"TT_dmgloading" = "Type: plist string\nFailsafe: Signed\nDefine Disk Image (DMG) loading policy used for macOS Recovery.\n\nValid values:\n• Disabled — loading DMG images will fail. The Disabled policy will still let the macOS Recovery load in most cases as typically, there are boot.efi files compatible with Apple Secure Boot. Manually downloaded DMG images stored in com.apple.recovery.boot directories will not load, however.\n• Signed — only Apple-signed DMG images will load. Due to the design of Apple Secure Boot, the Signed policy will let any Apple-signed macOS Recovery load regardless of the Apple Secure Boot state, which may not always be desired. While using signed DMG images is more desirable, verifying the image signature may slightly slow the boot time down (by up to 1 second).\n• Any — any DMG images will mount as normal filesystems. The Any policy is strongly discouraged and will result in boot failures when Apple Secure Boot is active.";
/* l6D-xS-M37 */
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to j137.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0\n\nPlatformInfo and SecureBootModel are independent, allowing to enabling Apple Secure Boot with any SMBIOS.\nSetting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to x86legacy.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0.1 (20B29)\n\nWarning: Not all Apple Secure Boot models are supported on all hardware configurations. Starting with macOS 12 x86legacy is the only Apple Secure Boot model compatible with software update on hardware without T2 chips.\n\nApple Secure Boot appeared in macOS 10.13 on models with T2 chips. Since PlatformInfo and SecureBootModel are independent, Apple Secure Boot can be used with any SMBIOS with and without T2. Setting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security. Check ForceSecureBootScheme when using Apple Secure Boot on a virtual machine.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
/* NCW-lH-X8S */
"TT_PasswordHash" = "Type: plist data 64 bytes\nFailsafe: all zero\nDescription: Password hash used when EnabledPassword is set.";
...
...
@@ -1519,10 +1519,10 @@
"TT_JumpstartHotPlug" = "Type: plist boolean\nFailsafe: false\nDescription: Load APFS drivers for newly connected devices.\n\nPermits APFS USB hot plug which enables loading APFS drivers, both at OpenCore startup and during OpenCore picker dusplay. Disable if not required.";
/* L9i-6i-Mis */
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2020/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2021/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
/* TYZ-jG-lfr */
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to the latest point release from High Sierra.\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to allow macOS Big Sur and newer (1600000000000000).\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
/* AppleInput */
/* frr-qu-WDh */
...
...
@@ -1642,7 +1642,7 @@
"TT_AppleDebugLog" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple Debug Log protocol with a builtin version.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.\n\nNote 2: On systems without native support for ForceDisplayRotationInEFI, DirectGopRendering=true is also required for this setting to have an effect.";
"TT_AppleFramebufferInfo" = "Type: plist boolean\nFailsafe: false \nDescription: Replaces the Apple Framebuffer Info protocol with a builtin version. This may be used to override framebuffer information on VMs or legacy Macs to improve compatibility with legacy EfiBoot such as the one in macOS 10.4.";
"TT_dmgloading" = "Type: plist string\nFailsafe: Signed\nDefine Disk Image (DMG) loading policy used for macOS Recovery.\n\nValid values:\n• Disabled — loading DMG images will fail. The Disabled policy will still let the macOS Recovery load in most cases as typically, there are boot.efi files compatible with Apple Secure Boot. Manually downloaded DMG images stored in com.apple.recovery.boot directories will not load, however.\n• Signed — only Apple-signed DMG images will load. Due to the design of Apple Secure Boot, the Signed policy will let any Apple-signed macOS Recovery load regardless of the Apple Secure Boot state, which may not always be desired. While using signed DMG images is more desirable, verifying the image signature may slightly slow the boot time down (by up to 1 second).\n• Any — any DMG images will mount as normal filesystems. The Any policy is strongly discouraged and will result in boot failures when Apple Secure Boot is active.";
/* l6D-xS-M37 */
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to j137.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0\n\nPlatformInfo and SecureBootModel are independent, allowing to enabling Apple Secure Boot with any SMBIOS.\nSetting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to x86legacy.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0.1 (20B29)\n\nWarning: Not all Apple Secure Boot models are supported on all hardware configurations. Starting with macOS 12 x86legacy is the only Apple Secure Boot model compatible with software update on hardware without T2 chips.\n\nApple Secure Boot appeared in macOS 10.13 on models with T2 chips. Since PlatformInfo and SecureBootModel are independent, Apple Secure Boot can be used with any SMBIOS with and without T2. Setting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security. Check ForceSecureBootScheme when using Apple Secure Boot on a virtual machine.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
/* NCW-lH-X8S */
"TT_PasswordHash" = "Type: plist data 64 bytes\nFailsafe: all zero\nDescription: Password hash used when EnabledPassword is set.";
...
