Jump to content
Download-Fritz

EFI Variable Store on Aptio V (Haswell-E and up)

194 posts in this topic

Recommended Posts

"Uh.... I'm very confused by what that means then..."

Well, I can understand the confusion because the spec is not as explicite as it could be (I noticed similiar wishy-washy forumulation for the spec dictating that during runtime, you may only write to RT_data).

You can check EDK2 (https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/RuntimeDxe/Runtime.c#L236)

... macosxbootloader (https://github.com/Piker-Alpha/macosxbootloader/blob/El-Capitan/src/boot/MemoryMap.cpp#L230)

... and others. "SetVirtualAddressMap()" just makes UEFI update its addresses, anything after that call still accesses memory flat (virtual = physical) through until XNU starts, with no visible change in mode within the booter.

Share this post


Link to post
Share on other sites
Advertisement

"Uh.... I'm very confused by what that means then..."

Well, I can understand the confusion because the spec is not as explicite as it could be (I noticed similiar wishy-washy forumulation for the spec dictating that during runtime, you may only write to RT_data).

You can check EDK2 (https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/RuntimeDxe/Runtime.c#L236)

... macosxbootloader (https://github.com/Piker-Alpha/macosxbootloader/blob/El-Capitan/src/boot/MemoryMap.cpp#L230)

... and others. "SetVirtualAddressMap()" just makes UEFI update its addresses, anything after that call still accesses memory flat (virtual = physical) through until XNU starts, with no visible change in mode within the booter.

 

But the EDK code you linked does relocate the runtime (https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/RuntimeDxe/Runtime.c#L302)...

Share this post


Link to post
Share on other sites

"But the EDK code you linked does relocate the runtime (https://github.com/t.../Runtime.c#L302)..."

Of course it does, that is literally its only job. That only means you may not access any RT services till you actually mapped the virtual pages you announced that would be. Is there any code that maps the pages?

 

Yeah but how are there mappings to virtual addresses at that point if there are no mapping changes? Wouldn't it still be physical addresses? They aren't moved in physical memory, they still have the same physical location but now have completely different addresses. So how on earth do you access runtime after that call if it doesn't remap the pages? Right?

 

EDIT: Wait are you saying that it doesn't actually set an address map at all and you have to do that yourself? That is a badly named, specified, and implemented method then....

Share this post


Link to post
Share on other sites

"So how on earth do you access runtime after that call if it doesn't remap the pages? Right?"

You don't... until the kernel map'd the pages.

 

That's a really dumb name for that method, also the specification of it, is even worse then. lol.

 

EDIT: Wait I found out why I thought otherwise.

https://sourceforge.net/p/cloverefiboot/code/HEAD/tree/OsxAptioFixDrv/BootFixes.c#l674

https://sourceforge.net/p/cloverefiboot/code/HEAD/tree/OsxAptioFixDrv/BootFixes.c#l328

https://sourceforge.net/p/cloverefiboot/code/HEAD/tree/OsxAptioFixDrv/VMem.c#l527

https://sourceforge.net/p/cloverefiboot/code/HEAD/tree/OsxAptioFixDrv/VMem.c#l336

Share this post


Link to post
Share on other sites

Hi,

 

could this crash be related to memory corruption / wrong mapping or those recent security patches:

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000001b7e6685c
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

VM Regions Near 0x1b7e6685c:
    __LINKEDIT             0000000140cc4000-0000000140ce1000 [  116K] r--/rwx SM=COW  ' [/System/Library/Extensions/GeForceMTLDriverWeb.bundle/Contents/MacOS/GeForceMTLDriverWeb]
-->
    MALLOC_NANO            0000600000000000-0000600001c00000 [ 28.0M] rw-/rwx SM=PRV

