Jump to content

SMC Emulation in DSDT


EncryptedSoul
 Share

47 posts in this topic

Recommended Posts

I have the SMC emulation code, just need return keys for page decryption....

 

 

Device (SMC)

{

Name (_HID, EisaId ("APP0001"))

Name (_CID, "smc-napa")

Name (_STA, 0x0B)

Name (_CRS, ResourceTemplate ()

{

IO (Decode16,

0x0300, // Range Minimum

0x0300, // Range Maximum

0x01, // Alignment

0x20, // Length

)

})

Method (OSK0, 0, NotSerialized)

{

Return (need key)

}

 

Method (OSK1, 0, NotSerialized)

{

Return (need key)

}

}

 

 

When booting in verbose SMC Emulation is working but the Host errors out with fsInterrupt error, and the guest side errors out with SMC:Start Failure

 

But for now, everyone can have an emulated SMC chip!

 

Confirm by kextstat to see the presence of AppleSMC, and check for it in ioreg too.

 

~ES

Link to comment
Share on other sites

so I googled for those two keys, copied and pasted but it didn't work.. what am I missing?

SMC Emulation is working fine, but the injection of keys is still being worked on ATM.

 

There is talk about not even needing the key data value's, instead only needing the bit key values injected when they are called for from the OS.

 

Perfect example of this was the Alexander Graf patch for QEMU.

 

There isn't a doubt in my mind this will be working very soon.

Link to comment
Share on other sites

so there's no solution yet? 'cos I was already emulating smc by a while..

Roisoft, as well as myself have been working together on different scenarios on key calls and bit returns.

 

We have all the data at hand, it's the emulation for decryption calls we are trying to iron out.

 

BTY, it's good to see you Dr.Hurt.

 

~ES

Link to comment
Share on other sites

Update: As of right now, SMC loads with interrupt resource error in verbose.

 

I also have a CPU_CST_Evaluation error that wasn't present before. Not sure if it's a smc_plugin error or an smc initializing error. Can someone try to confirm if this error is present without smc emulation.

 

Thanks in advance!

Link to comment
Share on other sites

Code we are corrently working on, needs memory addressing think?

 

Device (SMC)

{

Name (_HID, EisaId ("APP0001"))

Name (_CID, "smc-napa")

Name (_STA, 0x0B)

Name (_CRS, ResourceTemplate ()

{

IO (Decode16,

0x0300, // Range Minimum

0x0300, // Range Maximum

0x01, // Alignment

0x20, // Length

)

})

Name (OSK0, Buffer (0x20)

{

/* 0000 */ 0x6F, 0x75, 0x72, 0x68, 0x61, 0x72, 0x64, 0x77,

/* 0008 */ 0x6F, 0x72, 0x6B, 0x62, 0x79, 0x74, 0x68, 0x65,

/* 0010 */ 0x73, 0x65, 0x77, 0x6F, 0x72, 0x64, 0x73, 0x67,

/* 0018 */ 0x75, 0x61, 0x72, 0x64, 0x65, 0x64, 0x70, 0x6C

})

Method (KEY0, 0, NotSerialized)

{

Return (Package (0x0110)

