search

Inokinoki / xnu-bcm2837-hackintosh

Efforts to build and run XNU (macOS Kernel)/Hackintosh on Raspberry Pi 3
Apache License 2.0
71 stars 1 forks source link

Bootloader work #10

Open NSG650 opened 1 year ago

NSG650 commented 1 year ago

Hey! I stumbled across your repo and managed to build XNU successfully however I have issues booting it. I have a little bit of experience with ARM64 and managed to patch limine to load and run the kernel. However it crashes at arm_init basically after setting up the page tables and jumping into C code. You seemed like the guy who might know what went wrong so opening the issue here. Really sorry if I disturbed you or approached the wrong person and REALLY sorry I am opening this issue this late.

You can find the patches I made here

Thank you in advance!

Inokinoki commented 1 year ago

Hi!

Thanks for your amazing work!

There is another hacker who succeeded in patching the kernel and qemu, and boot the kernel on qemu.

Please check the details https://twitter.com/Xim24689559/status/1645435639985324032 There are some extra build steps to do, including the serial, the page table etc.

Thanks again for your work on the bootloader!

Best regards

Inoki

On Thu, Jun 29, 2023, 18:28 NSG650 @.***> wrote:

Hey! I stumbled across your repo and managed to build XNU successfully however I have issues booting it. I have a little bit of experience with ARM64 and managed to patch limine https://github.com/limine-bootloader/limine to load and run the kernel. However it crashes at arm_init basically after setting up the page tables and jumping into C code. You seemed like the guy who might know what went wrong so opening the issue here. Really sorry if I disturbed you or approached the wrong person and REALLY sorry I am opening this issue this late.

You can find the patches I made here https://gist.github.com/NSG650/16b61d8db84cbc48588da4b7130beb83

Thank you in advance!

— Reply to this email directly, view it on GitHub https://github.com/Inokinoki/xnu-bcm2837-hackintosh/issues/10, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB7NEBBKTJYUQA4LG7JWJALXNWUKHANCNFSM6AAAAAAZYX72M4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>

NSG650 commented 1 year ago

Hey!

Thanks for replying. I have tried the new kernel configs and it finally uses virtual memory at last!. However it fails to jump into arm_init but rather jumps else where. Do you have any idea where it could be failing? Again sorry if I am being annoying.

    uint64_t phys_base = kernel_buffer;
    uint64_t virt_base = low_addr_temp;

    boot_arguments->Revision = kBootArgsRevision2;
    boot_arguments->Version = kBootArgsVersion2;
    boot_arguments->physBase = phys_base;
    boot_arguments->virtBase = virt_base;
    boot_arguments->memSize = size;
    boot_arguments->memSizeActual = 0;
    boot_arguments->topOfKernelData = boot_arguments->physBase + boot_arguments->memSize;

I am passing these as my arguments arguments. kernel_buffer has all the segments loaded. and low_addr_temp is calculated. variable names have changed since I cleaned up the code.

image

Thanks in advance

Edit: I have also looked into the qemu fork used and it would jump elsewhere instead.

NSG650 commented 1 year ago

Hey again!

I looked in deeper and found out what went wrong.

Zhuowei has provided a QEMU implementation that can load XNU kernel(or kernalcache) Mach-O file to QEMU's RAM. As his blog pointed out, we need to load Mach-O file to a base address that leading 1s are erased. For example, data located at (virtual address) 0xfffffff0070059c0 should be loaded to (physical address) 0x70059c0

So after changing my code to this 

uint64_t phys_base = kernel_buffer;
uint64_t virt_base = 0xfffffff000000000 + kernel_buffer;

image

it worked. It crashes elsewhere. I will look into that now but now it finally jumps into arm_init

Thank you again.

NSG650 commented 1 year ago

Hello again,

I am extremely sorry if I am being annoying now. The kernel makes it to _panic_with_thread_kernel_state now but crashes at 0xfffffff0078b91eb after the end of the function. 

0xfffffff075c3f1d8:  3c8283e0  stur     q0, [sp, #0x28]
0xfffffff075c3f1dc:  a901afe1  stp      x1, x11, [sp, #0x18]
0xfffffff075c3f1e0:  a900c3ec  stp      x12, x16, [sp, #8]
0xfffffff075c3f1e4:  f90003e8  str      x8, [sp]
0xfffffff075c3f1e8:  97fffd22  bl       #0xfffffff075c3e670

----------------
IN: 
0xfffffff075c3f1ec:  fffffff0  .byte    0xf0, 0xff, 0xff, 0xff

----------------
IN: 
0xfffffff0754cb6dc:  fffffff0  .byte    0xf0, 0xff, 0xff, 0xff

----------------
IN: 
0xfffffff0754cb3ec:  fffffff0  .byte    0xf0, 0xff, 0xff, 0xff

There is no UART output as well. Please help me out whenever you are free.

