract vendor secure boot certificate from GRUB shim file
- Added BridgeOSHardwareModel NVRAM variable to fix T2 SecureBootModel on macOS 12
- Changed Default Apple Secure Boot model to match SMBIOS for macOS 12
- Fixed opencore-version not being added to NVRAM variables.
Until now we could have Apple Secure Boot full security in Big Sur but not in Monterey. You can read about Apple Secure Boot here.
Now we can also have full security in Monterey. To have full security it is necessary a SMBIOS model with Apple T2 security chip. If the SMBIOS model does not have T2, we can only have medium security. This is true on real Macs as well.
Note: installing RestrictEvents will not do anything to fix Secure Boot (all the changes in RestrictEvents are guarded by a special boot arg), it does nothing by default and only forces medium security with x86legacy model on any Mac model when enabled.
On the other hand, the need to change the SecureBootModel or SMBIOS model to update Monterey via OTA seems to have disappeared and it is not necessary to have RestrictEvents.kext for this task because the fix is included in OpenCore.
config.plist
- UEFI >> Drivers >> added Comment (string) property (Arguments, Comment, Enabled and Path).
- Booter >> Quirks >> SyncRuntimePermissions (boolean): usually is False but it can be useful to be True if there are early boot failures (e.g. halt black screen) when booting Linux kernels.
- Misc >> Security >> changed Default SecureBootMode value to match SMBIOS model to fix Monterey updates. There is no need to change SecureBootModel value in the config, Default will work for everyone.
- NVRAM >> added BridgeOSHardwareModel NVRAM variable to fix T2 SecureBootMode on Monterey. You do not need to add anything to NVRAM section. This is done internally by OpenCore itself.
- PlatformInfo >> Generic >> fixed a problem when installing Monterey developer betas by adding large BaseSystem support in AdviseFeatures property. There is no need to enable AdviseFeatures as all the macOS 12 compatible firmware versions have been updated FirmwareFeatures value. AdviseFeatures was a temporary solution to a specific problem and as of now it does not make much sense to be used. Perhaps, only on legacy Mac models if they prefer not to spoof their Mac model and use -no_compat_check boot-arg.
AdviseFeatures updates FirmwareFeatures (ExtendedFirmwareFeatures / ExtendedFirmwareFeaturesMask) with a new bit added: FW_FEATURE_SUPPORTS_LARGE_BASESYSTEM (0x800000000) - Without this bit, it is not possible to install macOS versions with large BaseSystem images, such as macOS 12.
It is highly recommended that people using macOS and Linux together carefully read the OpenLinuxBoot section of the OpenCore Configuration PDF. Linux detection has been improved. There are too many changes to be commented here by someone who barely use Linux.
Note: SyncRuntimePermissions quirk may need to be set True to avoid early boot failure of the Linux kernel in some firmwares released after 2017.
Utilities
Added shim-to-cert.tool to extract OEM signing certificate public key (and full db, dbx if present) from GRUB shim file.
Last edited: