@@ -321,6 +321,8 @@ \subsection{Configuration Structure}\label{configuration-structure}
321321\tightlist
322322\item
323323 \hyperref [acpi]{\texttt {ACPI }}
324+ \item
325+ \hyperref [booter]{\texttt {Booter }}
324326\item
325327 \hyperref [devprops]{\texttt {DeviceProperties }}
326328\item
@@ -925,6 +927,177 @@ \subsection{Quirks Properties}\label{acpipropsquirks}
925927\end {enumerate }
926928
927929
930+ \section {Booter }\label {booter }
931+
932+ \subsection {Introduction }\label {booterintro }
933+
934+ This section allows to apply different kinds of UEFI modifications on
935+ Apple bootloader (\texttt {boot.efi }). The modifications currently provide
936+ various patches and environment alterations for different firmwares. Some
937+ of these features were originally implemented as a part of
938+ \href {https://github.com/acidanthera/AptioFixPkg}{\text {AptioMemoryFix.efi}},
939+ which is no longer maintained. See \hyperref [troubleshootingtricks]{Tips and Tricks}
940+ section for migration steps.
941+
942+ \subsection {Properties }\label {booterprops }
943+
944+ \begin {enumerate }
945+
946+ \item
947+ \texttt {Quirks }\\
948+ \textbf {Type }: \texttt {plist\ dict }\\
949+ \textbf {Description }: Apply individual booter quirks described
950+ in \hyperref [booterpropsquirks]{Quirks Properties} section below.
951+
952+ \end {enumerate }
953+
954+ \subsection {Quirks Properties }\label {booterpropsquirks }
955+
956+ \begin {enumerate }
957+
958+ \item
959+ \texttt {AvoidRuntimeDefrag }\\
960+ \textbf {Type }: \texttt {plist\ boolean }\\
961+ \textbf {Failsafe }: \texttt {false }\\
962+ \textbf {Description }: Protect from boot.efi runtime memory defragmentation.
963+
964+ This option fixes UEFI runtime services (date, time, NVRAM, power control, etc.)
965+ support on many firmwares using SMM backing for select services like variable
966+ storage. SMM may try to access physical addresses, but they get moved by boot.efi.
967+
968+ \emph {Note }: Most but Apple and VMware firmwares need this quirk.
969+
970+ \item
971+ \texttt {DisableVariableWrite }\\
972+ \textbf {Type }: \texttt {plist\ boolean }\\
973+ \textbf {Failsafe }: \texttt {false }\\
974+ \textbf {Description }: Protect from macOS NVRAM write access.
975+
976+ This is a security option allowing one to restrict NVRAM access in macOS.
977+ This quirk requires \texttt {OC\_ FIRMWARE\_ RUNTIME } protocol implemented
978+ in \texttt {FwRuntimeServices.efi }.
979+
980+ \emph {Note }: This quirk can also be used as an ugly workaround to buggy UEFI
981+ runtime services implementations that fail to write variables to NVRAM and
982+ break the rest of the operating system.
983+
984+ \item
985+ \texttt {DiscardHibernateMap }\\
986+ \textbf {Type }: \texttt {plist\ boolean }\\
987+ \textbf {Failsafe }: \texttt {false }\\
988+ \textbf {Description }: Reuse original hibernate memory map.
989+
990+ This option forces XNU kernel to ignore newly supplied memory map and assume
991+ that it did not change after waking from hibernation. This behaviour is required
992+ to work by Windows, which mandates to
993+ \href {https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-uefi#hibernation-state-s4-transition-requirements}{preserve}
994+ runtime memory size and location after S4 wake.
995+
996+ \emph {Note }: This may be used to workaround buggy memory maps on older hardware,
997+ and is now considered rare legacy. Do not use this unless you fully understand
998+ the consequences.
999+
1000+ \item
1001+ \texttt {EnableSafeModeSlide }\\
1002+ \textbf {Type }: \texttt {plist\ boolean }\\
1003+ \textbf {Failsafe }: \texttt {false }\\
1004+ \textbf {Description }: Patch bootloader to have KASLR enabled in safe mode.
1005+
1006+ This option is relevant to the users that have issues booting to safe mode
1007+ (e.g. by holding \texttt {shift } or using \texttt {-x } boot argument). By default
1008+ safe mode forces \texttt {0 } slide as if the system was launched with \texttt {slide=0 }
1009+ boot argument. This quirk tries to patch \texttt {boot.efi } to lift that limitation
1010+ and let some other value (from \texttt {1 } to \texttt {255 }) be used. This quirk requires
1011+ \texttt {ProvideCustomSlide } to be enabled.