Thanks in advance

NSG650 commented 12 months ago

Hi yet again

I trace down the crash to _wfe_timeout_configure looking at the source code tree there is no reference to panic image

However it jumps to that very function anyways. I am using the prebuilt kernel by chenguokai. I also viewed the function in ghidra and it shows a jump to panic after a specific condition image

Thanks in advance

Edit: My bad its a compiler optimization which causes the 2 function calls to be merged in one. Still it fails the check.

NSG650 commented 6 months ago

Hey there! It has been a long time but I have managed to get XNU booting with this fork of u-boot and a one line patch to chenguokai's kernel!

image

I will try it out on real hardware soon.

Here is the patch that was done

// in osfmk/arm64/arm_vm_init.c:2070
#if XNU_MONITOR
    for (vm_offset_t cur = (vm_offset_t)pmap_stacks_start; cur < (vm_offset_t)pmap_stacks_end; cur += ARM_PGBYTES) {
        arm_vm_map(cpu_tte, cur, ARM_PTE_EMPTY);
    }
#endif

        PE_slide_devicetree(gVirtBase - gPhysBase); // Added because the 1:1 physical mappings are gone and we don't want to continue accessing those addresses

    pmap_bootstrap(dynamic_memory_begin);

    disable_preemption();

    /*
     * Initialize l3 page table pages :
     *   cover this address range:
     *    2MB + FrameBuffer size + 10MB for each 256MB segment
     */
NSG650 commented 6 months ago

Hey! It works on real hardware as well! xnu_on_pi boot_logs

NSG650 commented 6 months ago

So I tested it out on my school's Raspberry Pi 3 B as well since I own a 3 B+ and it works on it as well. I will do a write up on this soon and will publish how to get this up and running.

at_school XNU_ON_THE_PI_3_WOOH_at_school

Inokinoki commented 6 months ago

So I tested it out on my school's Raspberry Pi 3 B as well since I own a 3 B+ and it works on it as well. I will do a write up on this soon and will publish how to get this up and running.

at_school XNU_ON_THE_PI_3_WOOH_at_school

Thanks very much! That's really impressive and a great work!

I am also looking forward to running on my configured Raspi3 with JTAG, and to seeing what to do next. However, I didn't get much time working on it...

Looking forward to it! Maybe you can also publish it somewhere on HackerNews, I will definitely give my upvote 🎉🎉🎉

NSG650 commented 6 months ago

Finally published the blog. Theres a guide on how you can get it up and running. This was over all fun and learnt alot about ARM64 and XNU.

NSG650 commented 6 months ago

Hey there again,

First off Happy new year!

I modified u-boot to provide XNU with a framebuffer and it works! photo_2024-01-01_14-27-51

I am still kind of confused where to go on from here now, does one have to write a platform driver for the Pi in order to boot further? Do I need to use another dtb?

Thanks in advance

CE1CECL commented 4 months ago

Hey there again,

First off Happy new year!

I modified u-boot to provide XNU with a framebuffer and it works! photo_2024-01-01_14-27-51

I am still kind of confused where to go on from here now, does one have to write a platform driver for the Pi in order to boot further? Do I need to use another dtb?

Thanks in advance

May I ask how you were able to modify U-Boot to work with FB? Will this work on a Pi 4, or am I stuck using KVM on Pi 4 and QEMU?

CE1CECL commented 4 months ago

@NSG650 I also saw your blog, and I didn't use a custom QEMU, was this required?

