miliuco Posted October 20, 2020 Share Posted October 20, 2020 (edited) What is CFG Lock and MSR 0xE2? CFG Lock is a BIOS setting that allows writing to a specific register, in this case MSR E2 (MSR = Model Specific Register). An MSR consists of one or more registers in blocks of instructions used to do certain tasks on a CPU. MTRs are also used to control CPU's access to memory ranges. Commands capable of reading and writing to MSR work with elevated privileges (the operating system, primarily). Many motherboards come from factory with MSR E2 region locked (read but not write) and quite a few of them even hide this option in BIOS user interface. In those that do show the option to block or unblock this variable, it is usually called CFG Lock. CFG Lock is a bit with 2 values, 0x1 or 0x0. When it is 0x1, macOS cannot write into this region and kernel patches are required. macOS wants to write this registry, both the Kernel and AppleIntelPowerManagement. It defines the C-states of the CPU, which is why it is essential for macOS. Without the ability to write to MSR E2, all or most of the CPU power management is lost and the system does not boot. In Clover 2 patches have been used: KernelPM (for AppleIntelPowerManagement.kext) and KernelXCPM (for the kernel). In OpenCore 2 others have been used: AppleCpuPmCfgLock (for AppleIntelPowerManagement.kext) and AppleXcpmCfgLock (for the kernel). These patches fix the problem but the registry is still read-only. To ensure native CPU power management, CFG Lock bit must be set to 0x0. To achieve this, the firmware must be modified to support writing to MSR E2. This method is preferred over Clover and OC patches, it generates greater system stability and the CPU power management more closely resembles that of a real Mac. The methods that are usually proposed for this task are too complex for most users who do not have a high level of knowledge, requiring specialized tools and even modified Grub. Below I comment on an alternative method that is much simpler and that, at least in my case, seems to have been successful. Like any of the methods that modify this bit, it has the risk of not working or even damaging the BIOS, so if you try it it is under your entire responsibility.CFGLock.efi User @Brumbaer has a tool called CFGLock.efi (see post). It is an EFI application, it has to be installed in OC Tools folder (Misc - Tools in config.plist) and in this way it is available in the OC menu next to Reset NVRAM. It should be accompanied by another tool included in the OC package called VerifyMsrE2.efi that reports current status of CFG Lock (locked / unlocked). When CFGLock.efi runs, it displays information (CFG variable found, varstore in which it resides, current reading and requests user intervention to make the change from 0x1 to 0x0 or vice versa). Then you have to restart. With VerifyMsrE2.efi we can check if the change has been successful. Both EFI applications can be run by selecting them directly in the OC menu but it is also possible, by installing OpenShell.efi tool, to run this shell and running them from there. Information for handling OpenShell.efi is available in OC and elsewhere. After CFGLock.efi I have tried CFGLock.efi and apparently it has worked well. macOS boots up and works fine with the OC patches AppleCpuPmCfgLock and AppleXcpmCfgLock disabled. VerifyMsrE2.efi reports "This firmware has UNLOCKED MSR 0XE2 register!". Hackintool in Utilities - Get AppleIntelInfo displays this text: AppleIntelInfo.kext v3.0 Copyright © 2012-2017 Pike R. Alpha. All rights reserved. IA32_MISC_ENABLES................(0x1A0) : 0x850089 ------------------------------------------ - CFG Lock............................. : 0 (MSR not locked) Note: Hackintool current version (3.4.6) doesn't show text after Get AppleIntelInfo in Big Sur beta 10. It's got from Catalina. Intel Power Gadget - Frequency graph shows variations between maximum and minimum suggestive of CPUPM. OpenCore 0.6.7 and later CFGLock.efi has been included in OpenCore tools under the name ControlMsrE2.efi. It can be executed in 2 ways: From UEFI Shell: looking for the macOS EFI partition and, within it, the EFI/OC/Tools folder, writing in the prompt ControlMsrE2.efi followed by the argument that can be lock, unlock or interactive; if it is executed without arguments it uses verify mode that only reads the current state of CFGLock. From the ControlMsrE2.efi icon in the OpenCore menu: in this case the way to pass it an argument is to write it previously in config.plist so that the chosen argument (lock, unlock or interactive) remains fixed for each time the tool is used. Edited November 5, 2022 by miliuco 2 4 Link to comment https://www.insanelymac.com/forum/topic/345492-guide-unlocking-cfg-with-opencore-and-cfglockefi/ Share on other sites More sharing options...
miliuco Posted November 5, 2020 Author Share Posted November 5, 2020 (edited) Note: Gigabyte has published (09/16/2020) a new BIOS for my Z390 Aorus Elite board, it is the F10g version and the main novelty, at least in the graphical interface, is the presence of a new option to block or unblock CFG so this task is much easier from now on. Edited November 5, 2022 by miliuco Link to comment https://www.insanelymac.com/forum/topic/345492-guide-unlocking-cfg-with-opencore-and-cfglockefi/#findComment-2743073 Share on other sites More sharing options...