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libobjc.A.dylib                   0x00007fff5031cca7 search_method_list(method_list_t const*, objc_selector*) + 181
1   libobjc.A.dylib                   0x00007fff5031cbd2 getMethodNoSuper_nolock(objc_class*, objc_selector*) + 102
2   libobjc.A.dylib                   0x00007fff5031eeca lookUpImpOrForward + 287
3   libobjc.A.dylib                   0x00007fff5031e914 _objc_msgSend_uncached + 68
4   com.apple.AppKit                 0x00007fff26cc8981 -[_NSThemeWidget initWithButtonID:] + 120
5   com.apple.AppKit                 0x00007fff26cc88ad +[_NSThemeCloseWidget closeWidgetInView:withButtonID:action:] + 60
6   com.apple.AppKit                 0x00007fff26cc85b2 +[NSWindow standardWindowButton:forStyleMask:] + 1221
7   com.apple.AppKit                 0x00007fff26cc80b0 -[NSThemeFrame newCloseButton] + 79
8   com.apple.AppKit                 0x00007fff26cc5839 -[NSThemeFrame _updateButtons] + 476
9   com.apple.AppKit                 0x00007fff26cc55b0 -[NSThemeFrame _moveTitlebarViewsToView:] + 674
10  com.apple.AppKit                 0x00007fff26cbf365 __49-[NSThemeFrame _floatTitlebarAndToolbarFromInit:]_block_invoke + 887
11  com.apple.AppKit                 0x00007fff27633571 +[NSAnimationContext runAnimationGroup:] + 55
12  com.apple.AppKit                 0x00007fff26cbed7c -[NSThemeFrame _floatTitlebarAndToolbarFromInit:] + 93
13  com.apple.AppKit                 0x00007fff26cbc965 -[NSThemeFrame initWithFrame:styleMask:owner:] + 247
14  com.apple.AppKit                 0x00007fff26cbb40a -[NSWindow _commonInitFrame:styleMask:backing:defer:] + 567
15  com.apple.AppKit                 0x00007fff26cb9c3d -[NSWindow _initContent:styleMask:backing:defer:contentView:] + 1345
16  com.apple.AppKit                 0x00007fff26d27717 -[NSPanel _initContent:styleMask:backing:defer:contentView:] + 50
17  com.apple.AppKit                 0x00007fff26cb96f6 -[NSWindow initWithContentRect:styleMask:backing:defer:] + 45
18  com.apple.AppKit                 0x00007fff26d276d0 -[NSPanel initWithContentRect:styleMask:backing:defer:] + 77
19  com.presonus.cclgui               0x00000001021d74ab 0x102059000 + 1565867
20  com.presonus.cclgui               0x00000001021d7d87 0x102059000 + 1568135
21  com.presonus.cclgui               0x00000001021a6da4 0x102059000 + 1367460
22  com.presonus.cclgui               0x000000010210914b 0x102059000 + 721227
23  com.presonus.cclgui               0x00000001021e09db 0x102059000 + 1604059
24  com.presonus.cclgui               0x00000001021e0bc0 0x102059000 + 1604544
25  com.presonus.studioone2           0x0000000100d19b27 0x1001d4000 + 11819815
26  com.presonus.studioone2           0x0000000100c5be80 0x1001d4000 + 11042432
27  com.presonus.studioone2           0x0000000100c5f0ec 0x1001d4000 + 11055340
28  com.presonus.cclsystem           0x0000000102693e5a 0x102662000 + 204378
29  com.presonus.cclgui               0x00000001021043c4 0x102059000 + 701380
30  com.presonus.cclgui               0x000000010217d8dd 0x102059000 + 1198301
31  com.presonus.cclgui               0x000000010217d81e 0x102059000 + 1198110
32  com.apple.Foundation             0x00007fff2b7ee125 __NSThreadPerformPerform + 334
33  com.apple.CoreFoundation         0x00007fff296e55a1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
34  com.apple.CoreFoundation         0x00007fff2979f35c __CFRunLoopDoSource0 + 108
35  com.apple.CoreFoundation         0x00007fff296c8040 __CFRunLoopDoSources0 + 208
36  com.apple.CoreFoundation         0x00007fff296c74bd __CFRunLoopRun + 1293
37  com.apple.CoreFoundation         0x00007fff296c6d23 CFRunLoopRunSpecific + 483
38  com.apple.HIToolbox               0x00007fff289dee26 RunCurrentEventLoopInMode + 286
39  com.apple.HIToolbox               0x00007fff289deb96 ReceiveNextEventCommon + 613
40  com.apple.HIToolbox               0x00007fff289de914 _BlockUntilNextEventMatchingListInModeWithFilter + 64
41  com.apple.AppKit                 0x00007fff26ca9f5f _DPSNextEvent + 2085
42  com.apple.AppKit                 0x00007fff2743fb4c -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
43  com.apple.AppKit                 0x00007fff26c9ed6d -[NSApplication run] + 764
44  com.apple.Foundation             0x00007fff2b7b41f0 -[NSObject(NSThreadPerformAdditions) performSelector:onThread:withObject:waitUntilDone:modes:] + 1123
45  com.apple.Foundation             0x00007fff2b7b3d0f -[NSObject(NSThreadPerformAdditions) performSelectorOnMainThread:withObject:waitUntilDone:] + 131
46  com.presonus.cclgui               0x00000001021c5e7e 0x102059000 + 1494654
47  com.presonus.studioone2           0x00000001001d6074 0x1001d4000 + 8308
48  com.presonus.studioone2           0x00000001002c2474 0x1001d4000 + 975988
49  libdyld.dylib                     0x00007fff50f1c115 start + 1
 