Darwin Kernel Version 20.3.0: Sun Dec 10 16:02:04 IST 2023; nsg650:xnu-xnu-7195.81.3/BUILD/obj/DEVELOPMENT_ARM64_BCM2837
pmap_startup() init/release time: 1134 microsec
pmap_startup() delayed init/release of 0 pages
vm_page_bootstrap: 16099 free pages, 16669 wired pages, (up to 0 of which are delayed free)
"vm_compressor_mode" is 32
zone_init: submap[0] 0xfffffff043000000:0xfffffff1daff9000 (6527M)
zone_init: submap[1] 0xfffffff1e3001000:0xfffffff512ff4000 (13055M)
zone_init: submap[2] 0xfffffff513000000:0xfffffff842ff4000 (13055M)
zone leak detection disabled
oslog_init completed, 16 chunks, 8 io pages
standard timeslicing quantum is 10000 us
standard background quantum is 2500 us
WQ[wql_init]: init linktable with max:262144 elements (8388608 bytes)
WQ[wqp_init]: init prepost table with max:262144 elements (8388608 bytes)
mig_table_max_displ = 53 mach_kobj_count = 363
Limiting task physical memory footprint to 1450 MB
Limiting task physical memory warning to 96%
bootstrap thread enter
bootstrap thread idle created
bootstrap thread sched start
bootstrap thread daemon init
bootstrap thread vm kernel reserved
bootstrap thread call init
bootstrap work interval init
bootstrap thread bind
bootstrap thread ipc call
bootstrap thread map adjust
bootstrap thread clock service
bootstrap thread device service
bootstrap thread phys carveout
kdp_core zlib memory 0x7000
Serial requested, consistent debug disabled or debug boot arg not present, configuring debugging over serial
bootstrap thread ktrace
iBoot version: U-BOOT         
Kernel kext log filter 0xfff per kextlog boot arg.
Kext system initialized.
Kext __kernel__ registered class OSMetaClass.
Kext __kernel__ registered class OSObject.
Kext __kernel__ registered class OSArray.
Kext __kernel__ registered class OSBoolean.
Kext __kernel__ registered class OSCollection.
Kext __kernel__ registered class OSCollectionIterator.
Kext __kernel__ registered class OSData.
Kext __kernel__ registered class OSDictionary.
Kext __kernel__ registered class OSIterator.
Kext __kernel__ registered class OSKext.
Kext __kernel__ registered class OSKextSavedMutableSegment.
Kext __kernel__ registered class OSNumber.
Kext __kernel__ registered class OSOrderedSet.
Kext __kernel__ registered class OSSerialize.
Kext __kernel__ registered class OSSerializer.
Kext __kernel__ registered class OSSet.
Kext __kernel__ registered class OSString.
Kext __kernel__ registered class OSSymbol.
Kext __kernel__ registered class OSAction.
Kext __kernel__ registered class OSAction_IOUserClient_KernelCompletion.
Kext __kernel__ registered class IODispatchSource.
Kext __kernel__ registered class IODispatchQueue.
Kext __kernel__ registered class IOInterruptDispatchSource.
Kext __kernel__ registered class IODataQueueDispatchSource.
Kext __kernel__ registered class IOServiceNotificationDispatchSource.
Kext __kernel__ registered class IOConditionLock.
Kext __kernel__ registered class IORegistryEntry.
Kext __kernel__ registered class IORegistryPlane.
Kext __kernel__ registered class IORegistryIterator.
Kext __kernel__ registered class IOService.
Kext __kernel__ has IOService subclass IOService; enabling autounload.
Kext __kernel__ registered class _IOServiceNotifier.
Kext __kernel__ registered class _IOServiceNullNotifier.
Kext __kernel__ registered class _IOServiceInterestNotifier.
Kext __kernel__ registered class _IOConfigThread.
Kext __kernel__ registered class _IOServiceJob.
Kext __kernel__ registered class IOResources.
Kext __kernel__ registered class IOUserResources.
Kext __kernel__ registered class _IOOpenServiceIterator.
Kext __kernel__ registered class IONotifier.
Kext __kernel__ registered class IOServiceCompatibility.
Kext __kernel__ registered class IOPMRequest.
Kext __kernel__ registered class IOPMRequestQueue.
Kext __kernel__ registered class IOPMWorkQueue.
Kext __kernel__ registered class IOPMCompletionQueue.
Kext __kernel__ registered class IOServicePM.
Kext __kernel__ registered class IOPMinformee.
Kext __kernel__ registered class IOPMinformeeList.
Kext __kernel__ registered class IOPMPowerStateQueue.
Kext __kernel__ registered class IOCatalogue.
Kext __kernel__ registered class IOPMPowerSource.
Kext __kernel__ registered class IOPMPowerSourceList.
Kext __kernel__ registered class IOPMGR.
Kext __kernel__ registered class IOPolledInterface.
Kext __kernel__ registered class IOPolledFilePollers.
Kext __kernel__ registered class IOWorkLoop.
Kext __kernel__ registered class IOEventSource.
Kext __kernel__ registered class IOInterruptEventSource.
Kext __kernel__ registered class IOCommandGate.
Kext __kernel__ registered class IOCommand.
Kext __kernel__ registered class IOCommandPool.
Kext __kernel__ registered class IODMAEventSource.
Kext __kernel__ registered class IOFilterInterruptEventSource.
Kext __kernel__ registered class IOTimerEventSource.
Kext __kernel__ registered class IOBufferMemoryDescriptor.
Kext __kernel__ registered class IODMACommand.
Kext __kernel__ registered class IOInterleavedMemoryDescriptor.
Kext __kernel__ registered class IOMapper.
Kext __kernel__ registered class IOMemoryCursor.
Kext __kernel__ registered class IONaturalMemoryCursor.
Kext __kernel__ registered class IOBigMemoryCursor.
Kext __kernel__ registered class IOLittleMemoryCursor.
Kext __kernel__ registered class IOMemoryDescriptor.
Kext __kernel__ registered class IOGeneralMemoryDescriptor.
Kext __kernel__ registered class IOMemoryMap.
Kext __kernel__ registered class IOMultiMemoryDescriptor.
Kext __kernel__ registered class IORangeAllocator.
Kext __kernel__ registered class IOSubMemoryDescriptor.
Kext __kernel__ registered class IOPlatformExpert.
Kext __kernel__ registered class IODTPlatformExpert.
Kext __kernel__ registered class IOPlatformExpertDevice.
Kext __kernel__ registered class IOPlatformDevice.
Kext __kernel__ registered class IOPanicPlatform.
Kext __kernel__ registered class IOPlatformIO.
Kext __kernel__ registered class IOCPU.
Kext __kernel__ registered class IOCPUInterruptController.
Kext __kernel__ registered class IODTNVRAM.
Kext __kernel__ registered class IODTNVRAMVariables.
Kext __kernel__ registered class IODMAController.
Kext __kernel__ registered class IOInterruptController.
Kext __kernel__ registered class IOSharedInterruptController.
Kext __kernel__ registered class PassthruInterruptController.
Kext __kernel__ registered class IOMachPort.
Kext __kernel__ registered class IOUserIterator.
Kext __kernel__ registered class IOUserNotification.
Kext __kernel__ registered class IOServiceUserNotification.
Kext __kernel__ registered class IOServiceMessageUserNotification.
Kext __kernel__ registered class IOUserClient.
Kext __kernel__ registered class IOKitDiagnostics.
Kext __kernel__ registered class IOKitDiagnosticsClient.
Kext __kernel__ registered class IODataQueue.
Kext __kernel__ registered class IOSharedDataQueue.
Kext __kernel__ registered class IOReporter.
Kext __kernel__ registered class IOSimpleReporter.
Kext __kernel__ registered class IOStateReporter.
Kext __kernel__ registered class IOHistogramReporter.
Kext __kernel__ registered class IOReportLegend.
Kext __kernel__ registered class IORTC.
Kext __kernel__ registered class OSUserMetaClass.
Kext __kernel__ registered class IOUserService.
Kext __kernel__ registered class IOUserServerCheckInToken.
Kext __kernel__ registered class IOUserServer.
Kext __kernel__ registered class IOUserUserClient.
Kext __kernel__ registered class RootDomainUserClient.
Kext __kernel__ registered class IOPowerConnection.
Kext __kernel__ registered class IOWatchDogTimer.
Kext __kernel__ registered class IOPerfControlClient.
Kext __kernel__ registered class IOPerfControlWorkContext.
Kext __kernel__ registered class IONVRAMController.
Kext __kernel__ registered class PMAssertionsTracker.
Kext __kernel__ registered class PMHaltWorker.
Kext __kernel__ registered class IOPMrootDomain.
Kext __kernel__ registered class IOPMServiceInterestNotifier.
Kext __kernel__ registered class PMTraceWorker.
Kext __kernel__ registered class PMSettingHandle.
Kext __kernel__ registered class PMSettingObject.
Kext __kernel__ registered class IORootParent.
Reading startup extensions.
Loading Kernel External Components.
Reading built-in kernel personalities for I/O Kit drivers.
Sending all eligible registered kexts' personalities to the IOCatalogue and starting matching.
0 kext personality sent to the IOCatalogue; matching started.
IONVRAM::getNVRAMSize:773 - NVRAM size is 8192 bytes
IONVRAM::initNVRAMImage:924 - NVRAM : ofPartitionOffset - 0x30, ofPartitionSize - 0x7f0, systemPartitionOffset - 0xffffffff, systemPartitionSize - 0x0
IONVRAM::initProxyData:750 - Exited initNVRAMImage
Loading security extensions.
calling mpo_policy_init for vnguard
Security policy loaded: Guarded vnode policy (vnguard)
Jettisoning kext bootstrap segments.
No POST boot-arg set.
panic(cpu 0 caller 0xfffffff00782cc84): "Unable to find driver for this platform: \"D421AP\".\n"
Debugger message: panic
Device: D20
Hardware Model: iPhone10,1
ECID: 0000000000000000
Boot args: debug=0x8 kextlog=0xfff -noprogress
Memory ID: 0x0
OS release type: Not set yet
OS version: Not set yet
Kernel version: Darwin Kernel Version 20.3.0: Sun Dec 10 16:02:04 IST 2023; nsg650:xnu-xnu-7195.81.3/BUILD/obj/DEVELOPMENT_ARM64_BCM2837
Kernel UUID: 79DDC47D-EF8C-3E03-967E-774CC358C2BC
iBoot version: U-BOOT         
secure boot?: NO
Paniclog version: 13
Kernel text base:  0xfffffff007004000
mach_absolute_time: 0x2d115bfe
Epoch Time:        sec       usec
  Boot    : 0x00000000 0x00000000
  Sleep   : 0x00000000 0x00000000
  Wake    : 0x00000000 0x00000000
  Calendar: 0x00000000 0x00000000

