Skip to content

Latest commit

 

History

History
492 lines (314 loc) · 23.2 KB

kaby-lake.md

File metadata and controls

492 lines (314 loc) · 23.2 KB
Raw

Kaby Lake

Starting Point

So making a config.plist may seem hard, its not. It just takes some time but this guide will tell you how to configure everything, you won't be left in the cold. This also means if you have issues, review your config settings to make sure they're correct. Main things to note with OpenCore:

  • All properties must be defined, there are no default OpenCore will fall back on so do not delete sections unless told explicitly so. If the guide doesn't mention the option, leave it at default.
  • The Sample.plist cannot be used As-Is, you must configure it to your system
  • DO NOT USE CONFIGURATORS, these rarely respect OpenCore's configuration and even some like Mackie's will add Clover properties and corrupt plists!

Now with all that, a quick reminder of the tools we need

And read this guide more than once before setting up OpenCore and make sure you have it set up correctly. Do note that images will not always be the most up-to-date so please read the text below them, if nothing's mentioned then leave as default.

ACPI

ACPI

Add

This is where you'll add SSDTs for your system, these are very important to booting macOS and have many uses like USB maps, disabling unsupported GPUs and such. And with our system, its even required to boot. Guide on making them found here: Getting started with ACPI

For us we'll need a couple of SSDTs to bring back functionality that Clover provided:

Required_SSDTs Description
SSDT-PLUG Allows for native CPU power management on Haswell and newer, see Getting Started With ACPI Guide for more details.
SSDT-EC-USBX * Fixes both the embedded controller and USB power, see Getting Started With ACPI Guide for more details.

Note that you should not add your generated DSDT.aml here, it is already in your firmware. So if present, remove the entry for it in your config.plist and under EFI/OC/ACPI.

For those wanting a deeper dive into dumping your DSDT, how to make these SSDTs, and compiling them, please see the Getting started with ACPI page. Compiled SSDTs have a .aml extension(Assembled) and will go into the EFI/OC/ACPI folder and must be specified in your config under ACPI -> Add as well.

Delete

This blocks certain ACPI tables from loading, for us we can ignore this.

Patch

This section allows us to dynamically modify parts of the ACPI (DSDT, SSDT, etc.) via OpenCore. For us, our patches are handled by our SSDTs. This is a much cleaner solution as this will allow us to boot Windows and other OSes with OpenCore

Quirks

Settings relating to ACPI, leave everything here as default as we have no use for these quirks.

Booter

Booter

This section is dedicated to quirks relating to boot.efi patching with OpenRuntime, the replacement for AptioMemoryFix.efi

MmioWhitelist

This section is allowing spaces to be passthrough to macOS that are generally ignored, useful when paired with DevirtualiseMmio

Quirks

Settings relating to boot.efi patching and firmware fixes, ones we need to change are RebuildAppleMemoryMap, SyncRuntimePermissions and SetupVirtualMap

  • AvoidRuntimeDefrag: YES
    • Fixes UEFI runtime services like date, time, NVRAM, power control, etc
  • ProvideCustomSlide: YES
    • If there's a conflicting slide value, this option forces macOS to use a pseudo-random value. Needed for those receiving Only N/256 slide values are usable! debug message
  • RebuildAppleMemoryMap: YES
    • Generates Memory Map compatible with macOS, can break on some laptop OEM firmwares so if you receive early boot failures disable this
  • SetupVirtualMap: YES
    • Fixes SetVirtualAddresses calls to virtual addresses, shouldn't be needed on Skylake and newer. Some firmware like Gigabyte may still require it, and will kernel panic without this
  • SyncRuntimePermissions: YES
    • Fixes alignment with MAT tables and required to boot Windows and Linux with MAT tables, also recommended for macOS. Mainly relevant for Skylake and newer

DeviceProperties

DeviceProperties

Add

Sets device properties from a map.

PciRoot(0x0)/Pci(0x2,0x0)

This section is set up via WhateverGreen's Framebuffer Patching Guide and is used for setting important iGPU properties.

