Jump to content
InsanelyMac Forum
EncryptedSoul

SMC Emulation in DSDT

Recommended Posts

I have the SMC emulation code, just need return keys for page decryption....

 

 

Device (SMC)

{

Name (_HID, EisaId ("APP0001"))

Name (_CID, "smc-napa")

Name (_STA, 0x0B)

Name (_CRS, ResourceTemplate ()

{

IO (Decode16,

0x0300, // Range Minimum

0x0300, // Range Maximum

0x01, // Alignment

0x20, // Length

)

})

Method (OSK0, 0, NotSerialized)

{

Return (need key)

}

 

Method (OSK1, 0, NotSerialized)

{

Return (need key)

}

}

 

 

When booting in verbose SMC Emulation is working but the Host errors out with fsInterrupt error, and the guest side errors out with SMC:Start Failure

 

But for now, everyone can have an emulated SMC chip!

 

Confirm by kextstat to see the presence of AppleSMC, and check for it in ioreg too.

 

~ES

Share this post


Link to post
Share on other sites
Advertisement
so I googled for those two keys, copied and pasted but it didn't work.. what am I missing?

SMC Emulation is working fine, but the injection of keys is still being worked on ATM.

 

There is talk about not even needing the key data value's, instead only needing the bit key values injected when they are called for from the OS.

 

Perfect example of this was the Alexander Graf patch for QEMU.

 

There isn't a doubt in my mind this will be working very soon.

Share this post


Link to post
Share on other sites
so there's no solution yet? 'cos I was already emulating smc by a while..

Roisoft, as well as myself have been working together on different scenarios on key calls and bit returns.

 

We have all the data at hand, it's the emulation for decryption calls we are trying to iron out.

 

BTY, it's good to see you Dr.Hurt.

 

~ES

Share this post


Link to post
Share on other sites

Update: As of right now, SMC loads with interrupt resource error in verbose.

 

I also have a CPU_CST_Evaluation error that wasn't present before. Not sure if it's a smc_plugin error or an smc initializing error. Can someone try to confirm if this error is present without smc emulation.

 

Thanks in advance!

Share this post


Link to post
Share on other sites

Code we are corrently working on, needs memory addressing think?

 

Device (SMC)

{

Name (_HID, EisaId ("APP0001"))

Name (_CID, "smc-napa")

Name (_STA, 0x0B)

Name (_CRS, ResourceTemplate ()

{

IO (Decode16,

0x0300, // Range Minimum

0x0300, // Range Maximum

0x01, // Alignment

0x20, // Length

)

})

Name (OSK0, Buffer (0x20)

{

/* 0000 */ 0x6F, 0x75, 0x72, 0x68, 0x61, 0x72, 0x64, 0x77,

/* 0008 */ 0x6F, 0x72, 0x6B, 0x62, 0x79, 0x74, 0x68, 0x65,

/* 0010 */ 0x73, 0x65, 0x77, 0x6F, 0x72, 0x64, 0x73, 0x67,

/* 0018 */ 0x75, 0x61, 0x72, 0x64, 0x65, 0x64, 0x70, 0x6C

})

Method (KEY0, 0, NotSerialized)

{

Return (Package (0x0110)

{

0x59,

0x6F,

0x75,

0x72,

0x20,

0x6B,

0x61,

0x72,

0x6D,

0x61,

0x20,

0x63,

0x68,

0x65,

0x63,

0x6B,

0x20,

0x66,

0x6F,

0x72,

0x20,

0x74,

0x6F,

0x64,

0x61,

0x79,

0x3A,

0x0A,

0x54,

0x68,

0x65,

0x72,

0x65,

0x20,

0x6F,

0x6E,

0x63,

0x65,

0x20,

0x77,

0x61,

0x73,

0x20,

0x77,

0x61,

0x73,

0x20,

0x61,

0x20,

0x75,

0x73,

0x65,

0x72,

0x20,

0x74,

0x68,

0x61,

0x74,

0x20,

0x77,

0x68,

0x69,

0x6E,

0x65,

0x64,

0x0A,

0x68,

0x69,

0x73,

0x20,

0x65,

0x78,

0x69,

0x73,

0x74,

0x69,

0x6E,

0x67,

0x20,

0x4F,

0x53,

0x20,

0x77,

0x61,

0x73,

0x20,

0x73,

0x6F,

0x20,

0x62,

0x6C,

0x69,

0x6E,

0x64,

0x2C,

0x0A,

0x68,

0x65,

0x27,

0x64,

0x20,

0x64,

0x6F,

0x20,

0x62,

0x65,

0x74,

0x74,

0x65,

0x72,

0x20,

0x74,

0x6F,

0x20,

0x70,

0x69,

0x72,

0x61,

0x74,

0x65,

0x0A,

0x61,

0x6E,

0x20,

0x4F,

0x53,

0x20,

0x74,

0x68,

0x61,

0x74,

0x20,

0x72,

0x61,

0x6E,

0x20,

0x67,

0x72,

0x65,

0x61,

0x74,

0x0A,

0x62,

0x75,

0x74,

0x20,

0x66,

0x6F,

0x75,

0x6E,

0x64,

0x20,

0x68,

0x69,

0x73,

0x20,

0x68,

0x61,

0x72,

0x64,

0x77,

0x61,

0x72,

0x65,

0x20,

0x64,

0x65,

0x63,

0x6C,

0x69,

0x6E,

0x65,

0x64,

0x2E,

0x0A,

0x50,

0x6C,

0x65,

0x61,

0x73,

0x65,

0x20,

0x64,

0x6F,

0x6E,

0x27,

0x74,

0x20,

0x73,

0x74,

0x65,

0x61,

0x6C,

0x20,

0x4D,

0x61,

0x63,

0x20,

0x4F,

0x53,

0x21,

0x0A,

0x52,

0x65,

0x61,

0x6C,

0x6C,

0x79,

0x2C,

0x20,

0x74,

0x68,

0x61,

0x74,

0x27,

0x73,

0x20,

0x77,

0x61,

0x79,

0x20,

0x75,

0x6E,

0x63,

0x6F,

0x6F,

0x6C,

0x2E,

0x0A,

0x20,

0x20,

0x20,

0x28,

0x43,

0x29,

0x20,

0x41,

0x70,

0x70,

0x6C,

0x65,

0x20,

0x43,

0x6F,

0x6D,

0x70,

0x75,

0x74,

0x65,

0x72,

0x2C,

0x20,

0x49,

0x6E,

0x63,

0x2E,

0x90,

0xFC,

0x19,

Zero,

0x7F,

0xFC,

0x19,

Zero,

0x6C,

0xFC,

0x19,

Zero,

0x9E

})

}

 

Name (OSK1, Buffer (0x20)

{

/* 0000 */ 0x65, 0x61, 0x73, 0x65, 0x64, 0x6F, 0x6E, 0x74,

/* 0008 */ 0x73, 0x74, 0x65, 0x61, 0x6C, 0x28, 0x63, 0x29,

/* 0010 */ 0x41, 0x70, 0x70, 0x6C, 0x65, 0x43, 0x6F, 0x6D,

/* 0018 */ 0x70, 0x75, 0x74, 0x65, 0x72, 0x49, 0x6E, 0x63

})

Method (KEY1, 0, NotSerialized)

{

Return (Package (0x40)

{

0x6F,

0x75,

0x72,

0x68,

0x61,

0x72,

0x64,

0x77,

0x6F,

0x72,

0x6B,

0x62,

0x79,

0x74,

0x68,

0x65,

0x73,

0x65,

0x77,

0x6F,

0x72,

0x64,

0x73,

0x67,

0x75,

0x61,

0x72,

0x64,

0x65,

0x64,

0x70,

0x6C,

0x65,

0x61,

0x73,

0x65,

0x64,

0x6F,

0x6E,

0x74,

0x73,

0x74,

0x65,

0x61,

0x6C,

0x28,

0x63,

0x29,

0x41,

0x70,

0x70,

0x6C,

0x65,

0x43,

0x6F,

0x6D,

0x70,

0x75,

0x74,

0x65,

0x72,

0x49,

0x6E,

0x63

})

}

}

Share this post


Link to post
Share on other sites

with SMC emulation:

 

6/12/09 11:50:34 PM kernel ACPI_SMC_PlatformPlugin::pushCPU_CSTData - _CST evaluation failed 
6/12/09 11:50:34 PM kernel SMC::smcInitEventSources ERROR: failed to create fInterruptSource 
6/12/09 11:50:34 PM kernel SMC::smcInitHelper ERROR: smcInitEventSources failed (kIOReturnError) 
6/12/09 11:50:34 PM kernel SMC::start ERROR: smcInitHelper failed (kIOReturnError)

 

without:

 

6/12/09 11:59:49 PM kernel ACPI_SMC_PlatformPlugin::pushCPU_CSTData - _CST evaluation failed

 

In both cases AppleSMC is present in the kextstat.

Still booting with decrypt kext for now.

Share this post


Link to post
Share on other sites
with SMC emulation:

 

6/12/09 11:50:34 PM kernel ACPI_SMC_PlatformPlugin::pushCPU_CSTData - _CST evaluation failed 
6/12/09 11:50:34 PM kernel SMC::smcInitEventSources ERROR: failed to create fInterruptSource 
6/12/09 11:50:34 PM kernel SMC::smcInitHelper ERROR: smcInitEventSources failed (kIOReturnError) 
6/12/09 11:50:34 PM kernel SMC::start ERROR: smcInitHelper failed (kIOReturnError)

 

without:

 

6/12/09 11:59:49 PM kernel ACPI_SMC_PlatformPlugin::pushCPU_CSTData - _CST evaluation failed

 

In both cases AppleSMC is present in the kextstat.

Still booting with decrypt kext for now.

Yeah, emulation of the smc chip is working, however we need to figure out a way to have the data keys and bit keys injected into memory where they need to be.

 

As a side note, Device (SMC) should be inserted into the dsdt table before Device (DMAC) and after Device (LNKH).

 

It is a possible task, we just need to figure out how it needs to be implemented in DSDT.

Share this post


Link to post
Share on other sites
Update: As of right now, SMC loads with interrupt resource error in verbose.

 

I also have a CPU_CST_Evaluation error that wasn't present before. Not sure if it's a smc_plugin error or an smc initializing error. Can someone try to confirm if this error is present without smc emulation.

 

Thanks in advance!

 

that error is related to cstates, in my laptop they were completely messed up so I had to extract them from linux and put them in my dsdt (booting with dropssdt now), see the 'chameleon with dsdt and ssdt override' topic :(

 

btw I don't know if that error is related to smc emulation or not but injecting your cstates and pstates enables vanilla throttling with the original applecpupm and smcplatformplugin and solves it. I still have the other init errors however

Share this post


Link to post
Share on other sites

Can someome tell us what SMC is and in which way there is an difference/advantadge for an enduser when using it on hackintosh ?

Well known (and used by me) are HDEF / LAN and GPU dsdt fixes - all with big advantages compared to EFI/natit injection.

 

THANKS!

Share this post


Link to post
Share on other sites

From Apple (Oh my Google...)

 

SMC:

The System Management Controller is an integrated circuit (computer chip) that is on the logic board of the computer. As the name implies, it is responsible for power management of the computer. It controls backlighting, hard disk spin down, sleep and wake, some charging aspects, trackpad control, and some input/output as it relates to the computer sleeping. ...

 

The lack of this chip on standard x86 motherboards means no direct support by the OS of the above mentioned functions, obliging us to use handmade kexts like voodoopower, ps2, openhaltrestart....

 

The possibility of emulating the chip (fooling the OS) through DSDT patching (like GPU, Ethernet, Sound...) would solve some (if not all) of the problems, and bringing us closer to the 101% Mac Os X experience.

 

Correct me if I'm wrong.

 

EDIT: Partially incorrect information, thanks EncryptedSoul

Further, SMC provides the key for the decryption of the binaries. Emulating it would mean:

 

...

Once this is done we will no longer need dsmos or decrypt kext.

 

For more insight read here and here

Share this post


Link to post
Share on other sites
From Apple (Oh my Google...)

 

SMC:

The System Management Controller is an integrated circuit (computer chip) that is on the logic board of the computer. As the name implies, it is responsible for power management of the computer. It controls backlighting, hard disk spin down, sleep and wake, some charging aspects, trackpad control, and some input/output as it relates to the computer sleeping. ...

 

The lack of this chip on standard x86 motherboards means no direct support by the OS of the above mentioned functions, obliging us to use handmade kexts like voodoopower, ps2, openhaltrestart....

 

The possibility of emulating the chip (fooling the OS) through DSDT patching (like GPU, Ethernet, Sound...) would solve some (if not all) of the problems, and bringing us closer to the 101% Mac Os X experience.

 

Correct me if I'm wrong.

Actually the only emulation we are trying to achieve would be the decryption of SMC.

 

Once this is done we will no longer need dsmos or decrypt kext.

Share this post


Link to post
Share on other sites
Actually the only emulation we are trying to achieve would be the decryption of SMC.

 

Once this is done we will no longer need dsmos or decrypt kext.

 

Thanks for the clarification. I din't noticed your nick ;)

Seems promising.

Share this post


Link to post
Share on other sites

There is no need to mess further with that, it won't work that way, since values from the smc are read in a completely different way.

Share this post


Link to post
Share on other sites
There is no need to mess further with that, it won't work that way, since values from the smc are read in a completely different way.

Hi fassl

 

So there isn't a way to emulate the smc in this manner?

 

What other options do we have aside from using kexts?

 

As per David Elliott OSK0 & OSK1 keys can be emulated via emulating the smc.

 

I'm confused....

Share this post


Link to post
Share on other sites

Yes, but you don't emulate it, you just let OSX think you have a SMC device by putting it into the DSDT, you don't emulate anything, so it won't work that way.

Share this post


Link to post
Share on other sites
Yes, but you don't emulate it, you just let OSX think you have a SMC device by putting it into the DSDT, you don't emulate anything, so it won't work that way.

Is there a way to copy the bit keys into a specified memory address using dsdt? We buffer info for gma950, why not buffer bit keys so when osk0 & osk1 ask for the values, they are already there.

Share this post


Link to post
Share on other sites

You talked about the QEMU patch so i assume you have read the source. I did long time ago and if i understood and remember correctly: There are two SMC ports, the command and the data port. OSX reads from the SMC as following: write to the command port what value it wants to know and then the SMC device puts data to the data port byte wise like:

Command: read OSK0

SMC returns byte 0 of OSK0

Command: read next byte

SMC returns byte 1 of OSK0

....

until the SMC returns that end of data is reached.

and so on.

 

Note, that is just as i remember it, it's been a long time since i read through it. But what i can say for sure, we won't be able to do it in DSDT :)

Share this post


Link to post
Share on other sites
You talked about the QEMU patch so i assume you have read the source. I did long time ago and if i understood and remember correctly: There are two SMC ports, the command and the data port. OSX reads from the SMC as following: write to the command port what value it wants to know and then the SMC device puts data to the data port byte wise like:

Command: read OSK0

SMC returns byte 0 of OSK0

Command: read next byte

SMC returns byte 1 of OSK0

....

until the SMC returns that end of data is reached.

and so on.

 

Note, that is just as i remember it, it's been a long time since i read through it. But what i can say for sure, we won't be able to do it in DSDT -_-

The qemu patch is boot loader worthy.

 

We can easily make applesmc emulation a part of Darwin.

 

I am always trying to find the "better way"... Ya know?

 

~ES

Share this post


Link to post
Share on other sites

So the benefit of last DSDT code SMC is more cosmetic (less error messages) or does the DSDT SMC does something more even there is no real smc chip ?

Thanks for explaining SMC device.

Share this post


Link to post
Share on other sites
So the benefit of last DSDT code SMC is more cosmetic (less error messages) or does the DSDT SMC does something more even there is no real smc chip ?

Thanks for explaining SMC device.

The smc code is recognized by the os, however when the os looks for the binaries to decrypt atsserver, loginwindow, finder, etc. The smc errors out with initialization errors. Basically, the os see's the supposed smc device but can't retrieve any data from it.

 

@ coconup: if you have gotten far enough to have a battery meter show, maybe it can be as simple to edit the stock kext to read your battery status.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.