Panicked task 0xfffffff1e3036140: 852 pages, 12 threads: NULL bsd_info pointer
unknown task
Panicked thread: 0xfffffff1e3050198, backtrace: 0xfffffff0022ab6d0, tid: 112
          lr: 0xfffffff00719545c  fp: 0xfffffff0022ab760
          lr: 0xfffffff00732dc80  fp: 0xfffffff0022ab780
          lr: 0xfffffff00731f7a8  fp: 0xfffffff0022ab840
          lr: 0xfffffff0071495a4  fp: 0xfffffff0022ab850
          lr: 0xfffffff007194ee0  fp: 0xfffffff0022abbe0
          lr: 0xfffffff007194ee0  fp: 0xfffffff0022abc50
          lr: 0xfffffff0078bc6b0  fp: 0xfffffff0022abc70
          lr: 0xfffffff00782cc84  fp: 0xfffffff0022abc90
          lr: 0xfffffff0077ddb90  fp: 0xfffffff0022abd20
          lr: 0xfffffff0077dd684  fp: 0xfffffff0022abdf0
          lr: 0xfffffff0077dc85c  fp: 0xfffffff0022abe60
          lr: 0xfffffff0077dfb5c  fp: 0xfffffff0022abf00
          lr: 0xfffffff00714c500  fp: 0x0000000000000000