?

 

Seems to be caused be the nvidia webdriver. 

Share this post


Link to post
Share on other sites

Hi,

 

could this crash be related to memory corruption / wrong mapping or those recent security patches:

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000001b7e6685c
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

VM Regions Near 0x1b7e6685c:
    __LINKEDIT             0000000140cc4000-0000000140ce1000 [  116K] r--/rwx SM=COW  ' [/System/Library/Extensions/GeForceMTLDriverWeb.bundle/Contents/MacOS/GeForceMTLDriverWeb]
-->
    MALLOC_NANO            0000600000000000-0000600001c00000 [ 28.0M] rw-/rwx SM=PRV

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libobjc.A.dylib                   0x00007fff5031cca7 search_method_list(method_list_t const*, objc_selector*) + 181
1   libobjc.A.dylib                   0x00007fff5031cbd2 getMethodNoSuper_nolock(objc_class*, objc_selector*) + 102
2   libobjc.A.dylib                   0x00007fff5031eeca lookUpImpOrForward + 287
3   libobjc.A.dylib                   0x00007fff5031e914 _objc_msgSend_uncached + 68
4   com.apple.AppKit                 0x00007fff26cc8981 -[_NSThemeWidget initWithButtonID:] + 120
5   com.apple.AppKit                 0x00007fff26cc88ad +[_NSThemeCloseWidget closeWidgetInView:withButtonID:action:] + 60
6   com.apple.AppKit                 0x00007fff26cc85b2 +[NSWindow standardWindowButton:forStyleMask:] + 1221
7   com.apple.AppKit                 0x00007fff26cc80b0 -[NSThemeFrame newCloseButton] + 79
8   com.apple.AppKit                 0x00007fff26cc5839 -[NSThemeFrame _updateButtons] + 476
9   com.apple.AppKit                 0x00007fff26cc55b0 -[NSThemeFrame _moveTitlebarViewsToView:] + 674
10  com.apple.AppKit                 0x00007fff26cbf365 __49-[NSThemeFrame _floatTitlebarAndToolbarFromInit:]_block_invoke + 887
11  com.apple.AppKit                 0x00007fff27633571 +[NSAnimationContext runAnimationGroup:] + 55
12  com.apple.AppKit                 0x00007fff26cbed7c -[NSThemeFrame _floatTitlebarAndToolbarFromInit:] + 93
13  com.apple.AppKit                 0x00007fff26cbc965 -[NSThemeFrame initWithFrame:styleMask:owner:] + 247
14  com.apple.AppKit                 0x00007fff26cbb40a -[NSWindow _commonInitFrame:styleMask:backing:defer:] + 567
15  com.apple.AppKit                 0x00007fff26cb9c3d -[NSWindow _initContent:styleMask:backing:defer:contentView:] + 1345
16  com.apple.AppKit                 0x00007fff26d27717 -[NSPanel _initContent:styleMask:backing:defer:contentView:] + 50
17  com.apple.AppKit                 0x00007fff26cb96f6 -[NSWindow initWithContentRect:styleMask:backing:defer:] + 45
18  com.apple.AppKit                 0x00007fff26d276d0 -[NSPanel initWithContentRect:styleMask:backing:defer:] + 77
19  com.presonus.cclgui               0x00000001021d74ab 0x102059000 + 1565867
20  com.presonus.cclgui               0x00000001021d7d87 0x102059000 + 1568135
21  com.presonus.cclgui               0x00000001021a6da4 0x102059000 + 1367460
22  com.presonus.cclgui               0x000000010210914b 0x102059000 + 721227
23  com.presonus.cclgui               0x00000001021e09db 0x102059000 + 1604059
24  com.presonus.cclgui               0x00000001021e0bc0 0x102059000 + 1604544
25  com.presonus.studioone2           0x0000000100d19b27 0x1001d4000 + 11819815