  • Posts

    • salve a tutti ho questo laptop con ati hd 6370m, tuttavia la risoluzione non è corretta, sulle informazioni dice che ha solo 3mb di ram, qualche consiglio?
    • This is my first hackintosh Build.
      I installed windows 10 and made sure everything was working then
      i Change my bios settings. (See Below)
      I Created a [url="http://www.insanelymac.com/forum/topic/279450-why-insanelymac-does-not-support-tonymacx86/"]#####[/url] usb with latest version of high Sierra 10.13.4 then installed it after erasing the whole drive
      Booted into MacOS then ran [url="http://www.insanelymac.com/forum/topic/279450-why-insanelymac-does-not-support-tonymacx86/"]#####[/url] with these settings below then that when i Get the black screen after clover boot screen then i left the computer on and seems like it went into sleep mode because after i hit power after 15 mins Login screen was up.


      MOTHERBOARD
      GIGABYTE Z370 AORUS Gaming 5

      CPU
      Intel Core i7-8700K Desktop Processor 6 Cores up to 4.7GHz Turbo Unlocked LGA1151 300 Series 95W BX80684i78700K
      Graphics Card
      Gigabyte AORUS Radeon RX 580 8G 8GB GDDR5 256bit Graphics Card GV-RX580AORUS-8GD
      Cooling
      NZXT Kraken X62 All-in-One 280mm CPU Liquid Cooling System
      Ssd Hardrive
      Crucial MX300 1TB 3D NAND SATA M.2 (2280) Internal SSD
      Memory
      G.SKILL TridentZ RGB Series 16GB (2 x 8GB) 288-Pin DDR4 3000MHz (PC4 24000) 
      CASE
      Nzxt S340VR Elite Computer Case
      Bluetooth / WIFi (removed onboaard wifi and put this card)
      Broadcom BCM94352Z M.2 NGFF 802.11AC 867Mbps BT 4.0 DW1560 for Mac Hackintosh
      Power supply
      EVGA SuperNOVA 650 G3 650W 80 Plus Gold Modular Power Supply

      [url="http://www.insanelymac.com/forum/topic/279450-why-insanelymac-does-not-support-tonymacx86/"]#####[/url] Settings Quick Start - UEFI Boot Mode Drivers Audio - Misc FakeSMC Plugins FakeSMC HWMonitor Application Network - Intel - Choose latest IntelMausiEthernet USB - Increase Max Port Limit 200 Series Bootloaders - Clover v2.4k r4063 UEFI Boot Mode + Emulated NVRAM Customize Graphics Configuration - AMD Graphics Fixup (required for AMD card!) System Definitions > iMac - iMac18,3  




