diff --git a/Changelog.md b/Changelog.md
index 99029a64..25c55b05 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -21,6 +21,9 @@ OpenCore Changelog
- Fixed `PowerTimeoutKernelPanic` on 10.15.4
- Fixed 4K section alignment in `OpenRuntime` to fix Linux booting on SKL
- Introduced `SyncRuntimePermissions` to fix Linux booting on CFL+
+- Introduced `RebuildAppleMemoryMap` to fix macOS booting on Dell 5490
+- Removed `ShrinkMemoryMap` in favour of more advanced `RebuildAppleMemoryMap`
+- Marked `EnableWriteUnprotector` as deprecated on new systems (SKL+)
#### v0.5.6
- Various improvements to builtin text renderer
diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf
index 195cfc30..b07ca06d 100644
Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ
diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex
index 64f531de..2601c445 100755
--- a/Docs/Configuration.tex
+++ b/Docs/Configuration.tex
@@ -1293,8 +1293,8 @@ To view their current state use \texttt{pmset -g} command in Terminal.
register during their execution. This quirk requires \texttt{OC\_FIRMWARE\_RUNTIME}
protocol implemented in \texttt{OpenRuntime.efi}.
- \emph{Note}: The necessity of this quirk is determined by early boot crashes
- of the firmware.
+ \emph{Note}: This quirk may potentially weaken firmware security, please use
+ \texttt{RebuildAppleMemoryMap} instead unless it fails for you.
\item
\texttt{ForceExitBootServices}\\
@@ -1366,6 +1366,35 @@ To view their current state use \texttt{pmset -g} command in Terminal.
slide values are usable!} message in the debug log. If the message is present,
this option is to be enabled.
+\item
+ \texttt{RebuildAppleMemoryMap}\\
+ \textbf{Type}: \texttt{plist\ boolean}\\
+ \textbf{Failsafe}: \texttt{false}\\
+ \textbf{Description}: Generate Memory Map compatible with macOS.
+
+ Apple kernel has several limitations in parsing UEFI memory map:
+
+ \begin{itemize}
+ \tightlist
+ \item Memory map size must not exceed 4096 bytes as Apple kernel maps
+ it as a single 4K page. Since some firmwares have very large memory maps
+ (approximately over 100 entries) Apple kernel will crash at boot.
+ \item Memory attributes table is ignored. \texttt{EfiRuntimeServicesCode}
+ memory statically gets \texttt{RX} permissions, and all other memory types
+ get \texttt{RW} permissions. Since some firmware drivers may write to global
+ variables at runtime, Apple kernel will crash at calling UEFI runtime services,
+ unless driver \texttt{.data} section has \texttt{EfiRuntimeServicesData}
+ type.
+ \end{itemize}
+
+ To workaround these limitations this quirk applies memory attributes table
+ permissions to memory map passed to Apple kernel and optionally attempts
+ to unify contiguous slots of similar types if the resulting memory map exceeds
+ 4 KB.
+
+ \emph{Note}: The necessity of this quirk is determined by early boot failures.
+ This quirk replaces \texttt{EnableWriteUnprotector} on most platforms.
+
\item
\texttt{SetupVirtualMap}\\
\textbf{Type}: \texttt{plist\ boolean}\\
@@ -1381,20 +1410,6 @@ To view their current state use \texttt{pmset -g} command in Terminal.
new firmwares with memory protection support (like OVMF) do not support this quirk due to
\href{https://github.com/acidanthera/bugtracker/issues/719}{acidanthera/bugtracker\#719}.
-\item
- \texttt{ShrinkMemoryMap}\\
- \textbf{Type}: \texttt{plist\ boolean}\\
- \textbf{Failsafe}: \texttt{false}\\
- \textbf{Description}: Attempt to join similar memory map entries.
-
- Select firmwares have very large memory maps, which do not fit into a single 4 KB
- page, which is a requirement for Apple kernel. This quirk attempts to unify
- contiguous slots of similar types to prevent boot failures.
-
- \emph{Note}: The necessity of this quirk is determined by early boot failures.
- It is rare to need this quirk on Haswell or newer. Do not use unless you fully
- understand the consequences.
-
\item
\texttt{SignalAppleOS}\\
\textbf{Type}: \texttt{plist\ boolean}\\
@@ -1405,6 +1420,18 @@ To view their current state use \texttt{pmset -g} command in Terminal.
For example, it is supposed to enable Intel GPU in Windows and Linux in some
dual-GPU MacBook models.
