msr-lock mislack of infos about firmware extraction

[dreamwhite]

Currently the guide mentions only

open your firmware with UEFITool

without telling how to get it. Some firmwares, such as Asus and many others work with this procedure (unzip the BIOS upgrade package and open it with UEFITool) But many others, such as Dell, HP, Acer, Inno-based BIOS upgrade packages are a little bit difficult to extract. For example on Dell you need to extract a .hdr file from the .exe, then unpack it using pfsextractor and then following the standard procedure. I'll try to write a guide to explain as much as possible how to get the firmware.

[rottenpants466]

Msr lock is related to cfg lock? Or are they the same? Sorry for the stupid question

In any case... I was trying to see if i could disable cfg lock on my hp laptop but like you said its inside in the exe file and i cant extract the bios image to check it in uefi tool

[dreamwhite]

Msr lock is related to cfg lock? Or are they the same? Sorry for the stupid question

MSR 0xE2 is a BIOS region which is necessary for macOS for writing some stuff such as CPU C-states and many other things. The access to this region is handled by CFG Lock, a boolean bit (True or False, 1 or 0) which denies or grants access to this region. If its value is 0x00 (False), then MSR 0xE2 is writable. So yes, they are related together. CFG Lock is like a guardian which grants or deny the access to this region.

Without CFG Lock unlocked, the only way to boot is using KernelPM or KernelXCPM in Clover, or their equivalent in Opencore: AppleCpuPmCfgLock and AppleXcpmCfgLock.

Please note that those patches are very unstable as they try to "jump" over this region making macOS unusable.

In any case... I was trying to see if i could disable cfg lock on my hp laptop but like you said its inside exe file and i cant extract the bios image to check in uefi tool

Well, I've "found" a method, thanks to @1alessandro1, for HP BIOSes extraction. Simply open the BIOS upgrade package from a Windows environment and select "Copy file to different folder". It will decrypt the BIOS payload and then you can easily follow the @khronokernel guide :)

I hope I can be of service

[rottenpants466]

Thanks i will try that :)

[Juan-VC-gh]

Does anyone know if CPU PM is worse if one has CFG lock? I have it locked and will never be able to unlock it for my laptop so I have the kernel quirks enabled.

[dreamwhite]

@Juan-VC of course lol. Clover/OpenCore applies patches which aren't stable as they try to "jump" over MSR 0xE2. What's your motherboard model? Vendor?

[Juan-VC-gh]

It is a laptop so it comes which a mass produced unknown motherboard. I only know it’s chipset is HM370 and that I cannot get a complete firmware that can be analyzed with uefitool, I can only download firmware updates.

[dreamwhite]

Uhm... Attach the firmware update package

[Juan-VC-gh]

I extracted the .exe and tried to open the largest file in it (a 13MB) file and UEFITool said it found no uefi folder I think. https://dl.dell.com/FOLDER06061941M/1/Dell_G5_5587_G7_7588_Vostro_7580_1.12.2.exe

[dreamwhite]

The steps for extracting BIOS payload for Dell are described on my repository

This is the offset of CFG Lock that I've extracted from your BIOS upgrade package: 0x5BD So in order to disable CFG Lock you need to type inside a modGRUBShell.efi: setup_var 0x5BD 0x00

[Juan-VC-gh]

You got it! Yay I did not know if I properly extracted the package, found not info about how to properly extract it until you linked your guide. Thanks man, appreciate it!

[dreamwhite]

I'll upload other BIOS extraction guides on the same repo linked above 🙂

[Juan-VC-gh]

I really wish @khronokernel link your uefi extraction guides, I was lost because it was not as trivial as for most desktop motherboards so those guides may help a lot of people!

[dreamwhite]

Hope It reads this issue lol

[Juan-VC-gh]

Just curious so with cpu pm kernel quirks, it jumps msr 0xE2, but I suppose it does write a register for the pm to work or does it not?

[dreamwhite]

Well the PM won't be the same as macOS will try to write on the MSR 0xE2 region. I don't know exactly how the patch works but I'm sure that it's unstable. I was working and my PC rebooted 3 times in a row ._.

[Juan-VC-gh]

Hmmm strange, I have never had a random reboot, I used mojave and now catalina on my laptop. I read the command has to be run everytime you reset BIOS settings, should it be also run when updating the BIOS?

[Juan-VC-gh]

The verify msr 0xe2 now shows the register is unlocked! Thanks again, I can finally boot without the kernel quirks!

[dreamwhite]

Hmmm strange, I have never had a random reboot, I used mojave and now catalina on my laptop. I read the command has to be run everytime you reset BIOS settings, should it be also run when updating the BIOS?

Of course. Remember the command and run it when you update your BIOS 🙂