1012+
1013+ \emph {Note }: The necessity of this quirk is determined by safe mode availability. If
1014+ booting to safe mode fails, this option can be tried to be enabled.
1015+
1016+ \item
1017+ \texttt {EnableWriteUnprotector }\\
1018+ \textbf {Type }: \texttt {plist\ boolean }\\
1019+ \textbf {Failsafe }: \texttt {false }\\
1020+ \textbf {Description }: Permit write access to UEFI runtime services code.
1021+
1022+ This option bypasses \texttt {R\^ X } permissions in code pages of UEFI runtime
1023+ services by removing write protection (\texttt {WP }) bit from \texttt {CR0 }
1024+ register during their execution. This quirk requires \texttt {OC\_ FIRMWARE\_ RUNTIME }
1025+ protocol implemented in \texttt {FwRuntimeServices.efi }.
1026+
1027+ \emph {Note }: The necessity of this quirk is determined by early boot crashes
1028+ of the firmware.
1029+
1030+ \item
1031+ \texttt {ForceExitBootServices }\\
1032+ \textbf {Type }: \texttt {plist\ boolean }\\
1033+ \textbf {Failsafe }: \texttt {false }\\
1034+ \textbf {Description }: Retry \texttt {ExitBootServices } with new memory map on failure.
1035+
1036+ Try to ensure that \texttt {ExitBootServices } call succeeds even with outdated MemoryMap
1037+ key argument by obtaining current memory map and retrying \texttt {ExitBootServices } call.
1038+
1039+ \emph {Note }: The necessity of this quirk is determined by early boot crashes
1040+ of the firmware. Do not use this unless you fully understand the consequences.
1041+
1042+ \item
1043+ \texttt {ProtectCsmRegion }\\
1044+ \textbf {Type }: \texttt {plist\ boolean }\\
1045+ \textbf {Failsafe }: \texttt {false }\\
1046+ \textbf {Description }: Protect CSM region areas from relocation.
1047+
1048+ Ensure that CSM memory regions are marked as ACPI NVS to prevent boot.efi or XNU from
1049+ relocating or using them.
1050+
1051+ \emph {Note }: The necessity of this quirk is determined by artifacts and sleep wake issues.
1052+ As \texttt {AvoidRuntimeDefrag } resolves a similar problem, no known firmwares should need
1053+ this quirk. Do not use this unless you fully understand the consequences.
1054+
1055+ \item
1056+ \texttt {ProvideCustomSlide }\\
1057+ \textbf {Type }: \texttt {plist\ boolean }\\
1058+ \textbf {Failsafe }: \texttt {false }\\
1059+ \textbf {Description }: Provide custom KASLR slide on low memory.
1060+
1061+ This option performs memory map analysis of your firmware and checks whether
1062+ all slides (from \texttt {1 } to \texttt {255 }) can be used. As \texttt {boot.efi }
1063+ generates this value randomly with \texttt {rdrand } or pseudo randomly \texttt {rdtsc },
1064+ there is a chance of boot failure when it chooses a conflicting slide. In case
1065+ potential conflicts exist, this option forces macOS to use a pseudo random value
1066+ among the available ones. This also ensures that \texttt {slide= } argument is never
1067+ passed to the operating system for security reasons.
1068+
1069+ \emph {Note }: The necessity of this quirk is determined by \texttt {OCABC: Only N/256
1070+ slide values are usable! } message in the debug log. If the message is present,
1071+ this option is to be enabled.
1072+
1073+ \item
1074+ \texttt {SetupVirtualMap }\\
1075+ \textbf {Type }: \texttt {plist\ boolean }\\
1076+ \textbf {Failsafe }: \texttt {false }\\
1077+ \textbf {Description }: Setup virtual memory at \texttt {SetVirtualAddresses }.
1078+
1079+ Select firmwares access memory by virtual addresses after \texttt {SetVirtualAddresses }
1080+ call, which results in early boot crashes. This quirk workarounds the problem by
1081+ performing early boot identity mapping of assigned virtual addresses to physical
1082+ memory.
1083+
1084+ \emph {Note }: The necessity of this quirk is determined by early boot failures.