AAPL,ig-platform-id is what macOS uses to determine how the iGPU drivers interact with our system, and the two values choose between are as follows:

  • 00001259 - this is used when the Desktop iGPU is used to drive a display
  • 03001259 - this is used when the Desktop iGPU is only used for computing tasks and doesn't drive a display

We also add 2 more properties, framebuffer-patch-enable and framebuffer-stolenmem. The first enables patching via WhateverGreen.kext, and the second sets the min stolen memory to 19MB. This is usually unnecessary, as this can be configured in BIOS(64MB recommended) but required when not available.

  • Note: Headless framebuffers(where the dGPU is the display out) do not need framebuffer-patch-enable and framebuffer-stolenmem
Key Type Value
AAPL,ig-platform-id Data 00001259
framebuffer-patch-enable Data 01000000
framebuffer-stolenmem Data 00003001

(This is an example for a desktop HD 630 without a dGPU and no BIOS options for iGPU memory)

PciRoot(0x0)/Pci(0x1b,0x0)

layout-id

  • Applies AppleALC audio injection, you'll need to do your own research on which codec your motherboard has and match it with AppleALC's layout. AppleALC Supported Codecs.
  • You can delete this property outright as it's unused for us at this time

For us, we'll be using the boot-arg alcid=xxx instead to accomplish this. alcid will override all other layout-IDs present. More info on this is covered in the Post-Install Page

Delete

Removes device properties from the map, for us we can ignore this

Fun Fact: The reason the byte order is swapped is because most modern processors are Little Endian

Kernel

Kernel

Add

Here's where you specify which kexts to load, order matters here so make sure Lilu.kext is always first! Other higher priority kexts come after Lilu such as VirtualSMC, AppleALC, WhateverGreen, etc. A reminder that ProperTree users can run Cmd/Ctrl + Shift + R to add all their kexts in the correct order without manually typing each kext out.

  • BundlePath
    • Name of the kext
    • ex: Lilu.kext
  • Enabled
    • Self-explanatory, either enables or disables the kext
  • ExecutablePath
    • Path to the actual executable is hidden within the kext, you can see what path your kext has by right-clicking and selecting Show Package Contents. Generally, they'll be Contents/MacOS/Kext but some have kexts hidden within under Plugin folder. Do note that plist only kexts do not need this filled in.
    • ex: Contents/MacOS/Lilu
  • PlistPath
    • Path to the info.plist hidden within the kext
    • ex: Contents/Info.plist

Emulate

Needed for spoofing unsupported CPUs like Pentiums and Celerons

  • CpuidMask: Leave this blank
  • CpuidData: Leave this blank

Block

Blocks certain kexts from loading. Not relevant for us.

Patch

Patches both the kernel and kexts.

Quirks

Settings relating to the kernel, for us we'll be enabling AppleCpuPmCfgLock, AppleXcpmCfgLock, DisableIOMapper, PanicNoKextDump, PowerTimeoutKernelPanic and XhciPortLimit. Everything else should be left as default

  • AppleCpuPmCfgLock: YES
    • Only needed when CFG-Lock can't be disabled in BIOS, Clover counterpart would be AppleIntelCPUPM. Please verify you can disable CFG-Lock, most systems won't boot with it on so requiring use of this quirk
  • AppleXcpmCfgLock: YES
    • Only needed when CFG-Lock can't be disabled in BIOS, Clover counterpart would be KernelPM. Please verify you can disable CFG-Lock, most systems won't boot with it on so requiring use of this quirk
  • CustomSMBIOSGuid: NO
    • Performs GUID patching for UpdateSMBIOSMode Custom mode. Usually relevant for Dell laptops
  • DisableIoMapper: YES
    • Needed to get around VT-D if either unable to disable in BIOS or needed for other operating systems, much better alternative to dart=0 as SIP can stay on in Catalina
  • DisableRtcChecksum: NO
    • Prevents AppleRTC from writing to primary checksum (0x58-0x59), required for users who either receive BIOS reset or are sent into Safe mode after reboot/shutdown
  • LapicKernelPanic: NO
    • Disables kernel panic on AP core lapic interrupt, generally needed for HP systems. Clover equivalent is Kernel LAPIC
  • PanicNoKextDump: YES
    • Allows for reading kernel panics logs when kernel panics occur
  • PowerTimeoutKernelPanic: YES
    • Helps fix kernel panics relating to power changes with Apple drivers in macOS Catalina, most notably with digital audio.
  • XhciPortLimit: YES
    • This is actually the 15 port limit patch, don't rely on it as it's not a guaranteed solution for fixing USB. Please create a USB map when possible.