...
@@ -1519,10 +1519,10 @@
"TT_JumpstartHotPlug" = "Type: plist boolean\nFailsafe: false\nDescription: Load APFS drivers for newly connected devices.\n\nPermits APFS USB hot plug which enables loading APFS drivers, both at OpenCore startup and during OpenCore picker dusplay. Disable if not required.";
/* L9i-6i-Mis */
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2020/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2021/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
/* TYZ-jG-lfr */
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to the latest point release from High Sierra.\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to allow macOS Big Sur and newer (1600000000000000).\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
/* AppleInput */
/* frr-qu-WDh */
...
...
@@ -1642,7 +1642,7 @@
"TT_AppleDebugLog" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple Debug Log protocol with a builtin version.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.\n\nNote 2: On systems without native support for ForceDisplayRotationInEFI, DirectGopRendering=true is also required for this setting to have an effect.";
"TT_AppleFramebufferInfo" = "Type: plist boolean\nFailsafe: false \nDescription: Replaces the Apple Framebuffer Info protocol with a builtin version. This may be used to override framebuffer information on VMs or legacy Macs to improve compatibility with legacy EfiBoot such as the one in macOS 10.4.";
"TT_dmgloading" = "Type: plist string\nFailsafe: Signed\nDefine Disk Image (DMG) loading policy used for macOS Recovery.\n\nValid values:\n• Disabled — loading DMG images will fail. The Disabled policy will still let the macOS Recovery load in most cases as typically, there are boot.efi files compatible with Apple Secure Boot. Manually downloaded DMG images stored in com.apple.recovery.boot directories will not load, however.\n• Signed — only Apple-signed DMG images will load. Due to the design of Apple Secure Boot, the Signed policy will let any Apple-signed macOS Recovery load regardless of the Apple Secure Boot state, which may not always be desired. While using signed DMG images is more desirable, verifying the image signature may slightly slow the boot time down (by up to 1 second).\n• Any — any DMG images will mount as normal filesystems. The Any policy is strongly discouraged and will result in boot failures when Apple Secure Boot is active.";
/* l6D-xS-M37 */
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to j137.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0\n\nPlatformInfo and SecureBootModel are independent, allowing to enabling Apple Secure Boot with any SMBIOS.\nSetting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to x86legacy.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0.1 (20B29)\n\nWarning: Not all Apple Secure Boot models are supported on all hardware configurations. Starting with macOS 12 x86legacy is the only Apple Secure Boot model compatible with software update on hardware without T2 chips.\n\nApple Secure Boot appeared in macOS 10.13 on models with T2 chips. Since PlatformInfo and SecureBootModel are independent, Apple Secure Boot can be used with any SMBIOS with and without T2. Setting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security. Check ForceSecureBootScheme when using Apple Secure Boot on a virtual machine.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
/* NCW-lH-X8S */
"TT_PasswordHash" = "Type: plist data 64 bytes\nFailsafe: all zero\nDescription: Password hash used when EnabledPassword is set.";
...
...
@@ -1519,10 +1519,10 @@
"TT_JumpstartHotPlug" = "Type: plist boolean\nFailsafe: false\nDescription: Load APFS drivers for newly connected devices.\n\nPermits APFS USB hot plug which enables loading APFS drivers, both at OpenCore startup and during OpenCore picker dusplay. Disable if not required.";
/* L9i-6i-Mis */
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2020/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2021/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
/* TYZ-jG-lfr */
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to the latest point release from High Sierra.\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to allow macOS Big Sur and newer (1600000000000000).\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
/* AppleInput */
/* frr-qu-WDh */
...
...