26  com.presonus.studioone2           0x0000000100c5be80 0x1001d4000 + 11042432
27  com.presonus.studioone2           0x0000000100c5f0ec 0x1001d4000 + 11055340
28  com.presonus.cclsystem           0x0000000102693e5a 0x102662000 + 204378
29  com.presonus.cclgui               0x00000001021043c4 0x102059000 + 701380
30  com.presonus.cclgui               0x000000010217d8dd 0x102059000 + 1198301
31  com.presonus.cclgui               0x000000010217d81e 0x102059000 + 1198110
32  com.apple.Foundation             0x00007fff2b7ee125 __NSThreadPerformPerform + 334
33  com.apple.CoreFoundation         0x00007fff296e55a1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
34  com.apple.CoreFoundation         0x00007fff2979f35c __CFRunLoopDoSource0 + 108
35  com.apple.CoreFoundation         0x00007fff296c8040 __CFRunLoopDoSources0 + 208
36  com.apple.CoreFoundation         0x00007fff296c74bd __CFRunLoopRun + 1293
37  com.apple.CoreFoundation         0x00007fff296c6d23 CFRunLoopRunSpecific + 483
38  com.apple.HIToolbox               0x00007fff289dee26 RunCurrentEventLoopInMode + 286
39  com.apple.HIToolbox               0x00007fff289deb96 ReceiveNextEventCommon + 613
40  com.apple.HIToolbox               0x00007fff289de914 _BlockUntilNextEventMatchingListInModeWithFilter + 64
41  com.apple.AppKit                 0x00007fff26ca9f5f _DPSNextEvent + 2085
42  com.apple.AppKit                 0x00007fff2743fb4c -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
43  com.apple.AppKit                 0x00007fff26c9ed6d -[NSApplication run] + 764
44  com.apple.Foundation             0x00007fff2b7b41f0 -[NSObject(NSThreadPerformAdditions) performSelector:onThread:withObject:waitUntilDone:modes:] + 1123
45  com.apple.Foundation             0x00007fff2b7b3d0f -[NSObject(NSThreadPerformAdditions) performSelectorOnMainThread:withObject:waitUntilDone:] + 131
46  com.presonus.cclgui               0x00000001021c5e7e 0x102059000 + 1494654
47  com.presonus.studioone2           0x00000001001d6074 0x1001d4000 + 8308
48  com.presonus.studioone2           0x00000001002c2474 0x1001d4000 + 975988
49  libdyld.dylib                     0x00007fff50f1c115 start + 1
 

?

 

Seems to be caused be the nvidia webdriver. 

 

Hmmmmmm.... That's certainly happening in the nvidia driver. But it is a page not present exception, meaning that the page it's trying to access is not mapped. I wonder did you enter sleep at all before this happened? Or was it during continuous use?

Share this post


Link to post
Share on other sites

It was continuous use, no sleep, just loaded after bootup, happens anytime.

 

Happens anytime, or when you are doing specific things? Like just sitting there it will randomly do it? Or are you actively using something? Which driver are you using? Are you using ONLY one driver fix?

 

EDIT: What version of macOS and the driver are you using?

Share this post


Link to post
Share on other sites

I am using WebDriver-378.10.10.10.25.102 (also happens with WebDriver-378.10.10.10.25.103 and patched systeminfo string). It happens after I load a song in the app overview screen. It happens anytime the same way. I also checked it in 10.12.6 (without recent security patches, but recent webdriver) and it does work fine there.