miliuco Posted April 4, 2021 Author Share Posted April 4, 2021 (edited) (OpenCore 0.6.7 and 0.6.8) CFGLock.efi has been included in OpenCore tools under the name ControlMsrE2.efi. It can be executed in 2 ways: From UEFI Shell: looking for the macOS EFI partition and, within it, the EFI/OC/Tools folder, writing in the prompt ControlMsrE2.efi followed by the argument that can be lock, unlock or interactive; if it is executed without arguments it uses verify mode that only reads the current state of CFGLock. From the ControlMsrE2.efi icon in the OpenCore menu: in this case the way to pass it an argument is to write it previously in config.plist so that the chosen argument (lock, unlock or interactive) remains fixed for each time the tool is used. Edited November 5, 2022 by miliuco 2 Link to comment https://www.insanelymac.com/forum/topic/345492-guide-unlocking-cfg-with-opencore-and-cfglockefi/#findComment-2754697 Share on other sites More sharing options...
miliuco Posted April 4, 2021 Author Share Posted April 4, 2021 @eSaF Good night, my friend, I'm going to sleep. 1 Link to comment https://www.insanelymac.com/forum/topic/345492-guide-unlocking-cfg-with-opencore-and-cfglockefi/#findComment-2754699 Share on other sites More sharing options...
eSaF Posted April 5, 2021 Share Posted April 5, 2021 1 hour ago, miliuco said: @eSaF Good night, my friend, I'm going to sleep. Yea I am off to bed also it is now 2.15am so Hope you have a good night also. Link to comment https://www.insanelymac.com/forum/topic/345492-guide-unlocking-cfg-with-opencore-and-cfglockefi/#findComment-2754701 Share on other sites More sharing options...
Drovosek Posted November 4, 2022 Share Posted November 4, 2022 (edited) Hello everyone. I have a Chinese QIYIDA x79 motherboard with an E5-2670 v2 processor and I am trying to unlock the MSR 0xE2 register I tried to do this using ControlMsrE2.efi and Cfgblock.efi, but the process freezes immediately after unlocking starts. Spoiler I made a bios dump using the AFUDOS utility and also using the universal bios backup toolkit 2.0 program and opened both backups in the UEFI Tool application and tried to find the text "CFG Lock" there, but nothing was found. Then I tried to find the text "CFG" and found 4 places with this text. I extracted all 4 places into .sct format files and tried to convert them using ifrextractor, but each time I got the error "No IFR data found" Please help me find the offset for the MSR 0xE2 register Here both dumped bioses: https://mega.nz/file/2sNBTLRS#8ryVV5VmFoT9ERuEY0600rZVtWlVCzt3JlkgYtGy2WU https://mega.nz/file/GhkzDJhS#hT7v-rpsbnhyODvwK8QiWKl-WYWNcX4VGYXrdSj5Br8 Edited November 4, 2022 by Drovosek Link to comment https://www.insanelymac.com/forum/topic/345492-guide-unlocking-cfg-with-opencore-and-cfglockefi/#findComment-2796633 Share on other sites More sharing options...
miliuco Posted November 4, 2022 Author Share Posted November 4, 2022 @Drovosek Good night. I suppose that you can boot with these quirks enabled: AppleCpuPmCfgLock (for AppleIntelPowerManagement.kext) and AppleXcpmCfgLock (for the kernel) in OpenCore or KernelPM (for AppleIntelPowerManagement.kext) and KernelXCPM (for the kernel) in Clover. I don't have the tools or the time to look into your ROMs. Sorry. Do you run CFGLock.efi, included in OC 0.6.7 and newer, from OpenShell (not directly clicking the icon in the picker)? Link to comment https://www.insanelymac.com/forum/topic/345492-guide-unlocking-cfg-with-opencore-and-cfglockefi/#findComment-2796654 Share on other sites More sharing options...
Drovosek Posted November 5, 2022 Share Posted November 5, 2022 6 hours ago, miliuco said: Do you run CFGLock.efi, included in OC 0.6.7 and newer, from OpenShell (not directly clicking the icon in the picker)? No. I execute it from UEFI Shell Link to comment https://www.insanelymac.com/forum/topic/345492-guide-unlocking-cfg-with-opencore-and-cfglockefi/#findComment-2796686 Share on other sites More sharing options...
Slice Posted November 5, 2022 Share Posted November 5, 2022 I’m sorry but first post has wrong explanations about E2 register. @Drovosek you question is probably has an answer “impossible” Link to comment https://www.insanelymac.com/forum/topic/345492-guide-unlocking-cfg-with-opencore-and-cfglockefi/#findComment-2796714 Share on other sites More sharing options...
Recommended Posts