@@ -1642,7 +1642,7 @@
"TT_AppleDebugLog" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple Debug Log protocol with a builtin version.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.\n\nNote 2: On systems without native support for ForceDisplayRotationInEFI, DirectGopRendering=true is also required for this setting to have an effect.";
"TT_AppleFramebufferInfo" = "Type: plist boolean\nFailsafe: false \nDescription: Replaces the Apple Framebuffer Info protocol with a builtin version. This may be used to override framebuffer information on VMs or legacy Macs to improve compatibility with legacy EfiBoot such as the one in macOS 10.4.";
"TT_dmgloading" = "Type: plist string\nFailsafe: Signed\nDefine Disk Image (DMG) loading policy used for macOS Recovery.\n\nValid values:\n• Disabled — loading DMG images will fail. The Disabled policy will still let the macOS Recovery load in most cases as typically, there are boot.efi files compatible with Apple Secure Boot. Manually downloaded DMG images stored in com.apple.recovery.boot directories will not load, however.\n• Signed — only Apple-signed DMG images will load. Due to the design of Apple Secure Boot, the Signed policy will let any Apple-signed macOS Recovery load regardless of the Apple Secure Boot state, which may not always be desired. While using signed DMG images is more desirable, verifying the image signature may slightly slow the boot time down (by up to 1 second).\n• Any — any DMG images will mount as normal filesystems. The Any policy is strongly discouraged and will result in boot failures when Apple Secure Boot is active.";
/* l6D-xS-M37 */
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to j137.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0\n\nPlatformInfo and SecureBootModel are independent, allowing to enabling Apple Secure Boot with any SMBIOS.\nSetting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to x86legacy.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0.1 (20B29)\n\nWarning: Not all Apple Secure Boot models are supported on all hardware configurations. Starting with macOS 12 x86legacy is the only Apple Secure Boot model compatible with software update on hardware without T2 chips.\n\nApple Secure Boot appeared in macOS 10.13 on models with T2 chips. Since PlatformInfo and SecureBootModel are independent, Apple Secure Boot can be used with any SMBIOS with and without T2. Setting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security. Check ForceSecureBootScheme when using Apple Secure Boot on a virtual machine.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
/* NCW-lH-X8S */
"TT_PasswordHash" = "Type: plist data 64 bytes\nFailsafe: all zero\nDescription: Password hash used when EnabledPassword is set.";
...
...
@@ -1519,10 +1519,10 @@
"TT_JumpstartHotPlug" = "Type: plist boolean\nFailsafe: false\nDescription: Load APFS drivers for newly connected devices.\n\nPermits APFS USB hot plug which enables loading APFS drivers, both at OpenCore startup and during OpenCore picker dusplay. Disable if not required.";
/* L9i-6i-Mis */
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2020/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2021/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
/* TYZ-jG-lfr */
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to the latest point release from High Sierra.\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to allow macOS Big Sur and newer (1600000000000000).\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
/* AppleInput */
/* frr-qu-WDh */
...
...
@@ -1642,7 +1642,7 @@
"TT_AppleDebugLog" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple Debug Log protocol with a builtin version.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.\n\nNote 2: On systems without native support for ForceDisplayRotationInEFI, DirectGopRendering=true is also required for this setting to have an effect.";
"TT_AppleFramebufferInfo" = "Type: plist boolean\nFailsafe: false \nDescription: Replaces the Apple Framebuffer Info protocol with a builtin version. This may be used to override framebuffer information on VMs or legacy Macs to improve compatibility with legacy EfiBoot such as the one in macOS 10.4.";
<string>An unofficial macOS kernel extension for Realtek PCIe/USB-based SD card readers. It uses the Linux driver as a reference implementation but is written from scratch and carefully designed for macOS to deliver the best performance.</string>
<string>An unofficial macOS kernel extension for Realtek PCIe/USB-based SD card readers. It uses the Linux driver as a reference implementation but is written from scratch and carefully designed for macOS to deliver the best performance.</string>