** Stackshot Incomplete ** Bytes Filled 240 **
Attempting system restart...
MACH Reboot
NSG650 commented 4 months ago

@NSG650 I also saw your blog, and I didn't use a custom QEMU, was this required?

Darwin Kernel Version 20.3.0: Sun Dec 10 16:02:04 IST 2023; nsg650:xnu-xnu-7195.81.3/BUILD/obj/DEVELOPMENT_ARM64_BCM2837
pmap_startup() init/release time: 1134 microsec
pmap_startup() delayed init/release of 0 pages
vm_page_bootstrap: 16099 free pages, 16669 wired pages, (up to 0 of which are delayed free)
"vm_compressor_mode" is 32
zone_init: submap[0] 0xfffffff043000000:0xfffffff1daff9000 (6527M)
zone_init: submap[1] 0xfffffff1e3001000:0xfffffff512ff4000 (13055M)
zone_init: submap[2] 0xfffffff513000000:0xfffffff842ff4000 (13055M)
zone leak detection disabled
oslog_init completed, 16 chunks, 8 io pages
standard timeslicing quantum is 10000 us
standard background quantum is 2500 us
WQ[wql_init]: init linktable with max:262144 elements (8388608 bytes)
WQ[wqp_init]: init prepost table with max:262144 elements (8388608 bytes)
mig_table_max_displ = 53 mach_kobj_count = 363
Limiting task physical memory footprint to 1450 MB
Limiting task physical memory warning to 96%
bootstrap thread enter
bootstrap thread idle created
bootstrap thread sched start
bootstrap thread daemon init
bootstrap thread vm kernel reserved
bootstrap thread call init
bootstrap work interval init
bootstrap thread bind
bootstrap thread ipc call
bootstrap thread map adjust
bootstrap thread clock service
bootstrap thread device service
bootstrap thread phys carveout
kdp_core zlib memory 0x7000
Serial requested, consistent debug disabled or debug boot arg not present, configuring debugging over serial
bootstrap thread ktrace
iBoot version: U-BOOT         
Kernel kext log filter 0xfff per kextlog boot arg.
Kext system initialized.
Kext __kernel__ registered class OSMetaClass.
Kext __kernel__ registered class OSObject.
Kext __kernel__ registered class OSArray.
Kext __kernel__ registered class OSBoolean.
Kext __kernel__ registered class OSCollection.
Kext __kernel__ registered class OSCollectionIterator.
Kext __kernel__ registered class OSData.
Kext __kernel__ registered class OSDictionary.
Kext __kernel__ registered class OSIterator.
Kext __kernel__ registered class OSKext.
Kext __kernel__ registered class OSKextSavedMutableSegment.
Kext __kernel__ registered class OSNumber.
Kext __kernel__ registered class OSOrderedSet.
Kext __kernel__ registered class OSSerialize.
Kext __kernel__ registered class OSSerializer.
Kext __kernel__ registered class OSSet.
Kext __kernel__ registered class OSString.
Kext __kernel__ registered class OSSymbol.
Kext __kernel__ registered class OSAction.
Kext __kernel__ registered class OSAction_IOUserClient_KernelCompletion.
Kext __kernel__ registered class IODispatchSource.
Kext __kernel__ registered class IODispatchQueue.
Kext __kernel__ registered class IOInterruptDispatchSource.
Kext __kernel__ registered class IODataQueueDispatchSource.
Kext __kernel__ registered class IOServiceNotificationDispatchSource.
Kext __kernel__ registered class IOConditionLock.
Kext __kernel__ registered class IORegistryEntry.
Kext __kernel__ registered class IORegistryPlane.
Kext __kernel__ registered class IORegistryIterator.
Kext __kernel__ registered class IOService.
Kext __kernel__ has IOService subclass IOService; enabling autounload.
Kext __kernel__ registered class _IOServiceNotifier.
Kext __kernel__ registered class _IOServiceNullNotifier.
Kext __kernel__ registered class _IOServiceInterestNotifier.
Kext __kernel__ registered class _IOConfigThread.
Kext __kernel__ registered class _IOServiceJob.
Kext __kernel__ registered class IOResources.
Kext __kernel__ registered class IOUserResources.
Kext __kernel__ registered class _IOOpenServiceIterator.
Kext __kernel__ registered class IONotifier.
Kext __kernel__ registered class IOServiceCompatibility.
Kext __kernel__ registered class IOPMRequest.
Kext __kernel__ registered class IOPMRequestQueue.
Kext __kernel__ registered class IOPMWorkQueue.
Kext __kernel__ registered class IOPMCompletionQueue.
Kext __kernel__ registered class IOServicePM.
Kext __kernel__ registered class IOPMinformee.
Kext __kernel__ registered class IOPMinformeeList.
Kext __kernel__ registered class IOPMPowerStateQueue.
Kext __kernel__ registered class IOCatalogue.
Kext __kernel__ registered class IOPMPowerSource.
Kext __kernel__ registered class IOPMPowerSourceList.
Kext __kernel__ registered class IOPMGR.
Kext __kernel__ registered class IOPolledInterface.
Kext __kernel__ registered class IOPolledFilePollers.
Kext __kernel__ registered class IOWorkLoop.
Kext __kernel__ registered class IOEventSource.
Kext __kernel__ registered class IOInterruptEventSource.
Kext __kernel__ registered class IOCommandGate.
Kext __kernel__ registered class IOCommand.
Kext __kernel__ registered class IOCommandPool.
Kext __kernel__ registered class IODMAEventSource.
