Clover General discussion

[arsradu]

thanks for reply

i have a legacy bios system and booting to win & mac from clover installed @ ESP so does that makes my clover legacy or i have to go with chameleon way install in system partiton about DSDT where can i find the necessary patch for that i know clover auto patch dsdt but what patches useful and how to use clover calculator i saw i can select of the all patches in calculator any hints how this thing works for patching DSDT

If you have a legacy BIOS, I think you need to install Clover in MBR, not ESP. I might be wrong though.

 

Also, this thread is about Clover. For as far as I know, there is no support for chameleon here.

[Slice]

No, install Clover to ESP is a good way. No sense to install it into system partition.

How to patch DSDT? DSDT

See, this is tools, hammer, saw etc, this is iron sheets and bulks. How to make a car with a power of 100hp? You answer?

[Faradis]

If you have a legacy BIOS, I think you need to install Clover in MBR, not ESP. I might be wrong though.

i am using it from ESP as mine HDD is formatted AS GPT and i think Clover works better that way i maybe also wrong though

[arsradu]

i am using it from ESP as mine HDD is formatted AS GPT and i think Clover works better that way i maybe also wrong though

No, you are correct. As Slice said above, you can install it in the ESP with no problem. I just didn't know you can do this.  That's all. Now I know.

[Faradis]

No, install Clover to ESP is a good way. No sense to install it into system partition.

How to patch DSDT? DSDT

See, this is tools, hammer, saw etc, this is iron sheets and bulks. How to make a car with a power of 100hp? You answer?

LOL sorry if i am disturbing you just want to know how the clover auto-patch DSDT works and how to use clover fix mask calculator ....

again sorry if i am bothering you so much.....

[droples]

Desktop Z77-ds3h.

 

Loading Efi and Uefi mode. Hibernate works steadily.

Efi mode    - hibernatemode 29

Uefi mode - hibernatemode 57, slide=8, OsxAptioFix2Drv-64.efi

 

Laptop N53sv.

 

Loading Efi and Uefi mode. Hibernate works steadily.

Efi mode    - hibernatemode 28

Uefi mode - hibernatemode 57, slide=100, OsxAptioFix2Drv-64.efi

 

[wern apfel]

We now that since DP7 apple has updated the csrutil, for RecoveryHD too.
But also made some other changes, it seems that this is outdated?
 
/* Rootless configuration flags */
#define CSR_ALLOW_UNTRUSTED_KEXTS (1 << 0)
#define CSR_ALLOW_UNRESTRICTED_FS (1 << 1)
#define CSR_ALLOW_TASK_FOR_PID (1 << 2)
#define CSR_ALLOW_KERNEL_DEBUGGER (1 << 3)
#define CSR_ALLOW_APPLE_INTERNAL (1 << 4)
#define CSR_ALLOW_DESTRUCTIVE_DTRACE    (1 << 5) /* name deprecated */
#define CSR_ALLOW_UNRESTRICTED_DTRACE    (1 << 5)
#define CSR_ALLOW_UNRESTRICTED_NVRAM    (1 << 6)
 
I want to allow only unsigned kexts, but csr-config=1 also disable apple internal
 
Regarding this

System Integrity Protection status: enabled (Custom Configuration).

Configuration:
Apple Internal: disabled
Kext Signing: enabled
Filesystem Protections: disabled
Debugging Restrictions: enabled
DTrace Restrictions: enabled
NVRAM Protections: enabled
 
the second bit allows unsigned kexts, but with csr-config=2 it shows me this config, there are only 6 Bits
Or i'm doing something wrong ?
btw. apple has removed the gui SIP tool from RecoveryHD, but csrutil is fully working from terminal

[PencilNotPen]

Hi, can anyone give some explanation of what the booterconfig flag is for? It is always included, and always has the value 0x28. I know it is needed but how is it different from csractiveconfig and what other values are possible apart from 0x28? Thanks.

[TheRacerMaster]

I would also like to know this. Currently I'm using just CsrActiveConfig set to 0x1 (to allow unsigned kexts) and didn't set BooterConfig, and everything is working fine.

[oSxFr33k]

There is no solutions for Hibernate. NO.

All needed is already done inside Clover. Nothing more. No customization. No advices.

It works or no. 

You should cleanup your system. Make all devices fully working. Update your system. Fine tune your DSDT in every dark corner. 

May be after that sleep will work.

For hibernatemode you may try values 21, 29 or 57.

Post#38 Hibernation

Sorry for my darkness, where can I look this flag?

 

 

Let me see which system(s) are getting the message.  It may have  something to do with System Definition.  During the boot process maybe its looking for Integrated Graphics according to system definition and when it does not find one you get the IOGraphics flag?  That is my best guess answer to this phenomenon.  Also I never saw this in Mavericks or below OSX 10.9.  I starting seeing this in Yosemite OSX 10x.

 

I like to switch around my graphics cards.  Older systems with newer graphics cards and newer systems with older graphics cards for testing purposes.

[kyndder]

I have the same message during boot process...

kyndders-Mac-Pro:~ kyndder$ sudo dmesg | grep IOGraphics
IOGraphics flags 0x43

Maybe some developer can figure this out looking at the sources... > http://www.opensource.apple.com/source/IOGraphics/IOGraphics-485.10.3/IOGraphicsFamily/IOFramebuffer.cpp

__private_extern__ "C" kern_return_t IOGraphicsFamilyModuleStart(kmod_info_t *ki, void *data)
{
	gIOFBSystemWorkLoop = IOGraphicsWorkLoop::workLoop(0, NULL, NULL, NULL);
    if (!gIOFBSystemWorkLoop) panic("gIOFBSystemWorkLoop");
	gAllFramebuffers     = OSArray::withCapacity(1);
	gStartedFramebuffers = OSArray::withCapacity(1);
	gIOFramebufferKey    = OSSymbol::withCStringNoCopy("IOFramebuffer");

	gIOGDebugFlags = kIOGDbgVBLThrottle
				   | kIOGDbgLidOpen;
	if (version_major >= 14) gIOGDebugFlags |= kIOGDbgFades;

	uint32_t flags;
	if (PE_parse_boot_argn("iog",  &flags, sizeof(flags))) gIOGDebugFlags |= flags;
	if (PE_parse_boot_argn("niog", &flags, sizeof(flags))) gIOGDebugFlags &= ~flags;

	IOLog("IOGraphics flags 0x%x\n", gIOGDebugFlags);

	gIOFBLidOpenMode = (0 != (kIOGDbgLidOpen     & gIOGDebugFlags));
	gIOFBVBLThrottle = (0 != (kIOGDbgVBLThrottle & gIOGDebugFlags));
	gIOFBVBLDrift    = (0 != (kIOGDbgVBLDrift    & gIOGDebugFlags));
	gIOGFades        = (0 != (kIOGDbgFades       & gIOGDebugFlags));

	if (!PE_parse_boot_argn("iognotifyto", &gIOGNotifyTO, sizeof(gIOGNotifyTO)) 
		|| !gIOGNotifyTO)
	{
		gIOGNotifyTO = kSystemWillSleepTimeout;
	}
	DEBG1("IOGraphics", " notify timeout %ds\n", gIOGNotifyTO);

	return (kIOReturnSuccess);
}

Doesn't seems (to me), something that may influence the system behaviour though....

[wern apfel]

Hi, can anyone give some explanation of what the booterconfig flag is for? It is always included, and always has the value 0x28. I know it is needed but how is it different from csractiveconfig and what other values are possible apart from 0x28? Thanks.

You can see this on apples source code, but it seems that they changed something, we have to wait until apple release the 10.11 code

 

/* Bitfields for boot_args->flags */

#define kBootArgsFlagRebootOnPanic    (1 << 0)

#define kBootArgsFlagHiDPI        (1 << 1)

#define kBootArgsFlagBlack        (1 << 2)

#define kBootArgsFlagCSRActiveConfig    (1 << 3)

#define kBootArgsFlagCSRPendingConfig    (1 << 4)

#define kBootArgsFlagCSRBoot        (1 << 5)

#define kBootArgsFlagBlackBg        (1 << 6)

#define kBootArgsFlagLoginUI        (1 << 7)

[Pike R. Alpha]

You can see this on apples source code, but it seems that they changed something, we have to wait until apple release the 10.11 code...