+\item
+ \texttt{SyncRuntimePermissions}\\
+ \textbf{Type}: \texttt{plist\ boolean}\\
+ \textbf{Failsafe}: \texttt{false}\\
+ \textbf{Description}: Update memory permissions for \texttt{OpenRuntime} to function.
+
+ Some firmwares may incorrectly mark \texttt{OpenRuntime} as not executable, this quirks
+ updates memory map and memory attributes table to correct this.
+
+ \emph{Note}: The necessity of this quirk is determined by early boot failures either in
+ macOS or in Linux/Windows. In general only firmwares released in 2018 or later are affected.
+
\end{enumerate}
\section{DeviceProperties}\label{devprops}
diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf
index 26e54445..5c17196a 100644
Binary files a/Docs/Differences/Differences.pdf and b/Docs/Differences/Differences.pdf differ
diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex
index 9e5fdff0..b47beaa9 100644
--- a/Docs/Differences/Differences.tex
+++ b/Docs/Differences/Differences.tex
@@ -1,7 +1,7 @@
\documentclass[]{article}
%DIF LATEXDIFF DIFFERENCE FILE
%DIF DEL PreviousConfiguration.tex Fri Mar 6 09:43:05 2020
-%DIF ADD ../Configuration.tex Thu Apr 2 21:22:46 2020
+%DIF ADD ../Configuration.tex Fri Apr 3 14:10:56 2020
\usepackage{lmodern}
\usepackage{amssymb,amsmath}
@@ -1358,8 +1358,9 @@ To view their current state use \texttt{pmset -g} command in Terminal.
register during their execution. This quirk requires \texttt{OC\_FIRMWARE\_RUNTIME}
protocol implemented in \texttt{\DIFdelbegin \DIFdel{FwRuntimeServices}\DIFdelend \DIFaddbegin \DIFadd{OpenRuntime}\DIFaddend .efi}.
- \emph{Note}: The necessity of this quirk is determined by early boot crashes
- of the firmware.
+ \emph{Note}: \DIFdelbegin \DIFdel{The necessity of this quirk is determined by early boot crashes
+ of the firmware }\DIFdelend \DIFaddbegin \DIFadd{This quirk may potentially weaken firmware security, please use
+ }\texttt{\DIFadd{RebuildAppleMemoryMap}} \DIFadd{instead unless it fails for you}\DIFaddend .
\item
\texttt{ForceExitBootServices}\\
@@ -1435,7 +1436,40 @@ To view their current state use \texttt{pmset -g} command in Terminal.
this option is to be enabled.
\item
- \texttt{SetupVirtualMap}\\
+ \DIFaddbegin \texttt{\DIFadd{RebuildAppleMemoryMap}}\\
+ \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\
+ \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\
+ \textbf{\DIFadd{Description}}\DIFadd{: Generate Memory Map compatible with macOS.
+}
+
+ \DIFadd{Apple kernel has several limitations in parsing UEFI memory map:
+}
+
+ \begin{itemize}
+ \tightlist
+ \item \DIFadd{Memory map size must not exceed 4096 bytes as Apple kernel maps
+ it as a single 4K page. Since some firmwares have very large memory maps
+ (approximately over 100 entries) Apple kernel will crash at boot.
+ }\item \DIFadd{Memory attributes table is ignored. }\texttt{\DIFadd{EfiRuntimeServicesCode}}
+ \DIFadd{memory statically gets }\texttt{\DIFadd{RX}} \DIFadd{permissions, and all other memory types
+ get }\texttt{\DIFadd{RW}} \DIFadd{permissions. Since some firmware drivers may write to global
+ variables at runtime, Apple kernel will crash at calling UEFI runtime services,
+ unless driver }\texttt{\DIFadd{.data}} \DIFadd{section has }\texttt{\DIFadd{EfiRuntimeServicesData}}
+ \DIFadd{type.
+ }\end{itemize}
+
+ \DIFadd{To workaround these limitations this quirk applies memory attributes table
+ permissions to memory map passed to Apple kernel and optionally attempts
+ to unify contiguous slots of similar types if the resulting memory map exceeds
+ 4 KB.
+}
+
+ \emph{\DIFadd{Note}}\DIFadd{: The necessity of this quirk is determined by early boot failures.
+ This quirk replaces }\texttt{\DIFadd{EnableWriteUnprotector}} \DIFadd{on most platforms.
+}
+
+\item
+ \DIFaddend \texttt{SetupVirtualMap}\\
\textbf{Type}: \texttt{plist\ boolean}\\
\textbf{Failsafe}: \texttt{false}\\
\textbf{Description}: Setup virtual memory at \texttt{SetVirtualAddresses}.
@@ -1450,22 +1484,39 @@ To view their current state use \texttt{pmset -g} command in Terminal.
\href{https://github.com/acidanthera/bugtracker/issues/719}{acidanthera/bugtracker\#719}.
\item
- \texttt{ShrinkMemoryMap}\\
- \textbf{Type}: \texttt{plist\ boolean}\\
- \textbf{Failsafe}: \texttt{false}\\
- \textbf{Description}: Attempt to join similar memory map entries.
+ \DIFdelbegin \texttt{\DIFdel{ShrinkMemoryMap}}%DIFAUXCMD
+%DIFDELCMD < \\
+%DIFDELCMD < %%%
+\textbf{\DIFdel{Type}}%DIFAUXCMD
+\DIFdel{: }\texttt{\DIFdel{plist\ boolean}}%DIFAUXCMD
+%DIFDELCMD < \\
+%DIFDELCMD < %%%
+\textbf{\DIFdel{Failsafe}}%DIFAUXCMD
+\DIFdel{: }\texttt{\DIFdel{false}}%DIFAUXCMD
+%DIFDELCMD < \\
+%DIFDELCMD < %%%
+\textbf{\DIFdel{Description}}%DIFAUXCMD
+\DIFdel{: Attempt to join similar memory map entries.
+}%DIFDELCMD <
- Select firmwares have very large memory maps, which do not fit \DIFdelbegin \DIFdel{Apple kernel, permitting up to }\texttt{\DIFdel{64}} %DIFAUXCMD
-\DIFdel{slots for runtime memory}\DIFdelend \DIFaddbegin \DIFadd{into a single 4 KB
- page, which is a requirement for Apple kernel}\DIFaddend . This quirk attempts to unify
+%DIFDELCMD < %%%
+\DIFdel{Select firmwares have very large memory maps, which do not fit Apple kernel,
+ permitting up to }\texttt{\DIFdel{64}} %DIFAUXCMD
+\DIFdel{slots for runtime memory. This quirk attempts to unify
contiguous slots of similar types to prevent boot failures.
+}%DIFDELCMD <
- \emph{Note}: The necessity of this quirk is determined by early boot failures.
+%DIFDELCMD < %%%
+\emph{\DIFdel{Note}}%DIFAUXCMD
+\DIFdel{: The necessity of this quirk is determined by early boot failures.
It is rare to need this quirk on Haswell or newer. Do not use unless you fully
understand the consequences.
+}%DIFDELCMD <
-\item
- \texttt{SignalAppleOS}\\
+%DIFDELCMD < \item
+\item%DIFAUXCMD
+%DIFDELCMD < %%%
+\DIFdelend \texttt{SignalAppleOS}\\
\textbf{Type}: \texttt{plist\ boolean}\\
\textbf{Failsafe}: \texttt{false}\\
\textbf{Description}: Report macOS being loaded through OS Info for any OS.
@@ -1474,7 +1525,22 @@ To view their current state use \texttt{pmset -g} command in Terminal.
For example, it is supposed to enable Intel GPU in Windows and Linux in some
dual-GPU MacBook models.
-\end{enumerate}
+\DIFaddbegin \item
+ \texttt{\DIFadd{SyncRuntimePermissions}}\\
+ \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\
+ \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\
+ \textbf{\DIFadd{Description}}\DIFadd{: Update memory permissions for }\texttt{\DIFadd{OpenRuntime}} \DIFadd{to function.
+}
+
+ \DIFadd{Some firmwares may incorrectly mark }\texttt{\DIFadd{OpenRuntime}} \DIFadd{as not executable, this quirks
+ updates memory map and memory attributes table to correct this.
+}
+
+ \emph{\DIFadd{Note}}\DIFadd{: The necessity of this quirk is determined by early boot failures either in
+ macOS or in Linux/Windows. In general only firmwares released in 2018 or later are affected.
