Bootmgr (macOS): supports secure boot detection

CarterLi · CarterLi · commit d01fc56ea264 · 2025-12-27T16:11:16.000+08:00
diff --git a/src/detection/bootmgr/bootmgr_apple.c b/src/detection/bootmgr/bootmgr_apple.c
@@ -1,5 +1,25 @@
 #include "bootmgr.h"
 #include "common/io/io.h"
+#include "util/apple/cf_helpers.h"
+
+#include <IOKit/IOKitLib.h>
+
+FF_MAYBE_UNUSED static const char* detectFromIokit(bool* secureBoot)
+{
+    FF_IOOBJECT_AUTO_RELEASE io_registry_entry_t entryDevice = IORegistryEntryFromPath(kIOMainPortDefault, "IODeviceTree:/chosen");
+    if (!entryDevice)
+        return "IORegistryEntryFromPath() failed";
+
+    FF_CFTYPE_AUTO_RELEASE CFTypeRef prop = IORegistryEntryCreateCFProperty(entryDevice, CFSTR("secure-boot"), kCFAllocatorDefault, 0);
+    if (!prop)
+        return "IORegistryEntryCreateCFProperty() failed";
+
+    if (CFGetTypeID(prop) != CFDataGetTypeID() || CFDataGetLength((CFDataRef) prop) == 0)
+        return "Invalid secure-boot property";
+
+    *secureBoot = (bool) *CFDataGetBytePtr((CFDataRef) prop);
+    return NULL;
+}
 
 const char* ffDetectBootmgr(FFBootmgrResult* result)
 {
@@ -8,5 +28,7 @@ const char* ffDetectBootmgr(FFBootmgrResult* result)
 
     ffStrbufSetStatic(&result->name, "iBoot");
 
+    detectFromIokit(&result->secureBoot);
+
     return NULL;
 }