The reason being is that UsbInjectAll reimplements builtin macOS functionality without proper current tuning. It is much cleaner to just describe your ports in a single plist-only kext, which will not waste runtime memory and such

Misc

Misc

Boot

Settings for boot screen (Leave everything as default).

Debug

Helpful for debugging OpenCore boot issues(We'll be changing everything but DisplayDelay).

  • AppleDebug: YES
    • Enables boot.efi logging, useful for debugging. Note this is only supported on 10.15.4 and newer
  • ApplePanic: YES
    • Attempts to log kernel panics to disk
  • DisableWatchDog: YES
    • Disables the UEFI watchdog, can help with early boot issues
  • Target: 67
    • Shows more debug information, requires debug version of OpenCore
  • DisplayLevel: 2147483650
    • Shows even more debug information, requires debug version of OpenCore

These values are based of those calculated in OpenCore debugging

Security

Security is pretty self-explanatory, do not skip.

We'll be changing AllowNvramReset, AllowSetDefault, Vault and ScanPolicy

  • AllowNvramReset: YES
    • Allows for NVRAM reset both in the boot picker and when pressing Cmd+Opt+P+R
  • AllowSetDefault: YES
    • Allow CTRL+Enter and CTRL+Index to set default boot device in the picker
  • AuthRestart: NO
    • Enables Authenticated restart for FileVault 2 so password is not required on reboot. Can be considered a security risk so optional
  • BlacklistAppleUpdate: True
    • Ignores Apple's firmware updater, recommended to enable as to avoid issues with installs and updates
  • BootProtect: None
    • Allows the use of Bootstrap.efi inside EFI/OC/Bootstrap instead of BOOTx64.efi, useful for those wanting to either boot with rEFInd or avoid BOOTx64.efi overwrites from Windows. Proper use of this quirks is not be covered in this guide
  • ExposeSensitiveData: 6
    • Shows more debug information, requires debug version of OpenCore
  • Vault: Optional
    • We won't be dealing vaulting so we can ignore, you won't boot with this set to Secure
    • This is a word, it is not optional to omit this setting. You will regret it if you don't set it to Optional, note that it is case-sensitive
  • ScanPolicy: 0
    • 0 allows you to see all drives available, please refer to Security section for further details. Will not boot USB devices with this set to default

Tools

Used for running OC debugging tools like the shell, ProperTree's snapshot function will add these for you. For us, we won't be using any tools.

  • Name
    • Name shown in OpenCore
  • Enabled
    • Self-explanatory, enables or disables
  • Path

Entries

Used for specifying irregular boot paths that can't be found naturally with OpenCore.

Won't be covered here, see 8.6 of Configuration.pdf for more info

NVRAM

NVRAM

Add

4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14

Booter Path, mainly used for UI Scaling

  • UIScale:

    • 01: Standard resolution(Clover equivalent is 0x28)
    • 02: HiDPI (generally required for FileVault to function correctly on smaller displays, Clover equivalent is 0x2A)