+}
+
+\DIFaddend \end{enumerate}
\section{DeviceProperties}\label{devprops}
diff --git a/Docs/Sample.plist b/Docs/Sample.plist
index 9c9ba9ec..e5a42ba5 100644
--- a/Docs/Sample.plist
+++ b/Docs/Sample.plist
@@ -260,10 +260,10 @@
ProvideCustomSlide
+ RebuildAppleMemoryMap
+
SetupVirtualMap
- ShrinkMemoryMap
-
SignalAppleOS
SyncRuntimePermissions
diff --git a/Docs/SampleFull.plist b/Docs/SampleFull.plist
index 9f2bfc38..f4d897b4 100644
--- a/Docs/SampleFull.plist
+++ b/Docs/SampleFull.plist
@@ -260,10 +260,10 @@
ProvideCustomSlide
+ RebuildAppleMemoryMap
+
SetupVirtualMap
- ShrinkMemoryMap
-
SignalAppleOS
SyncRuntimePermissions
diff --git a/Include/Library/OcAppleBootCompatLib.h b/Include/Library/OcAppleBootCompatLib.h
index 799af3da..c5c91d65 100644
--- a/Include/Library/OcAppleBootCompatLib.h
+++ b/Include/Library/OcAppleBootCompatLib.h
@@ -60,9 +60,11 @@ typedef struct OC_ABC_SETTINGS_ {
///
BOOLEAN ProtectCsmRegion;
///
- /// Attempt to reduce memory map entries through grouping to fit into Apple kernel.
+ /// Rebuild memory map to be compatible with Apple kernel.
+ /// - Apply memory attributes and split RT entries into code and data.
+ /// - Reduce memory map entries through grouping to fit into 4KB.
///
- BOOLEAN ShrinkMemoryMap;
+ BOOLEAN RebuildAppleMemoryMap;
///
/// Ensure that ExitBootServices call succeeds even with outdated MemoryMap key.
///
diff --git a/Include/Library/OcConfigurationLib.h b/Include/Library/OcConfigurationLib.h
index eb19fa3a..1bb1a0fe 100644
--- a/Include/Library/OcConfigurationLib.h
+++ b/Include/Library/OcConfigurationLib.h
@@ -124,8 +124,8 @@
_(BOOLEAN , ProtectSecureBoot , , FALSE , ()) \
_(BOOLEAN , ProtectUefiServices , , FALSE , ()) \
_(BOOLEAN , ProvideCustomSlide , , FALSE , ()) \
+ _(BOOLEAN , RebuildAppleMemoryMap , , FALSE , ()) \
_(BOOLEAN , SetupVirtualMap , , FALSE , ()) \
- _(BOOLEAN , ShrinkMemoryMap , , FALSE , ()) \
_(BOOLEAN , SignalAppleOS , , FALSE , ()) \
_(BOOLEAN , SyncRuntimePermissions , , FALSE , ())
OC_DECLARE (OC_BOOTER_QUIRKS)
diff --git a/Library/OcAppleBootCompatLib/OcAppleBootCompatLib.c b/Library/OcAppleBootCompatLib/OcAppleBootCompatLib.c
index a927941a..182bc997 100644
--- a/Library/OcAppleBootCompatLib/OcAppleBootCompatLib.c
+++ b/Library/OcAppleBootCompatLib/OcAppleBootCompatLib.c
@@ -124,13 +124,13 @@ OcAbcInitialize (
DEBUG ((
DEBUG_INFO,
- "OCABC: FEXITBS %d PRCSM %d CSLIDE %d PRSRV %d VMAP %d SHRMAP %d APPLOS %d RTPERMS %d\n",
+ "OCABC: FEXITBS %d PRCSM %d CSLIDE %d PRSRV %d RBMAP %d VMAP %d APPLOS %d RTPERMS %d\n",
Settings->ForceExitBootServices,
Settings->ProtectCsmRegion,
Settings->ProvideCustomSlide,
Settings->ProtectUefiServices,
+ Settings->RebuildAppleMemoryMap,
Settings->SetupVirtualMap,
- Settings->ShrinkMemoryMap,
Settings->SignalAppleOS,
Settings->SyncRuntimePermissions
));
diff --git a/Library/OcAppleBootCompatLib/ServiceOverrides.c b/Library/OcAppleBootCompatLib/ServiceOverrides.c
index 8085ed79..44028da7 100644
--- a/Library/OcAppleBootCompatLib/ServiceOverrides.c
+++ b/Library/OcAppleBootCompatLib/ServiceOverrides.c
@@ -362,9 +362,11 @@ OcGetMemoryMap (
BOOT_COMPAT_CONTEXT *BootCompat;
EFI_PHYSICAL_ADDRESS Address;
UINTN Pages;
+ UINTN OriginalSize;
BootCompat = GetBootCompatContext ();
+ OriginalSize = MemoryMapSize != 0 ? *MemoryMapSize : 0;
Status = BootCompat->ServicePtrs.GetMemoryMap (
MemoryMapSize,
MemoryMap,
@@ -373,6 +375,14 @@ OcGetMemoryMap (
DescriptorVersion
);
+ //
+ // Reserve larger area for the memory map when we need to split it.