Kext __kernel__ registered class IOFilterInterruptEventSource.
Kext __kernel__ registered class IOTimerEventSource.
Kext __kernel__ registered class IOBufferMemoryDescriptor.
Kext __kernel__ registered class IODMACommand.
Kext __kernel__ registered class IOInterleavedMemoryDescriptor.
Kext __kernel__ registered class IOMapper.
Kext __kernel__ registered class IOMemoryCursor.
Kext __kernel__ registered class IONaturalMemoryCursor.
Kext __kernel__ registered class IOBigMemoryCursor.
Kext __kernel__ registered class IOLittleMemoryCursor.
Kext __kernel__ registered class IOMemoryDescriptor.
Kext __kernel__ registered class IOGeneralMemoryDescriptor.
Kext __kernel__ registered class IOMemoryMap.
Kext __kernel__ registered class IOMultiMemoryDescriptor.
Kext __kernel__ registered class IORangeAllocator.
Kext __kernel__ registered class IOSubMemoryDescriptor.
Kext __kernel__ registered class IOPlatformExpert.
Kext __kernel__ registered class IODTPlatformExpert.
Kext __kernel__ registered class IOPlatformExpertDevice.
Kext __kernel__ registered class IOPlatformDevice.
Kext __kernel__ registered class IOPanicPlatform.
Kext __kernel__ registered class IOPlatformIO.
Kext __kernel__ registered class IOCPU.
Kext __kernel__ registered class IOCPUInterruptController.
Kext __kernel__ registered class IODTNVRAM.
Kext __kernel__ registered class IODTNVRAMVariables.
Kext __kernel__ registered class IODMAController.
Kext __kernel__ registered class IOInterruptController.
Kext __kernel__ registered class IOSharedInterruptController.
Kext __kernel__ registered class PassthruInterruptController.
Kext __kernel__ registered class IOMachPort.
Kext __kernel__ registered class IOUserIterator.
Kext __kernel__ registered class IOUserNotification.
Kext __kernel__ registered class IOServiceUserNotification.
Kext __kernel__ registered class IOServiceMessageUserNotification.
Kext __kernel__ registered class IOUserClient.
Kext __kernel__ registered class IOKitDiagnostics.
Kext __kernel__ registered class IOKitDiagnosticsClient.
Kext __kernel__ registered class IODataQueue.
Kext __kernel__ registered class IOSharedDataQueue.
Kext __kernel__ registered class IOReporter.
Kext __kernel__ registered class IOSimpleReporter.
Kext __kernel__ registered class IOStateReporter.
Kext __kernel__ registered class IOHistogramReporter.
Kext __kernel__ registered class IOReportLegend.
Kext __kernel__ registered class IORTC.
Kext __kernel__ registered class OSUserMetaClass.
Kext __kernel__ registered class IOUserService.
Kext __kernel__ registered class IOUserServerCheckInToken.
Kext __kernel__ registered class IOUserServer.
Kext __kernel__ registered class IOUserUserClient.
Kext __kernel__ registered class RootDomainUserClient.
Kext __kernel__ registered class IOPowerConnection.
Kext __kernel__ registered class IOWatchDogTimer.
Kext __kernel__ registered class IOPerfControlClient.
Kext __kernel__ registered class IOPerfControlWorkContext.
Kext __kernel__ registered class IONVRAMController.
Kext __kernel__ registered class PMAssertionsTracker.
Kext __kernel__ registered class PMHaltWorker.
Kext __kernel__ registered class IOPMrootDomain.
Kext __kernel__ registered class IOPMServiceInterestNotifier.
Kext __kernel__ registered class PMTraceWorker.
Kext __kernel__ registered class PMSettingHandle.
Kext __kernel__ registered class PMSettingObject.
Kext __kernel__ registered class IORootParent.
Reading startup extensions.
Loading Kernel External Components.
Reading built-in kernel personalities for I/O Kit drivers.
Sending all eligible registered kexts' personalities to the IOCatalogue and starting matching.
0 kext personality sent to the IOCatalogue; matching started.
IONVRAM::getNVRAMSize:773 - NVRAM size is 8192 bytes
IONVRAM::initNVRAMImage:924 - NVRAM : ofPartitionOffset - 0x30, ofPartitionSize - 0x7f0, systemPartitionOffset - 0xffffffff, systemPartitionSize - 0x0
IONVRAM::initProxyData:750 - Exited initNVRAMImage
Loading security extensions.
calling mpo_policy_init for vnguard
Security policy loaded: Guarded vnode policy (vnguard)
Jettisoning kext bootstrap segments.
No POST boot-arg set.
panic(cpu 0 caller 0xfffffff00782cc84): "Unable to find driver for this platform: \"D421AP\".\n"
Debugger message: panic
Device: D20
Hardware Model: iPhone10,1
ECID: 0000000000000000
Boot args: debug=0x8 kextlog=0xfff -noprogress
Memory ID: 0x0
OS release type: Not set yet
OS version: Not set yet
Kernel version: Darwin Kernel Version 20.3.0: Sun Dec 10 16:02:04 IST 2023; nsg650:xnu-xnu-7195.81.3/BUILD/obj/DEVELOPMENT_ARM64_BCM2837
Kernel UUID: 79DDC47D-EF8C-3E03-967E-774CC358C2BC
iBoot version: U-BOOT         
secure boot?: NO
Paniclog version: 13
Kernel text base:  0xfffffff007004000
mach_absolute_time: 0x2d115bfe
Epoch Time:        sec       usec
  Boot    : 0x00000000 0x00000000
  Sleep   : 0x00000000 0x00000000
  Wake    : 0x00000000 0x00000000
  Calendar: 0x00000000 0x00000000