  • DefaultBackgroundColor: Background color used by boot.efi

    • 00000000: Syrah Black
    • BFBFBF00: Light Gray

7C436110-AB2A-4BBB-A880-FE41995C9F82

System Integrity Protection bitmask

  • General Purpose boot-args:
boot-args Description
-v This enables verbose mode, which shows all the behind-the-scenes text that scrolls by as you're booting instead of the Apple logo and progress bar. It's invaluable to any Hackintosher, as it gives you an inside look at the boot process, and can help you identify issues, problem kexts, etc.
debug=0x100 This disables macOS's watchdog which helps prevents a reboot on a kernel panic. That way you can hopefully glean some useful info and follow the breadcrumbs to get past the issues.
keepsyms=1 This is a companion setting to debug=0x100 that tells the OS to also print the symbols on a kernel panic. That can give some more helpful insight as to what's causing the panic itself.
alcid=1 Used for setting layout-id for AppleALC, see supported codecs to figure out which layout to use for your specific system. More info on this is covered in the Post-Install Page
  • GPU-Specific boot-args:
boot-args Description
agdpmod=pikera Used for disabling boardID on Navi GPUs(RX 5000 series), without this you'll get a black screen. Don't use if you don't have Navi(ie. Polaris and Vega cards shouldn't use this)
nvda_drv_vrl=1 Used for enabling Nvidia's Web Drivers on Maxwell and Pascal cards in Sierra and HighSierra
-wegnoegpu Used for disabling all other GPUs than the integrated Intel iGPU, useful for those wanting to run newer versions of macOS where their dGPU isn't supported
  • csr-active-config: Settings for SIP, generally recommended to manually change this within Recovery partition with csrutil via the recovery partition

csr-active-config is set to 00000000 which enables System Integrity Protection. You can choose a number of other options to enable/disable sections of SIP. Some common ones are as follows:

  • 00000000 - SIP completely enabled
  • 03000000 - Allow unsigned kexts and writing to protected fs locations
  • E7030000 - SIP completely disabled

Recommended to leave enabled (00000000) for best security practices, see here for all possible values: csr.h.

  • prev-lang:kbd: <>
    • Needed for non-latin keyboards in the format of lang-COUNTRY:keyboard, recommended to keep blank though you can specify it(Default in Sample config is Russian):
    • American: en-US:0(656e2d55533a30 in HEX)
    • Full list can be found in AppleKeyboardLayouts.txt
    • Hint: prev-lang:kbd can be changed into a String so you can input en-US:0 directly instead of converting to HEX
Key Type Value
prev-lang:kbd String en-US:0

Delete

Forcibly rewrites NVRAM variables, do note that Add will not overwrite values already present in NVRAM so values like boot-args should be left alone.

LegacyEnable: NO

  • Allows for NVRAM to be stored on nvram.plist, needed for systems without native NVRAM

LegacyOverwrite: NO

  • Permits overwriting firmware variables from nvram.plist, only needed for systems without native NVRAM

LegacySchema

  • Used for assigning NVRAM variables, used with LegacyEnable set to YES

WriteFlash: YES

  • Enables writing to flash memory for all added variables.

PlatformInfo

PlatformInfo

For setting up the SMBIOS info, we'll use CorpNewt's GenSMBIOS application.

For this Kaby Lake example, we'll chose the iMac18,1 SMBIOS - this is done intentionally for compatibility's sake. There are two main SMBIOS used for Kaby Lake:

  • iMac18,1 - this is used for computers utilizing the iGPU for displaying.
  • iMac18,3 - this is used for computers using a dGPU for displaying, and an iGPU for computing tasks only.

Run GenSMBIOS, pick option 1 for downloading MacSerial and Option 3 for selecting out SMBIOS. This will give us an output similar to the following:

  #######################################################
 #               iMac18,1 SMBIOS Info                  #
#######################################################

Type:         iMac18,1
Serial:       C02Z2CZ5H7JY
Board Serial: C02928701GUH69FFB
SmUUID:       AA043F8D-33B6-4A1A-94F7-46972AAD0607

The Type part gets copied to Generic -> SystemProductName.

The Serial part gets copied to Generic -> SystemSerialNumber.

The Board Serial part gets copied to Generic -> MLB.

The SmUUID part gets copied to Generic -> SystemUUID.