+ //
+ if (BootCompat->ServiceState.AppleBootNestedCount > 0 && Status == EFI_BUFFER_TOO_SMALL) {
+ *MemoryMapSize += OcCountSplitDescritptors () * *DescriptorSize;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
if (EFI_ERROR (Status)) {
return Status;
}
@@ -411,7 +421,17 @@ OcGetMemoryMap (
);
}
- if (BootCompat->Settings.ShrinkMemoryMap) {
+ if (BootCompat->Settings.RebuildAppleMemoryMap) {
+ Status2 = OcSplitMemoryMapByAttributes (
+ OriginalSize,
+ MemoryMapSize,
+ MemoryMap,
+ *DescriptorSize
+ );
+ if (EFI_ERROR (Status2) && Status != EFI_UNSUPPORTED) {
+ DEBUG ((DEBUG_INFO, "OCABC: Cannot rebuild memory map - %r\n", Status));
+ }
+
ShrinkMemoryMap (
MemoryMapSize,
MemoryMap,
diff --git a/Library/OcConfigurationLib/OcConfigurationLib.c b/Library/OcConfigurationLib/OcConfigurationLib.c
index f56a2149..e856d4cf 100644
--- a/Library/OcConfigurationLib/OcConfigurationLib.c
+++ b/Library/OcConfigurationLib/OcConfigurationLib.c
@@ -176,8 +176,8 @@ mBooterQuirksSchema[] = {
OC_SCHEMA_BOOLEAN_IN ("ProtectSecureBoot", OC_GLOBAL_CONFIG, Booter.Quirks.ProtectSecureBoot),
OC_SCHEMA_BOOLEAN_IN ("ProtectUefiServices", OC_GLOBAL_CONFIG, Booter.Quirks.ProtectUefiServices),
OC_SCHEMA_BOOLEAN_IN ("ProvideCustomSlide", OC_GLOBAL_CONFIG, Booter.Quirks.ProvideCustomSlide),
+ OC_SCHEMA_BOOLEAN_IN ("RebuildAppleMemoryMap", OC_GLOBAL_CONFIG, Booter.Quirks.RebuildAppleMemoryMap),
OC_SCHEMA_BOOLEAN_IN ("SetupVirtualMap", OC_GLOBAL_CONFIG, Booter.Quirks.SetupVirtualMap),
- OC_SCHEMA_BOOLEAN_IN ("ShrinkMemoryMap", OC_GLOBAL_CONFIG, Booter.Quirks.ShrinkMemoryMap),
OC_SCHEMA_BOOLEAN_IN ("SignalAppleOS", OC_GLOBAL_CONFIG, Booter.Quirks.SignalAppleOS),
OC_SCHEMA_BOOLEAN_IN ("SyncRuntimePermissions", OC_GLOBAL_CONFIG, Booter.Quirks.SyncRuntimePermissions),
};
diff --git a/Platform/OpenCore/OpenCoreUefi.c b/Platform/OpenCore/OpenCoreUefi.c
index e272c983..4a9ac9e7 100644
--- a/Platform/OpenCore/OpenCoreUefi.c
+++ b/Platform/OpenCore/OpenCoreUefi.c
@@ -363,8 +363,8 @@ OcLoadBooterUefiSupport (
AbcSettings.ProtectCsmRegion = Config->Booter.Quirks.ProtectCsmRegion;
AbcSettings.ProvideCustomSlide = Config->Booter.Quirks.ProvideCustomSlide;
AbcSettings.ProtectUefiServices = Config->Booter.Quirks.ProtectUefiServices;
+ AbcSettings.RebuildAppleMemoryMap = Config->Booter.Quirks.RebuildAppleMemoryMap;
AbcSettings.SetupVirtualMap = Config->Booter.Quirks.SetupVirtualMap;
- AbcSettings.ShrinkMemoryMap = Config->Booter.Quirks.ShrinkMemoryMap;
AbcSettings.SignalAppleOS = Config->Booter.Quirks.SignalAppleOS;
AbcSettings.SyncRuntimePermissions = Config->Booter.Quirks.SyncRuntimePermissions;