<string>An unofficial macOS kernel extension for Realtek PCIe/USB-based SD card readers. It uses the Linux driver as a reference implementation but is written from scratch and carefully designed for macOS to deliver the best performance.</string>
"TT_dmgloading" = "Type: plist string\nFailsafe: Signed\nDefine Disk Image (DMG) loading policy used for macOS Recovery.\n\nValid values:\n• Disabled — loading DMG images will fail. The Disabled policy will still let the macOS Recovery load in most cases as typically, there are boot.efi files compatible with Apple Secure Boot. Manually downloaded DMG images stored in com.apple.recovery.boot directories will not load, however.\n• Signed — only Apple-signed DMG images will load. Due to the design of Apple Secure Boot, the Signed policy will let any Apple-signed macOS Recovery load regardless of the Apple Secure Boot state, which may not always be desired. While using signed DMG images is more desirable, verifying the image signature may slightly slow the boot time down (by up to 1 second).\n• Any — any DMG images will mount as normal filesystems. The Any policy is strongly discouraged and will result in boot failures when Apple Secure Boot is active.";
/* l6D-xS-M37 */
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to j137.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0\n\nPlatformInfo and SecureBootModel are independent, allowing to enabling Apple Secure Boot with any SMBIOS.\nSetting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
"TT_secureBootModel" = "Type: plist string \nFailsafe: Default\nDescription: Apple Secure Boot hardware model.\n\nSets Apple Secure Boot hardware model and policy. Specifying this value defines which operating systems will be bootable. Operating systems shipped before the specified model was released will not boot.\n\nValid values:\n• Default — Recent available model, currently set to x86legacy.\n• Disabled — No model, Secure Boot will be disabled.\n• j137 — iMacPro1,1 (December 2017) minimum macOS 10.13.2 (17C2111)\n• j680 — MacBookPro15,1 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j132 — MacBookPro15,2 (July 2018) minimum macOS 10.13.6 (17G2112)\n• j174 — Macmini8,1 (October 2018) minimum macOS 10.14 (18A2063)\n• j140k — MacBookAir8,1 (October 2018) minimum macOS 10.14.1 (18B2084)\n• j780 — MacBookPro15,3 (May 2019) minimum macOS 10.14.5 (18F132)\n• j213 — MacBookPro15,4 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j140a — MacBookAir8,2 (July 2019) minimum macOS 10.14.5 (18F2058)\n• j152f — MacBookPro16,1 (November 2019) minimum macOS 10.15.1 (19B2093)\n• j160 — MacPro7,1 (December 2019) minimum macOS 10.15.1 (19B88)\n• j230k — MacBookAir9,1 (March 2020) minimum macOS 10.15.3 (19D2064)\n• j214k — MacBookPro16,2 (May 2020) minimum macOS 10.15.4 (19E2269)\n• j223 — MacBookPro16,3 (May 2020) minimum macOS 10.15.4 (19E2265)\n• j215 — MacBookPro16,4 (June 2020) minimum macOS 10.15.5 (19F96)\n• j185 — iMac20,1 (August 2020) minimum macOS 10.15.6 (19G2005)\n• j185f — iMac20,2 (August 2020) minimum macOS 10.15.6 (19G2005)\n• x86legacy — Macs and VMs without T2 chip minimum macOS 11.0.1 (20B29)\n\nWarning: Not all Apple Secure Boot models are supported on all hardware configurations. Starting with macOS 12 x86legacy is the only Apple Secure Boot model compatible with software update on hardware without T2 chips.\n\nApple Secure Boot appeared in macOS 10.13 on models with T2 chips. Since PlatformInfo and SecureBootModel are independent, Apple Secure Boot can be used with any SMBIOS with and without T2. Setting SecureBootModel to any valid value but Disabled is equivalent to Medium Security of Apple Secure Boot. The ApECID value must also be specified to achieve Full Security. Check ForceSecureBootScheme when using Apple Secure Boot on a virtual machine.\n\nNote that enabling Apple Secure Boot is demanding on invalid configurations, faulty macOS installations, and on unsupported setups.\n\nThings to consider:\n(a) As with T2 Macs, all unsigned kernel extensions as well as several signed kernel extensions, including NVIDIA Web Drivers, cannot be installed.\n(b) The list of cached kernel extensions may be different, resulting in a need to change the list of Added or Forced kernel extensions. For example, IO80211Family cannot be injected in this case.\n(c) System volume alterations on operating systems with sealing, such as macOS 11, may result in the operating system being unbootable. Do not try to disable system volume encryption unless Apple Secure Boot is disabled.\n(d) Boot failures might occur when the platform requires certain settings, but they have not been enabled because the associated issues were not discovered earlier. Be extra careful with IgnoreInvalidFlexRatio or HashServices.