Open
Conversation
Owner
|
Reset HEAD~2 |
- setup-macos-vm-xen.sh : Xen HVM config (xl/libxl) with OVMF UEFI, OpenCore ESP image, macOS Recovery download via macrecovery.py - setup-macos-vm.sh : QEMU/KVM variant with SDL display - Both scripts: * Clone b23prodtm/OpCore-Simplify@fix/validator * --skip-ocs / --skip-recovery / --dryrun flags * run() wrapper for dry-run mode (no destructive ops) * Root-only enforcement * 3-level EFI path resolution (cache → find → manual) - .github/workflows/test-dryrun.yml: * ShellCheck lint job * Dry-run CI jobs for both Xen and KVM variants * Mock /proc/xen, xl, /dev/kvm, OVMF for headless testing
Alternate repository already exists in b23prodtm/macos-vm-in-linux
Detect Xen/QEMU/VMware/KVM from Motherboard name, BIOS version or System Type in hardware_report. When running inside a VM, override generated config.plist with: - Misc.Boot.PickerMode = Builtin (OpenCanopy requires Resources/ folder, absent in VM → black screen) - Misc.Security.SecureBootModel = Disabled (no T2 chip in VM → kernel panic with Default) - Misc.Security.DmgLoading = Any (Recovery DMG may not be Apple-signed via macrecovery.py) - Kernel.Quirks.LapicKernelPanic = true (unmasked LAPIC interrupts under Xen/QEMU) - Kernel.Quirks.ProvideCurrentCpuInfo = true (TSC reads 0 Hz in Xen, OC provides correct info) - Booter.Quirks.RebuildAppleMemoryMap = true (GetMemoryMap pointer trashed in some hypervisors) - UEFI.Drivers[OpenCanopy.efi].Enabled = false - UEFI.Output.TextRenderer = SystemGeneric - UEFI.Output.Resolution = 1024x768 - UEFI.Output.DirectGopRendering = true - UEFI.Quirks.TscSyncTimeout = 1000 - Misc.Debug.AppleDebug/ApplePanic/DisableWatchDog = true
OC 0.9.7+ auto-overrides SecureBootModel=Disabled with x86legacy when a hypervisor is detected (log: 'Hypervisor SB model is x86legacy'). Add two fixes in VM overrides block: - UEFI.Quirks.DisableSecurityPolicy = True Prevents OC from enforcing any SB policy regardless of model - Misc.Security.ApECID = 0 Disables per-machine SB personalization - Kernel.Quirks.ForceSecureBootScheme = False Ensures no scheme is forced over our Disabled setting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add better Linux support
Three fixes for running OpCore Simplify on Linux without workarounds.
Changes
OpCore-Simplify.py— Auto-update now off by default, opt in via OCS_CHECK_UPDATES=1.Scripts/report_validator.py— Relaxed two regex patterns that were rejecting valid Linux-generated hardware reports:HDMI-A connector type (correct EDID/DRM naming, reported by hwinfo)
ACPI paths outside _SB scope (TZ, _GPE, bare root refs like \GSA1)
Scripts/datasets/kext_data.py + Scripts/kext_maestro.py— Replaced USBToolBox/UTBDefault with USBInjectAll. USBToolBox requires a Windows/macOS companion app to generate UTBMap.kext, which is unavailable on Linux. USBInjectAll is self-contained, no mapping step required. Capped at Darwin 20.x — users targeting Monterey+ are prompted to map USB manually post-install.Notes
OCS_CHECK_UPDATESdefaults to 0, set to 1 to restore previous behaviourACPI regex change is additive, no previously valid paths affected
Tested on openSUSE Tumbleweed