1085+
1086+ \item
1087+ \texttt {ShrinkMemoryMap }\\
1088+ \textbf {Type }: \texttt {plist\ boolean }\\
1089+ \textbf {Failsafe }: \texttt {false }\\
1090+ \textbf {Description }: Attempt to join similar memory map entries.
1091+
1092+ Select firmwares have very large memory maps, which do not fit Apple kernel,
1093+ permitting up to \texttt {64 } slots for runtime memory. This quirk attempts to unify
1094+ contiguous slots of similar types to prevent boot failures.
1095+
1096+ \emph {Note }: The necessity of this quirk is determined by early boot failures.
1097+ Do not use this unless you fully understand the consequences.
1098+
1099+ \end {enumerate }
1100+
9281101\section {DeviceProperties }\label {devprops }
9291102
9301103\subsection {Introduction }\label {devpropsintro }
@@ -2854,11 +3027,12 @@ \subsection{Properties}\label{uefiprops}
28543027 on top of different UEFI input protocols. Additionally resolves mouse input issues
28553028 on select firmwares. This is an alternative to \texttt {UsbKbDxe }, which may work
28563029 better or worse depending on the firmware.
2857- \item \href {https://github.com/acidanthera/AptioFixPkg}{\texttt {AptioMemoryFix }}
2858- --- a set of quirks for various firmwares. While it primarily targets APTIO
2859- firmwares, other firmwares may be compatible as well. Among the resolved issues
2860- are hibernation support, KASLR, Lilu NVRAM security enhancements, NVRAM, and UEFI
2861- Boot entry preservation.
3030+ \item \href {https://github.com/acidanthera/AppleSupportPkg}{\texttt {FwRuntimeServices }}
3031+ --- \texttt {OC\_ FIRMWARE\_ RUNTIME } protocol implementation that increases the security
3032+ of OpenCore and Lilu by supporting read-only and write-only NVRAM variables. Some
3033+ quirks, like \texttt {RequestBootVarRouting }, require this driver for proper function.
3034+ Due to the nature of being a runtime driver, i.e. functioning in parallel with the
3035+ target operating system, it cannot be implemented within OpenCore itself.
28623036 \item \href {https://github.com/tianocore/edk2/tree/UDK2018}{\texttt {EmuVariableRuntimeDxe }}
28633037 --- NVRAM emulation driver from \texttt {MdeModulePkg }. NVRAM is supported by most
28643038 modern firmwares. For firmwares with macOS incompatible NVRAM implementation an
@@ -3028,10 +3202,6 @@ \subsection{Quirks Properties}\label{uefiquirkprops}
30283202 \textbf {Description }: macOS bootloader requires GOP (Graphics Output Protocol)
30293203 to be present on console handle. This option will install it if missing.
30303204
3031- \emph {Note }: Some drivers, like AptioMemoryFix, may provide equivalent functionality.
3032- These drivers are not guaranteed to adhere to the same logic, and if a quirk is
3033- necessary, this option is preferred.
3034-
30353205\item
30363206 \texttt {ReleaseUsbOwnership }\\
30373207 \textbf {Type }: \texttt {plist\ boolean }\\
@@ -3045,12 +3215,11 @@ \subsection{Quirks Properties}\label{uefiquirkprops}
30453215 \texttt {RequestBootVarRouting }\\
30463216 \textbf {Type }: \texttt {plist\ boolean }\\
30473217 \textbf {Failsafe }: \texttt {false }\\
3048- \textbf {Description }: Request NVRAM driver (or AptioMemoryFix) to redirect
3049- \texttt {Boot } prefixed variables from \texttt {EFI\_ GLOBAL\_ VARIABLE\_ GUID }
3050- to \texttt {OC\_ VENDOR\_ VARIABLE\_ GUID }.
3218+ \textbf {Description }: Request redirect\texttt {Boot } prefixed variables from
3219+ \texttt {EFI\_ GLOBAL\_ VARIABLE\_ GUID } to \texttt {OC\_ VENDOR\_ VARIABLE\_ GUID }.
30513220
3052- This will set special \texttt {boot-redirect } variable, which a compatible
3053- driver will abide after booter start . The quirk lets default boot entry
3221+ This quirk requires \texttt {OC \_ FIRMWARE \_ RUNTIME } protocol implemented
3222+ in \texttt { FwRuntimeServices.efi } . The quirk lets default boot entry
30543223 preservation at times when firmwares delete incompatible boot entries.
30553224
30563225\item
0 commit comments