Jump to content
3,737 posts in this topic

Recommended Posts

Darwin 17.0.0 kernel (extracted from prelinkedkernel in BaseSystem.dmg) is attached. KBEYosECSieSearchEXT is still there.

Thanks! Could you please also give me the OSInstaller bin?

(/System/Library/PrivateFrameworks/OSInstaller.framework/Versions/A/OSInstaller)

And the APFS driver: /usr/standalone/i386/apfs.efi

 

Thx again!

Hi, I don't know whether this is somewhat off-topic, if so, feel free to contact me and delete the post.

 

As for XCPM for unsupported CPUs patches of 10.13, please try this one:

 

1) Patch for _cpuid_set_info:

The disassembled code looks like this: (From DP1)

ffffff80003a1326	8a 05 21 5d 75 00 	movb	0x755d21(%rip), %al
ffffff80003a132c	04 72 	addb	$0x72, %al
ffffff80003a132e	3c d0 	cmpb	$-0x30, %al
ffffff80003a1330	77 50 	ja	0xffffff80003a1382

Alright, so that add is what we want to patch, and it's only needed for Broadwell-E CPUs, the patch will be:

72 3c d0 77 50 0f b6 c0
to
6a 3c d0 77 50 0f b6 c0

2) Patch for _xcpm_bootstrap:

The disassembled code looks like this:

ffffff80003d08c3	89 d8 	movl	%ebx, %eax
ffffff80003d08c5	04 c4 	addb	$-0x3c, %al
ffffff80003d08c7	3c 22 	cmpb	$0x22, %al
ffffff80003d08c9	77 22 	ja	0xffffff80003d08ed

And the patch will be:

89 d8 04 c4 3c 22 77 22
to
89 d8 04 xx 3c 22 77 22

Note: The xx is your exact platform CPUID, for example, the default one is 0x3C and I want it to be Ivy Bridge which is 0x3A, and the desired patch is:

89 d8 04 c4 3c 22 77 22
to
89 d8 04 c6 3c 22 77 22

3) Instant reboot fix

Look at these ones:

ffffff80003d107e	48 8d 3d 9b e1 65 00 	leaq	_xcpm_pkg_scope_msrs(%rip), %rdi
ffffff80003d1085	be 07 00 00 00 	movl	$0x7, %esi
ffffff80003d108a	31 d2 	xorl	%edx, %edx
ffffff80003d108c	e8 8f fc ff ff 	callq	0xffffff80003d0d20
ffffff80003d1091	83 fb 00 	cmpl	$0x0, %ebx
ffffff80003d1094	74 05 	je	0xffffff80003d109b
ffffff80003d1096	45 20 e5 	andb	%r12b, %r13b
ffffff80003d1099	74 13 	je	0xffffff80003d10ae
ffffff80003d109b	48 8d 3d ce e2 65 00 	leaq	_xcpm_core_scope_msrs(%rip), %rdi
ffffff80003d10a2	be 03 00 00 00 	movl	$0x3, %esi
ffffff80003d10a7	31 d2 	xorl	%edx, %edx
ffffff80003d10a9	e8 72 fc ff ff 	callq	0xffffff80003d0d20
ffffff80003d10ae	48 8d 3d 4b e3 65 00 	leaq	_xcpm_SMT_scope_msrs(%rip), %rdi
ffffff80003d10b5	be 0b 00 00 00 	movl	$0xb, %esi
ffffff80003d10ba	31 d2 	xorl	%edx, %edx
ffffff80003d10bc	e8 5f fc ff ff 	callq	0xffffff80003d0d20

Alright, so the patches will be:

# _xcpm_SMT_scope_msrs
be 0b 00 00 00 5d e9 08 00 00 00 -> be 0b 00 00 00 5d c3 90 90 90 90
and
be 0b 00 00 00 31 d2 e8 5f fc ff ff -> be 0b 00 00 00 31 d2 90 90 90 90 90

# _xcpm_core_scope_msrs
be 03 00 00 00 31 d2 e8 72 fc ff ff -> be 03 00 00 00 31 d2 90 90 90 90 90

# _xcpm_pkg_scope_msrs
be 07 00 00 00 31 d2 e8 8f fc ff ff -> be 07 00 00 00 31 d2 90 90 90 90 90

And if you want to disable the calls/jumps entirely, you should ret this offset:

ffffff80003d0d20	55 	pushq	%rbp  // Change this '55' to 'c3'

The patch is:

BE 0B 00 00 00 5D E9 08 00 00 00 0F 1F 84 00 00 00 00 00 55 48 89 E5 41 57 -> BE 0B 00 00 00 5D E9 08 00 00 00 0F 1F 84 00 00 00 00 00 C3 48 89 E5 41 57

4) Performance fix

89 D8 C1 E0 08 48 63 D0 -> B8 00 FF 00 00 48 63 D0 

5) AVX stuffs (Only for Pentium and Celeron users)

B9 A0 01 00 00 0F 32 -> B9 A0 01 00 00 31 C0 

All credits go to Pike R. Alpha, okrasit, vit9696 and other generous guys.

 

EDIT @ 25/07/17: Removed redundant bytes for 10.13 DP4 compatibility

EDIT @ 17/07/17: Added more patches and credit information

EDIT @ 22/06/17: Removed redundant bytes for 10.13 DP2 compatibility

Edited by PMheart
  • Like 14

:(

 

smbios Macpro 6.1 AMD CPU :P

 

Install macOSDeveloperBetaAccessUtility.dmg, restart and try again. You really need to enroll your device. After that, you can access macappstores://itunes.apple.com/app/id1209167288 in your Safari browser. It should open the download page for High Sierra in App Store.

Guest
This topic is now closed to further replies.
×
×
  • Create New...