{

0x59,

0x6F,

0x75,

0x72,

0x20,

0x6B,

0x61,

0x72,

0x6D,

0x61,

0x20,

0x63,

0x68,

0x65,

0x63,

0x6B,

0x20,

0x66,

0x6F,

0x72,

0x20,

0x74,

0x6F,

0x64,

0x61,

0x79,

0x3A,

0x0A,

0x54,

0x68,

0x65,

0x72,

0x65,

0x20,

0x6F,

0x6E,

0x63,

0x65,

0x20,

0x77,

0x61,

0x73,

0x20,

0x77,

0x61,

0x73,

0x20,

0x61,

0x20,

0x75,

0x73,

0x65,

0x72,

0x20,

0x74,

0x68,

0x61,

0x74,

0x20,

0x77,

0x68,

0x69,

0x6E,

0x65,

0x64,

0x0A,

0x68,

0x69,

0x73,

0x20,

0x65,

0x78,

0x69,

0x73,

0x74,

0x69,

0x6E,

0x67,

0x20,

0x4F,

0x53,

0x20,

0x77,

0x61,

0x73,

0x20,

0x73,

0x6F,

0x20,

0x62,

0x6C,

0x69,

0x6E,

0x64,

0x2C,

0x0A,

0x68,

0x65,

0x27,

0x64,

0x20,

0x64,

0x6F,

0x20,

0x62,

0x65,

0x74,

0x74,

0x65,

0x72,

0x20,

0x74,

0x6F,

0x20,

0x70,

0x69,

0x72,

0x61,

0x74,

0x65,

0x0A,

0x61,

0x6E,

0x20,

0x4F,

0x53,

0x20,

0x74,

0x68,

0x61,

0x74,

0x20,

0x72,

0x61,

0x6E,

0x20,

0x67,

0x72,

0x65,

0x61,

0x74,

0x0A,

0x62,

0x75,

0x74,

0x20,

0x66,

0x6F,

0x75,

0x6E,

0x64,

0x20,

0x68,

0x69,

0x73,

0x20,

0x68,

0x61,

0x72,

0x64,

0x77,

0x61,

0x72,

0x65,

0x20,

0x64,

0x65,

0x63,

0x6C,

0x69,

0x6E,

0x65,

0x64,

0x2E,

0x0A,

0x50,

0x6C,

0x65,

0x61,

0x73,

0x65,

0x20,

0x64,

0x6F,

0x6E,

0x27,

0x74,

0x20,

0x73,

0x74,

0x65,

0x61,

0x6C,

0x20,

0x4D,

0x61,

0x63,

0x20,

0x4F,

0x53,

0x21,

0x0A,

0x52,

0x65,

0x61,

0x6C,

0x6C,

0x79,

0x2C,

0x20,

0x74,

0x68,

0x61,

0x74,

0x27,

0x73,

0x20,

0x77,

0x61,

0x79,

0x20,

0x75,

0x6E,

0x63,

0x6F,

0x6F,

0x6C,

0x2E,

0x0A,

0x20,

0x20,

0x20,

0x28,

0x43,

0x29,

0x20,

0x41,

0x70,

0x70,

0x6C,

0x65,

0x20,

0x43,

0x6F,

0x6D,

0x70,

0x75,

0x74,

0x65,

0x72,

0x2C,

0x20,

0x49,

0x6E,

0x63,

0x2E,

0x90,

0xFC,

0x19,

Zero,

0x7F,

0xFC,

0x19,

Zero,

0x6C,

0xFC,

0x19,

Zero,

0x9E

})

}

 

Name (OSK1, Buffer (0x20)

{

/* 0000 */ 0x65, 0x61, 0x73, 0x65, 0x64, 0x6F, 0x6E, 0x74,

/* 0008 */ 0x73, 0x74, 0x65, 0x61, 0x6C, 0x28, 0x63, 0x29,

/* 0010 */ 0x41, 0x70, 0x70, 0x6C, 0x65, 0x43, 0x6F, 0x6D,

/* 0018 */ 0x70, 0x75, 0x74, 0x65, 0x72, 0x49, 0x6E, 0x63

})

Method (KEY1, 0, NotSerialized)

{

Return (Package (0x40)

{

0x6F,

0x75,

0x72,

0x68,

0x61,

0x72,

0x64,

0x77,

0x6F,

0x72,

0x6B,

0x62,

0x79,

0x74,

0x68,

0x65,

0x73,

0x65,

0x77,

0x6F,

0x72,

0x64,

0x73,

0x67,

0x75,

0x61,

0x72,

0x64,

0x65,

0x64,

0x70,

0x6C,

0x65,

0x61,

0x73,

0x65,

0x64,

0x6F,

0x6E,

0x74,

0x73,

0x74,

0x65,

0x61,

0x6C,

0x28,

0x63,

0x29,

0x41,

0x70,

0x70,

0x6C,

0x65,

0x43,

0x6F,

0x6D,

0x70,

0x75,

0x74,

0x65,

0x72,

0x49,

0x6E,

0x63

})

}

}

Link to comment
Share on other sites

with SMC emulation:

 

6/12/09 11:50:34 PM kernel ACPI_SMC_PlatformPlugin::pushCPU_CSTData - _CST evaluation failed 
6/12/09 11:50:34 PM kernel SMC::smcInitEventSources ERROR: failed to create fInterruptSource 
6/12/09 11:50:34 PM kernel SMC::smcInitHelper ERROR: smcInitEventSources failed (kIOReturnError) 
6/12/09 11:50:34 PM kernel SMC::start ERROR: smcInitHelper failed (kIOReturnError)

 

without:

 

6/12/09 11:59:49 PM kernel ACPI_SMC_PlatformPlugin::pushCPU_CSTData - _CST evaluation failed

 

In both cases AppleSMC is present in the kextstat.

Still booting with decrypt kext for now.

Link to comment
Share on other sites

with SMC emulation:

 

6/12/09 11:50:34 PM kernel ACPI_SMC_PlatformPlugin::pushCPU_CSTData - _CST evaluation failed 
6/12/09 11:50:34 PM kernel SMC::smcInitEventSources ERROR: failed to create fInterruptSource 
6/12/09 11:50:34 PM kernel SMC::smcInitHelper ERROR: smcInitEventSources failed (kIOReturnError) 
6/12/09 11:50:34 PM kernel SMC::start ERROR: smcInitHelper failed (kIOReturnError)

 

without:

 

6/12/09 11:59:49 PM kernel ACPI_SMC_PlatformPlugin::pushCPU_CSTData - _CST evaluation failed

 

In both cases AppleSMC is present in the kextstat.

Still booting with decrypt kext for now.

Yeah, emulation of the smc chip is working, however we need to figure out a way to have the data keys and bit keys injected into memory where they need to be.

 

As a side note, Device (SMC) should be inserted into the dsdt table before Device (DMAC) and after Device (LNKH).

 

It is a possible task, we just need to figure out how it needs to be implemented in DSDT.

Link to comment
Share on other sites

Update: As of right now, SMC loads with interrupt resource error in verbose.

 

I also have a CPU_CST_Evaluation error that wasn't present before. Not sure if it's a smc_plugin error or an smc initializing error. Can someone try to confirm if this error is present without smc emulation.

 

Thanks in advance!

 

that error is related to cstates, in my laptop they were completely messed up so I had to extract them from linux and put them in my dsdt (booting with dropssdt now), see the 'chameleon with dsdt and ssdt override' topic :(

 

btw I don't know if that error is related to smc emulation or not but injecting your cstates and pstates enables vanilla throttling with the original applecpupm and smcplatformplugin and solves it. I still have the other init errors however

Link to comment
Share on other sites

Can someome tell us what SMC is and in which way there is an difference/advantadge for an enduser when using it on hackintosh ?

Well known (and used by me) are HDEF / LAN and GPU dsdt fixes - all with big advantages compared to EFI/natit injection.

 

THANKS!

Link to comment
Share on other sites

From Apple (Oh my Google...)

 

SMC:

The System Management Controller is an integrated circuit (computer chip) that is on the logic board of the computer. As the name implies, it is responsible for power management of the computer. It controls backlighting, hard disk spin down, sleep and wake, some charging aspects, trackpad control, and some input/output as it relates to the computer sleeping. ...

 

The lack of this chip on standard x86 motherboards means no direct support by the OS of the above mentioned functions, obliging us to use handmade kexts like voodoopower, ps2, openhaltrestart....

 

The possibility of emulating the chip (fooling the OS) through DSDT patching (like GPU, Ethernet, Sound...) would solve some (if not all) of the problems, and bringing us closer to the 101% Mac Os X experience.

 

Correct me if I'm wrong.

 

EDIT: Partially incorrect information, thanks EncryptedSoul

Further, SMC provides the key for the decryption of the binaries. Emulating it would mean:

 

...

Once this is done we will no longer need dsmos or decrypt kext.