      UEFI/BIOS settings After POST beep, press/hold DEL key to enter UEFI/BIOS Save & Exit menu - choose Load Optimized Defaults. MIT > Advanced Frequency Settings > Extreme Memory Profile (X.M.P) - choose Profile 1 BIOS Full Screen LOGO Show - I disable this, but not really required Boot Option Priorities - set this to the UEFI option for your UB flash drive. Disable all other choices. Once we run [url="http://www.insanelymac.com/forum/topic/279450-why-insanelymac-does-not-support-tonymacx86/"]#####[/url], we’ll come back in here and set to your new boot drive (in my case, the UEFI partition of Samsung 960PRO). CSM Support - Disable. Note that the Storage Boot Option Control option which is set to UEFI (desired setting) disappears along with the other 3 options under CSM Support when you set to Disable. Don’t worry, as Storage Boot Option Control apparently stays set to UEFI “under the hood.” Peripherals Initial Display Output - mobo should auto-detect your GPU card, so this should already show PCIe 1 Slot. You shouldn’t have to do installation using internal GPU, then switch to your GPU card. Peripherals > LEDs in sleep, Hibernation, and Soft Off States: OFF [this is optional if you don't want LEDs on 24/7, even in power-off state). USB Configuration > XHCI Hand-off - set to Enable Note: Once Thunderbolt3 AIC is connected, a new dynamic menu option for configuring the Alpine Ridge card appears below the USB DAC option (which lets you set options for USB charging on the appropriate ports). Chipset VT-D - Disabled Internal Graphics - Disabled (this also turns off the DVMT menu options). Wake on LAN Enable - Disable Power ErP - Enabled [UPDATE 25Mar2018] - This is now required to help fix issue where mobo on-board LEDs do not power off when in sleep/shutdown mode. Soft-Off by PWR-BTTN - I set this to Delay 4 Sec. Save & Exit - Choose Save & Exit Setup - this saves your changes and reboots your system.  
    • I've commited the actual code, later I'll make it as first example. Taken from edk2, I'm making this to work with: struct EDID_BLOCK { var Header : [UInt8] = [UInt8](repeating: 0, count: 8) //EDID header "00 FF FF FF FF FF FF 00" var ManufactureName : UInt16 = 0 //EISA 3-character ID var ProductCode : UInt16 = 0 //Vendor assigned code var SerialNumber : UInt32 = 0 //32-bit serial number var WeekOfManufacture : UInt8 = 0 //Week number var YearOfManufacture : UInt8 = 0 //Year var EdidVersion : UInt8 = 0 //EDID Structure Version var EdidRevision : UInt8 = 0 //EDID Structure Revision var VideoInputDefinition : UInt8 = 0 var MaxHorizontalImageSize : UInt8 = 0 //cm var MaxVerticalImageSize : UInt8 = 0 //cm var DisplayTransferCharacteristic : UInt8 = 0 var FeatureSupport : UInt8 = 0 var RedGreenLowBits : UInt8 = 0 //Rx1 Rx0 Ry1 Ry0 Gx1 Gx0 Gy1Gy0 var BlueWhiteLowBits : UInt8 = 0 //Bx1 Bx0 By1 By0 Wx1 Wx0 Wy1 Wy0 var RedX : UInt8 = 0 //Red-x Bits 9 - 2 var RedY : UInt8 = 0 //Red-y Bits 9 - 2 var GreenX : UInt8 = 0 //Green-x Bits 9 - 2 var GreenY : UInt8 = 0 //Green-y Bits 9 - 2 var BlueX : UInt8 = 0 //Blue-x Bits 9 - 2 var BlueY : UInt8 = 0 //Blue-y Bits 9 - 2 var WhiteX : UInt8 = 0 //White-x Bits 9 - 2 var WhiteY : UInt8 = 0 //White-x Bits 9 - 2 var EstablishedTimings : [UInt8] = [UInt8](repeating: 0, count: 3) var StandardTimingIdentification : [UInt8] = [UInt8](repeating: 0, count: 16) var DetailedTimingDescriptions : [UInt8] = [UInt8](repeating: 0, count: 72) var ExtensionFlag : UInt8 = 0 //Number of (optional) 128-byte EDID extension blocks to follow var Checksum : UInt8 = 0 } typealias EDID = EDID_BLOCK ...let you know
    • Wrong    No need to connect any TB device before booting the system. The TBEX 3 get's fully automatically initialised and implemented by OSX as soon a TB or TB XHC USB device will be connected to the already operational macOS system.   >>> https://youtu.be/JSNp75UOfq4 <<<   Give it a try with my SSDT-X299-iMacPro.aml properly adapted to your system    Full TB Hot Plug Functionality!    Maybe you also need an update to SMBIOS iMacPro1,1 in addition?   Cheers,   KGP
    • Hi @KGP-iMacPro, finally after more than a month some progress! Unfortunately this is not the definitive answer, but it poses other questions.
      What I did not say yesterday, is that once the THB_C cable is removed the Thunderbolt PCI card is not loaded by the system at startup. But if I have a device connected and turned on before boot the PCI card is recognized and loaded correctly, but not only, in this way you have the hotplug of all devices! To make it work, add "PCI-Thunderbolt One" to PXSX/BR1A. It works either with Arbitrary inject or with _DSM method on SSDT (better because the devices can be implemented on the PCI system info).   I use a Thunderbolt dock that turns on when I turn on the computer (to be precise, since I use Fix Shutdown, never turns off like my USB devices), and then the Thunderbolt PCI card is charged every time the computer is started and all the devices after the dock are hotpluggable.   Based on the original Apple SSDT of an iMac18,3, I realized this: SSDT-TB3 V3.zip (Updated version)
      However I do not know if it works correctly on both Thunderbolt ports and USB-C devices. I will do some more tests when we have the final solution.

      Obviously as I said, this is not a solution, but it makes clear that the problems with the hotplug derive from the functions that add the THB_C cable, so we are faced with two ways:
      1- Finding the way to make the PCI card load from the system even without a connected THB_C cable
      2- Understand what features this cable provides and whether it can be found in ACPI paths to include it in the SSDT    
×