You must be confused. You looked at boot_args->flags instead of boot_args->csrCapabilities These are not the same

[smolderas]

You must be confused. You looked at boot_args->flags instead of boot_args->csrCapabilities These are not the same

Dear Pike,

 

I don't get very much information about it. Could you possibly take a look at the new el capitan injection method of clover? Does it correspond with your newly found exploit? If not, could you please help me or show me some way to implement it (in pseudo code). I most possible can take it from there. I don't want to discuss the needs of security here, but I want to have it most secure as possible.

Up until now, I did "read" all the source codes and compiled everything from that, if I wanted to install anything on my systems.

 

Thanks in advance.

[Pike R. Alpha]

Dear Pike,

 

I don't get very much information about it. Could you possibly take a look at the new el capitan injection method of clover? Does it correspond with your newly found exploit? If not, could you please help me or show me some way to implement it (in pseudo code). I most possible can take it from there. I don't want to discuss the needs of security here, but I want to have it most secure as possible.

Up until now, I did "read" all the source codes and compiled everything from that, if I wanted to install anything on my systems.

 

Thanks in advance.

I'm not aware of any new method to inject kexts, but there are a couple of ways to let the old method work. One of them is already being used by the kernel patcher. This was also one of the ways I found earlier, but I did not stop there. A real injection is on its way. It's a matter of time, but time is not on my side because I am busy with other stuff as well.

[Slice]

Hi, can anyone give some explanation of what the booterconfig flag is for? It is always included, and always has the value 0x28. I know it is needed but how is it different from csractiveconfig and what other values are possible apart from 0x28? Thanks.

 

 

You must be confused. You looked at boot_args->flags instead of boot_args->csrCapabilities These are not the same

He asked about  boot_args->flags. The answer is correct.

[mhaeuser]

As Slice said, he asked for bootercfg and that is ->flags... what has changed is that PendingConfig was renamed and InstallUi added.

Also, there is no new way of injection but only a kernel patch that jumps past the check for the kext-management entitlement.

[iRipper]

So what are the safest BooterConfig and CsrActiveConfig entries that still allow kext injection and normal booting?   Can I switch to 0x2 or something like that to improve security? 

 

Mine are standard 0x28 and 0x67

 

I have enabled rootless after rebuilding kext caches. 

[mhaeuser]

I don't think kext injection needs anything disabled. You MIGHT need to disable signature check, but OS X never checked sig when injecting afaik. Just try.

Oh, and bootercfg is not security, leave it alone for now.

[Mrengles]

So what are the safest BooterConfig and CsrActiveConfig entries that still allow kext injection and normal booting?   Can I switch to 0x2 or something like that to improve security? 

 

Mine are standard 0x28 and 0x67

 

I have enabled rootless after rebuilding kext caches. 

 

iRipper

 

It just depends on what you need to make your system work. Personally I only require 0x28 and 0x1 so that I can inject a couple kexts with Clover and Install a few unsigned kexts after the OS X install process.

 

Good luck,

 

-Robert

[iRipper]

Okay, thanks guys! 

 

@ Robert,  my needs are similar to yours, I don't inject hundreds of kexts or spread them everywhere 

[Pike R. Alpha]

He asked about boot_args->flags. The answer is correct.

No. Flags didn't change. Only one item was renamed since Yosemite, but the checks in the code are still the same as in Yosemite. What actually did change was boot_args->csrCapabilities There you'll find items that were first introduced in El Capitan.

[Slice]

boot_args->csrCapabilities is controlled other way. I have no xnu sources of El Capitan to see details.

[mhaeuser]

csrCapabilities is a bitmask with all available bits set. So, afaik it just gets set to CSR_VALID_FLAGS. Also, yes there is something new in boot_args.flags which is kBootArgsInstallUi.

[tluck]

is it just me? .... tried to build 3262 and got this error:

 

Processing meta-data .

 

build.py...

/Extra/Clover_Install/CloverGrowerPro/edk2/Clover/Clover.dsc(...): error 4000: Instance of library class [VarCheckLib] is not found

in [/Extra/Clover_Install/CloverGrowerPro/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf] [X64]

consumed by module [/Extra/Clover_Install/CloverGrowerPro/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf]