Contribute
Register

[GUIDE] Unlocking CFG with OpenCore and CFGLock.efi

Status
Not open for further replies.
Joined
Dec 10, 2010
Messages
1,366
Motherboard
Gigabyte Z390 Aorus Elite
CPU
i9-9900K
Graphics
RX 6600 XT
Mobile Phone
  1. iOS
What is CFG Lock and MSR 0xE2?

CFG Lock is a BIOS setting that allows writing to a specific register, in this case MSR E2 (MSR = Model Specific Register). An MSR consists of one or more registers in blocks of instructions used to do certain tasks on a CPU. MTRs are also used to control CPU's access to memory ranges. Commands capable of reading and writing to MSR work with elevated privileges (the operating system, primarily).

Many motherboards come from factory with MSR E2 region locked (read but not write) and quite a few of them even hide this option in BIOS user interface. In those that do show the option to block or unblock this variable, it is usually called CFG Lock. CFG Lock is a bit with 2 values, 0x1 or 0x0. When it is 0x1, macOS cannot write into this region and kernel patches are required.

macOS wants to write this registry, both the Kernel and AppleIntelPowerManagement. It defines the C-states of the CPU, which is why it is essential for macOS. Without the ability to write to MSR E2, all or most of the CPU power management is lost and the system does not boot.

In Clover 2 patches have been used: KernelPM (for AppleIntelPowerManagement.kext) and KernelXCPM (for the kernel). In OpenCore 2 others have been used: AppleCpuPmCfgLock (for AppleIntelPowerManagement.kext) and AppleXcpmCfgLock (for the kernel). These patches fix the problem but the registry is still read-only. To ensure native CPU power management, CFG Lock bit must be set to 0x0.

To achieve this, the firmware must be modified to support writing to MSR E2. This method is preferred over Clover and OC patches, it generates greater system stability and the CPU power management more closely resembles that of a real Mac. The methods that are usually proposed for this task are too complex for most users who do not have a high level of knowledge, requiring specialized tools and even modified Grub.

Below I comment on an alternative method that is much simpler and that, at least in my case, seems to have been successful. Like any of the methods that modify this bit, it has the risk of not working or even damaging the BIOS, so if you try it it is under your entire responsibility.

CFGLock.efi

User Brumbaer has a tool called CFGLock.efi. It is an EFI application, it has to be installed in OC Tools folder (Misc - Tools in config.plist) and in this way it is available in the OC menu next to Reset NVRAM. It should be accompanied by another tool included in the OC package called VerifyMsrE2.efi that reports current status of CFG Lock (locked / unlocked).

When CFGLock.efi runs, it displays information (CFG variable found, varstore in which it resides, current reading and requests user intervention to make the change from 0x1 to 0x0 or vice versa). Then you have to restart. With VerifyMsrE2.efi we can check if the change has been successful.

Both EFI applications can be run by selecting them directly in the OC menu but it is also possible, by installing OpenShell.efi tool, to run this shell and running them from there. Information for handling OpenShell.efi is available in OC and elsewhere.

oc-menu.png

After CFGLock.efi

I have tried CFGLock.efi and apparently it has worked well.
  1. macOS boots up and works fine with the OC patches AppleCpuPmCfgLock and AppleXcpmCfgLock disabled.

  2. VerifyMsrE2.efi reports "This firmware has UNLOCKED MSR 0XE2 register!".

  3. Hackintool in Utilities - Get AppleIntelInfo displays this text:
    Bash:
    AppleIntelInfo.kext v3.0 Copyright © 2012-2017 Pike R. Alpha. All rights reserved.
    IA32_MISC_ENABLES................(0x1A0) : 0x850089
    ------------------------------------------
    - CFG Lock............................. : 0 (MSR not locked)
    Note: Hackintool current version (3.4.6) doesn't show text after Get AppleIntelInfo in Big Sur beta 10. It's got from Catalina.

  4. Intel Power Gadget - Frequency graph shows variations between maximum and minimum suggestive of CPUPM.

    cpupm.png
Note: the autor has retired the file or the download link doesn't work. I attach the file in ZIP in case someone wants to use it.
 

Attachments

  • CFGLock-efi.zip
    8 KB · Views: 3,064
Last edited:
This sounds like a useful tool. I just did my unlocking using the manual process, which wasn't too bad as the instructions are clear and I also watched a helpful YT video:

My question about this tool is why has it not been included with the other OpenCore tools that are provided? I could not find any web page or GitHub that hosts the development of this or makes the source code available.
 
This sounds like a useful tool...

My question about this tool is why has it not been included with the other OpenCore tools that are provided? I could not find any web page or GitHub that hosts the development of this or makes the source code available.
I do not know. Brumbaer may simply have done it so and put it only in the IM forum. But it can also have to do with the grudges that unfortunately exist in the hackintosh world. I do not know.
I also think that it seems a very interesting utility, well built, that makes its function very simple and friendly.
 
Last edited:
Note: Gigabyte has published (09/16/2020) a new BIOS for my Z390 Aorus Elite board, it is the F10g version and the main novelty, at least in the graphical interface, is the presence of a new option to block or unblock CFG so this task is much easier from now on.

cfg0.jpg
 
Note that for some laptops you still need an hardware chip-programmer because bios is protected also from writing (example Thinkpad)
The question is: native power management with CFG Unlocked and the power management with the kext patched differ so much?
 
Note that for some laptops you still need an hardware chip-programmer because bios is protected also from writing (example Thinkpad)
The question is: native power management with CFG Unlocked and the power management with the kext patched differ so much?
Although many users use their hackintosh without problems with patches, it seems that CFG Unlock is preferred and more closely resembles the operation of a real Mac.

From Dortania guides:

What is CFG-Lock​

CFG-Lock is a setting in your BIOS that allows for a specific register(in this case the MSR 0xE2) to be written to. By default, most motherboards lock this variable with many even hiding the option outright in the GUI. And why we care about it is that macOS actually wants to write to this variable, and not just one part of macOS. Instead both the Kernel(XNU) and AppleIntelPowerManagement want this register.

So to fix it we have 2 options:

#1. Patch macOS to work with our hardware​

  • This creates instability and unnecessary patching for many
  • The 2 patches we use for this:
    • AppleCpuPmCfgLock for AppleIntelPowerManagement.kext
    • AppleXcpmCfgLock for the Kernel(XNU)

#2. Patch our firmware to support MSR E2 write​

  • Very much preferred, as avoids patching allowing for greater flexibility regarding stability and OS upgrades.
 
i flash into the newset bios version and then disable cfg lock in the bios settings
Now you can work without the 2 patches.
 
Noob question : Do we need power management kext (cpufriend)after unlocking cfglock ?
 
Status
Not open for further replies.
Back
Top