 

Currently am I using aptiofix2, the normal one. It's the same result though using the aptiofix2 from this thread.

 

Are you using ONLY one driver fix?

 

What do you mean by "driver fix"?

 

Is this problem likely have to be fixed by nvidia, or presonus, the app vendor? What would you say?

Share this post


Link to post
Share on other sites

I am using WebDriver-378.10.10.10.25.102 (also happens with WebDriver-378.10.10.10.25.103 and patched systeminfo string). It happens after I load a song in the app overview screen. It happens anytime the same way. I also checked it in 10.12.6 (without recent security patches, but recent webdriver) and it does work fine there.

 

Currently am I using aptiofix2, the normal one. It's the same result though using the aptiofix2 from this thread.

 

 

What do you mean by "driver fix"?

 

Only >= .103 is able to work with 10.13.2. Are you completely up to date with macOS security updates? Maybe try reinstalling the driver or checking if there is an even newer one.

 

EDIT: I meant only use AptioFix or AptioFix2. Nothing else, and no combinations of other fix drivers - bad ideas because the other drivers remove random memory and cause problems like this to develop.

EDIT2: Clarify .102 works with the original 10.13.2 (17C88) but not the security fix (17C89)

Is this problem likely have to be fixed by nvidia, or presonus, the app vendor? What would you say?

 

It's most likely an NVIDIA driver issue since you are probably using the GPUs audio? It could be something else but most likely it's an issue with the new completely separated kernel and user spaces.

Share this post


Link to post
Share on other sites

Hm ok thanks. How do I install that security fix, nothing appears as update in the appstore for me...  Btw. I just checked this on a real MacBookPro late 2013 (intel gfx), using 10.13.2 (17C88) and it is working. So I would assume that installing the security fix will not change anything?

Share this post


Link to post
Share on other sites

Hm ok thanks. How do I install that security fix, nothing appears as update in the appstore for me...  Btw. I just checked this on a real MacBookPro late 2013 (intel gfx), using 10.13.2 (17C88) and it is working. So I would assume that installing the security fix will not change anything?

 

Well you aren't using the Nvidia drivers in that case though. So it is apparently an NVIDIA driver issue but here is the update:

 

https://support.apple.com/kb/DL1944?viewlocale=en_US&locale=en_US

 

Here is .103 drivers, couldn't find them on the actual site (well it's from the NVIDIA forums):

 

https://mega.nz/#!0hQimLLK!C6cEzoJckvXuE65-ASAAKme88p_PIOkOgvEoB2K6Uww

 

EDIT: You also aren't using AptioFix on a real mac so it could still be part of the problem.

Share this post


Link to post
Share on other sites

I heard from two people that replacing module to bypass whitelist on Z97 causes xmp issues (stuck 1600mhz). Patching oryginal module, effects in the same behaviour, any ideas why ?

 

Btw great work guys, impressive work ;)

Share this post


Link to post
Share on other sites

I heard from two people that replacing module to bypass whitelist on Z97 causes xmp issues (stuck 1600mhz). Patching oryginal module, effects in the same behaviour, any ideas why ?

 

Btw great work guys, impressive work ;)

 

That makes no sense. Don't see what the NVRAM module has to do with XMP. Or really what stuck at 1600MHz means, it's not allowing XMP to work? Or they can't activate it? Did they try doing a reset to defaults values and then changing stuff again?

Share this post


Link to post
Share on other sites

Yes, they tried, after flashing unmodified bios everytings backs to normal. The issue is that they can set xmp and manual values in bios but that makes no effect on system. Cpu-z (Windows) shows different values compered with those in bios. I modified module to allow setting any variable in nvram (that works) and replaced it using UEFITool. I albo tried using different version of UEFITool but no luck.

 

Edit

 

Seems to be It's uefitool issue.

Share this post


Link to post
Share on other sites
Thanks so much for your hard work @vit9696 & @Download-Fritz!

 

Just wanted to report back that native NVRAM is working with R2/V2 on a Dell XPS 15 (i7-7700HQ). I cannot -- however -- use special characters with the built-in keyboard to unlock FileVault2, I have to use an external USB keyboard for any special characters. Any ideas on this?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×