 

For more insight read here and here

Link to comment
Share on other sites

From Apple (Oh my Google...)

 

SMC:

The System Management Controller is an integrated circuit (computer chip) that is on the logic board of the computer. As the name implies, it is responsible for power management of the computer. It controls backlighting, hard disk spin down, sleep and wake, some charging aspects, trackpad control, and some input/output as it relates to the computer sleeping. ...

 

The lack of this chip on standard x86 motherboards means no direct support by the OS of the above mentioned functions, obliging us to use handmade kexts like voodoopower, ps2, openhaltrestart....

 

The possibility of emulating the chip (fooling the OS) through DSDT patching (like GPU, Ethernet, Sound...) would solve some (if not all) of the problems, and bringing us closer to the 101% Mac Os X experience.

 

Correct me if I'm wrong.

Actually the only emulation we are trying to achieve would be the decryption of SMC.

 

Once this is done we will no longer need dsmos or decrypt kext.

Link to comment
Share on other sites

Actually the only emulation we are trying to achieve would be the decryption of SMC.

 

Once this is done we will no longer need dsmos or decrypt kext.

 

Thanks for the clarification. I din't noticed your nick ;)

Seems promising.

Link to comment
Share on other sites

There is no need to mess further with that, it won't work that way, since values from the smc are read in a completely different way.

Hi fassl

 

So there isn't a way to emulate the smc in this manner?

 

What other options do we have aside from using kexts?

 

As per David Elliott OSK0 & OSK1 keys can be emulated via emulating the smc.

 

I'm confused....

Link to comment
Share on other sites

Yes, but you don't emulate it, you just let OSX think you have a SMC device by putting it into the DSDT, you don't emulate anything, so it won't work that way.

Is there a way to copy the bit keys into a specified memory address using dsdt? We buffer info for gma950, why not buffer bit keys so when osk0 & osk1 ask for the values, they are already there.

Link to comment
Share on other sites

You talked about the QEMU patch so i assume you have read the source. I did long time ago and if i understood and remember correctly: There are two SMC ports, the command and the data port. OSX reads from the SMC as following: write to the command port what value it wants to know and then the SMC device puts data to the data port byte wise like:

Command: read OSK0

SMC returns byte 0 of OSK0

Command: read next byte

SMC returns byte 1 of OSK0

....

until the SMC returns that end of data is reached.

and so on.

 

Note, that is just as i remember it, it's been a long time since i read through it. But what i can say for sure, we won't be able to do it in DSDT :)

Link to comment
Share on other sites

You talked about the QEMU patch so i assume you have read the source. I did long time ago and if i understood and remember correctly: There are two SMC ports, the command and the data port. OSX reads from the SMC as following: write to the command port what value it wants to know and then the SMC device puts data to the data port byte wise like:

Command: read OSK0

SMC returns byte 0 of OSK0

Command: read next byte

SMC returns byte 1 of OSK0

....

until the SMC returns that end of data is reached.

and so on.

 

Note, that is just as i remember it, it's been a long time since i read through it. But what i can say for sure, we won't be able to do it in DSDT -_-

The qemu patch is boot loader worthy.

 

We can easily make applesmc emulation a part of Darwin.

 

I am always trying to find the "better way"... Ya know?

 

~ES

Link to comment
Share on other sites

So the benefit of last DSDT code SMC is more cosmetic (less error messages) or does the DSDT SMC does something more even there is no real smc chip ?

Thanks for explaining SMC device.

Link to comment
Share on other sites

So the benefit of last DSDT code SMC is more cosmetic (less error messages) or does the DSDT SMC does something more even there is no real smc chip ?

Thanks for explaining SMC device.

The smc code is recognized by the os, however when the os looks for the binaries to decrypt atsserver, loginwindow, finder, etc. The smc errors out with initialization errors. Basically, the os see's the supposed smc device but can't retrieve any data from it.

 

@ coconup: if you have gotten far enough to have a battery meter show, maybe it can be as simple to edit the stock kext to read your battery status.

Link to comment
Share on other sites

 Share

×
×
  • Create New...