\n(e) Operating systems released before Apple Secure Boot was released (e.g. macOS 10.12 or earlier), will still boot until UEFI Secure Boot is enabled. This is so because Apple Secure Boot treats these as incompatible and they are then handled by the firmware (as Microsoft Windows is).\n(f) On older CPUs (e.g. before Sandy Bridge), enabling Apple Secure Boot might cause slightly slower loading (by up to 1 second).\n(g) As the Default value will increase with time to support the latest major released operating system, it is not recommended to use the ApECID and the Default settings together.\n(h) Installing macOS with Apple Secure Boot enabled is not possible while using HFS+ target volumes. This may include HFS+ formatted drives when no spare APFS drive is available.\n\nThe installed operating system may have sometimes outdated Apple Secure Boot manifests on the Preboot partition, resulting in boot failures. This is likely to be the case when an “OCB: Apple Secure Boot prohibits this boot entry, enforcing!” message is logged.\n\nWhen this happens, either reinstall the operating system or copy the manifests (files with .im4m extension, such as boot.efi.j137.im4m) from /usr/standalone/i386 to /Volumes/Preboot/<UUID>/System/Library/CoreServices. Here, <UUID> is the system volume identifier. On HFS+ installations, the manifests should be copied to /System/Library/CoreServices on the system volume.\n\nFor more details on how to configure Apple Secure Boot with UEFI Secure Boot, refer to the UEFI Secure Boot";
/* NCW-lH-X8S */
"TT_PasswordHash" = "Type: plist data 64 bytes\nFailsafe: all zero\nDescription: Password hash used when EnabledPassword is set.";
...
...
@@ -1519,10 +1519,10 @@
"TT_JumpstartHotPlug" = "Type: plist boolean\nFailsafe: false\nDescription: Load APFS drivers for newly connected devices.\n\nPermits APFS USB hot plug which enables loading APFS drivers, both at OpenCore startup and during OpenCore picker dusplay. Disable if not required.";
/* L9i-6i-Mis */
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2020/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
"TT_MinDate" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver date.\n\nThe APFS driver date connects the APFS driver with the calendar release date. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported release date of APFS in OpenCore. The default release date will increase with time and thus this setting is recommended. Currently set to 2021/01/01.\n• -1 — permit any release date to load (strongly discouraged).\n• Other — use custom minimal APFS release date, e.g. 20200401 for 2020/04/01. APFS release dates can be found in OpenCore boot log and OcApfsLib.";
/* TYZ-jG-lfr */
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to the latest point release from High Sierra.\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
"TT_MinVersion" = "Type: plist integer\nFailsafe: 0\nDescription: Minimal allowed APFS driver version.\n\nThe APFS driver version connects the APFS driver with the macOS release. Apple ultimately drops support for older macOS releases and APFS drivers from such releases may contain vulnerabilities that can be used to compromise a computer if such drivers are used after support ends. This option permits restricting APFS drivers to current macOS versions.\n\n• 0 — require the default supported version of APFS in OpenCore. The default version will increase with time and thus this setting is recommended. Currently set to allow macOS Big Sur and newer (1600000000000000).\n• -1 — permit any version to load (strongly discouraged).\n• Other — use custom minimal APFS version, e.g. 1412101001000000 from macOS Catalina 10.15.4. APFS versions can be found in OpenCore boot log and OcApfsLib.";
/* AppleInput */
/* frr-qu-WDh */
...
...
@@ -1642,7 +1642,7 @@
"TT_AppleDebugLog" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple Debug Log protocol with a builtin version.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.";
"TT_AppleEg2Info" = "Type: plist boolean\nFailsafe: false\nDescription: Replaces the Apple EFI Graphics 2 protocol with a builtin version.\n\nNote: This protocol allows newer EfiBoot versions (at least 10.15) to expose screen rotation to macOS. Refer to forceDisplayRotationInEFI variable description on how to set screen rotation angle.\n\nNote 2: On systems without native support for ForceDisplayRotationInEFI, DirectGopRendering=true is also required for this setting to have an effect.";
"TT_AppleFramebufferInfo" = "Type: plist boolean\nFailsafe: false \nDescription: Replaces the Apple Framebuffer Info protocol with a builtin version. This may be used to override framebuffer information on VMs or legacy Macs to improve compatibility with legacy EfiBoot such as the one in macOS 10.4.";