We set Generic -> ROM to either an Apple ROM (dumped from a real Mac), your NIC MAC address, or any random MAC address (could be just 6 random bytes, for this guide we'll use 11223300 0000. After install follow the Fixing iServices page on how to find your real MAC Address)

Reminder that you want either an invalid serial or valid serial numbers but those not in use, you want to get a message back like: "Invalid Serial" or "Purchase Date not Validated"

Apple Check Coverage page

Automatic: YES

  • Generates PlatformInfo based on Generic section instead of DataHub, NVRAM, and SMBIOS sections

Generic

  • SpoofVendor: YES
    • Swaps vendor field for Acidanthera, generally not safe to use Apple as a vendor in most case
  • AdviseWindows: NO
    • Used for when the EFI partition isn't first on the Windows drive

UpdateDataHub: YES

  • Update Data Hub fields

UpdateNVRAM: YES

  • Update NVRAM fields

UpdateSMBIOS: YES

  • Updates SMBIOS fields

UpdateSMBIOSMode: Create

  • Replace the tables with newly allocated EfiReservedMemoryType, use Custom on Dell laptops requiring CustomSMBIOSGuid quirk

UEFI

UEFI

ConnectDrivers: YES

  • Forces .efi drivers, change to NO will automatically connect added UEFI drivers. This can make booting slightly faster, but not all drivers connect themselves. E.g. certain file system drivers may not load.

Drivers

Add your .efi drivers here.

Only drivers present here should be:

  • HfsPlus.efi
  • OpenRuntime.efi

APFS

Settings related to the APFS driver, leave everything here as default.

Audio

Related to AudioDxe settings, for us we'll be ignoring(leave as default). This is unrelated to audio support in macOS.

Input

Related to boot.efi keyboard passthrough used for FileVault and Hotkey support, leave everything here as default as we have no use for these quirks. See here for more details: Security and FileVault

Output

Relating to OpenCore's visual output, leave everything here as default as we have no use for these quirks.

ProtocolOverrides

Mainly relevant for Virtual machines, legacy macs and FileVault users. See here for more details: Security and FileVault

Quirks

  • DeduplicateBootOrder: YES

    • Request fallback of some Boot prefixed variables from OC_VENDOR_VARIABLE_GUID to EFI_GLOBAL_VARIABLE_GUID. Used for fixing boot options.

  • RequestBootVarRouting: YES

    • Redirects AptioMemoryFix from EFI_GLOBAL_VARIABLE_GUID to OC\_VENDOR\_VARIABLE\_GUID. Needed for when firmware tries to delete boot entries and is recommended to be enabled on all systems for correct update installation, Startup Disk control panel functioning, etc.

  • UnblockFsConnect: NO

    • Some firmware block partition handles by opening them in By Driver mode, which results in File System protocols being unable to install. Mainly relevant for HP systems when no drives are listed

ReservedMemory

Used for exempting certain memory regions from OSes to use, mainly relevant for Sandy Bridge iGPUs or systems with faulty memory. Use of this quirk is not covered in this guide

Cleaning up

And now you're ready to save and place it into your EFI under EFI/OC.

For those having booting issues, please make sure to read the Troubleshooting section first and if your questions are still unanswered we have plenty of resources at your disposal:

Sanity check:

So thanks to the efforts of Ramus, we also have an amazing tool to help verify your config for those who may have missed something:

Intel BIOS settings

Disable

  • Fast Boot
  • Secure Boot
  • VT-d (can be enabled if you set DisableIoMapper to YES)
  • CSM
  • Thunderbolt(For initial install, as Thunderbolt can cause issues if not setup correctly)
  • Intel SGX
  • Intel Platform Trust
  • CFG Lock (MSR 0xE2 write protection)(This must be off, if you can't find the option then enable both AppleCpuPmCfgLock and AppleXcpmCfgLock under Kernel -> Quirks. Your hack will not boot with CFG-Lock enabled)

Enable

  • VT-x
  • Above 4G decoding
  • Hyper-Threading
  • Execute Disable Bit
  • EHCI/XHCI Hand-off
  • OS type: Windows 8.1/10 UEFI Mode
  • DVMT Pre-Allocated(iGPU Memory): 64MB

Now with all this done

... head to Post-install.