Panicked task 0xfffffff1e3036140: 852 pages, 12 threads: NULL bsd_info pointer
unknown task
Panicked thread: 0xfffffff1e3050198, backtrace: 0xfffffff0022ab6d0, tid: 112
        lr: 0xfffffff00719545c  fp: 0xfffffff0022ab760
        lr: 0xfffffff00732dc80  fp: 0xfffffff0022ab780
        lr: 0xfffffff00731f7a8  fp: 0xfffffff0022ab840
        lr: 0xfffffff0071495a4  fp: 0xfffffff0022ab850
        lr: 0xfffffff007194ee0  fp: 0xfffffff0022abbe0
        lr: 0xfffffff007194ee0  fp: 0xfffffff0022abc50
        lr: 0xfffffff0078bc6b0  fp: 0xfffffff0022abc70
        lr: 0xfffffff00782cc84  fp: 0xfffffff0022abc90
        lr: 0xfffffff0077ddb90  fp: 0xfffffff0022abd20
        lr: 0xfffffff0077dd684  fp: 0xfffffff0022abdf0
        lr: 0xfffffff0077dc85c  fp: 0xfffffff0022abe60
        lr: 0xfffffff0077dfb5c  fp: 0xfffffff0022abf00
        lr: 0xfffffff00714c500  fp: 0x0000000000000000

** Stackshot Incomplete ** Bytes Filled 240 **
Attempting system restart...
MACH Reboot

No I did not use a custom qemu build I just used the arch provided qemu package. For the framebuffer I just added these lines in the code for the bootxnu command.

    struct udevice *vid_device = NULL;
    struct video_priv *vid_priv = NULL;
    int ret = uclass_first_device_err(UCLASS_VIDEO, &vid_device);
    if (ret == 0) {
        vid_priv = dev_get_uclass_priv(vid_device);
    }

    if (vid_priv) {
        boot_args->video_information.base_addr = vid_priv->fb;
        boot_args->video_information.display = 0;
        boot_args->video_information.bytes_per_row = (vid_priv->fb_size) / vid_priv->ysize;
        boot_args->video_information.width = vid_priv->xsize;
        boot_args->video_information.height = vid_priv->ysize;
        boot_args->video_information.depth = (1 << vid_priv->bpix);

        printf("## Using framebuffer %s\n", vid_priv->vidconsole_drv_name);
        printf("boot_args->video_information.base_addr: 0x%p\n",     boot_args->video_information.base_addr);
        printf("boot_args->video_information.display: %d\n",         boot_args->video_information.display);
        printf("boot_args->video_information.bytes_per_row: %d\n",     boot_args->video_information.bytes_per_row);
        printf("boot_args->video_information.width: %d\n",             boot_args->video_information.width);
        printf("boot_args->video_information.height: %d\n",         boot_args->video_information.height);
        printf("boot_args->video_information.depth: %d\n",             boot_args->video_information.depth);
    }

around here

theoparis commented 3 months ago

Hi there. I wanted to see if I could get this to work with the latest u-boot and possibly a x86_64 version of the XNU kernel. I see there is a prebuilt rpi.dtb - how did you manage to create this file?

NSG650 commented 3 months ago

Hi there. I wanted to see if I could get this to work with the latest u-boot and possibly a x86_64 version of the XNU kernel. I see there is a prebuilt rpi.dtb - how did you manage to create this file?

I didn't create the file. I ripped it out from chenguokai's attempt. Chenguokai generated the dtb using this compiler and one of the jsons found here.

As for an x86_64 kernel I can't provide you one right now sadly.

I was going to work on porting the bootxnu command to the newer u boot version but then got busy with school lol.

CE1CECL commented 3 months ago

Hi there. I wanted to see if I could get this to work with the latest u-boot and possibly a x86_64 version of the XNU kernel. I see there is a prebuilt rpi.dtb - how did you manage to create this file?

I didn't create the file. I ripped it out from chenguokai's attempt. Chenguokai generated the dtb using this compiler and one of the jsons found here.

As for an x86_64 kernel I can't provide you one right now sadly.

I was going to work on porting the bootxnu command to the newer u boot version but then got busy with school lol.

Actually I got it to work with u-boot 2022 with some mods, if anyone cares

theoparis commented 3 months ago

Hi there. I wanted to see if I could get this to work with the latest u-boot and possibly a x86_64 version of the XNU kernel. I see there is a prebuilt rpi.dtb - how did you manage to create this file?

I didn't create the file. I ripped it out from chenguokai's attempt. Chenguokai generated the dtb using this compiler and one of the jsons found here.

As for an x86_64 kernel I can't provide you one right now sadly.

I was going to work on porting the bootxnu command to the newer u boot version but then got busy with school lol.

Oh ok, thanks. I think the swift code may work on a linux machine but it needs a fork of the unmaintained SwiftyJSON library. In terms of the x86_64 kernel, I can probably get one from a macos VM with https://github.com/notAperson535/OneClick-macOS-Simple-KVM.

I'll document this later once I have something working 🚀

Edit: If I try to boot the latest u-boot for x86_64 with updated patches it seems to boot loop with the last message being Jumping to 64-bit U-boot: note many features are missing. How can I debug this (with gdb or lldb)?

CE1CECL commented 3 months ago

Hi there. I wanted to see if I could get this to work with the latest u-boot and possibly a x86_64 version of the XNU kernel. I see there is a prebuilt rpi.dtb - how did you manage to create this file?

I didn't create the file. I ripped it out from chenguokai's attempt. Chenguokai generated the dtb using this compiler and one of the jsons found here. As for an x86_64 kernel I can't provide you one right now sadly. I was going to work on porting the bootxnu command to the newer u boot version but then got busy with school lol.

Oh ok, thanks. I think the swift code may work on a linux machine but it needs a fork of the unmaintained SwiftyJSON library. In terms of the x86_64 kernel, I can probably get one from a macos VM with https://github.com/notAperson535/OneClick-macOS-Simple-KVM.

I'll document this later once I have something working 🚀

Edit: If I try to boot the latest u-boot for x86_64 with updated patches it seems to boot loop with the last message being Jumping to 64-bit U-boot: note many features are missing. How can I debug this (with gdb or lldb)?

Is there a reason you need the lastest U-Boot, other than the frame buffer on QEMU? I did https://github.com/CE1CECL/u-boot/tree/ce1cecl to do that

CE1CECL commented 3 months ago

Screenshot from 2024-03-19 07-22-45

theoparis commented 3 months ago

Hi there. I wanted to see if I could get this to work with the latest u-boot and possibly a x86_64 version of the XNU kernel. I see there is a prebuilt rpi.dtb - how did you manage to create this file?

I didn't create the file. I ripped it out from chenguokai's attempt. Chenguokai generated the dtb using this compiler and one of the jsons found here. As for an x86_64 kernel I can't provide you one right now sadly. I was going to work on porting the bootxnu command to the newer u boot version but then got busy with school lol.

Oh ok, thanks. I think the swift code may work on a linux machine but it needs a fork of the unmaintained SwiftyJSON library. In terms of the x86_64 kernel, I can probably get one from a macos VM with https://github.com/notAperson535/OneClick-macOS-Simple-KVM. I'll document this later once I have something working 🚀 Edit: If I try to boot the latest u-boot for x86_64 with updated patches it seems to boot loop with the last message being Jumping to 64-bit U-boot: note many features are missing. How can I debug this (with gdb or lldb)?

Is there a reason you need the lastest U-Boot, other than the frame buffer on QEMU? I did https://github.com/CE1CECL/u-boot/tree/ce1cecl to do that

Thanks! I applied your changes via https://github.com/u-boot/u-boot/compare/master...CE1CECL:u-boot:ce1cecl.patch and removing the MAINTAINERS change temporarily to resolve conflicts. I also had to modify bootxnu.c to make it work on x86_64 (removing the asm/system.h header unless CONFIG_ARM64 is defined).

riadr2 commented 1 week ago

Hi there, how are all doing? Is there been any recent work or progress here ? I find this project a quite interesting and i would like to know if yall still working in it , and what your new goals