00:09 <nik875[m]> alright i watched one of marcan's streams and got as far as attempting to change boot policy for a second macos installation on my target device

00:10 <nik875[m]> running bputil -nkcas in 1tr gave me this error:

00:10 <nik875[m]> Boot objects update failed for /Volumes/macOS RE: Error Domain=BYErrorDomain Code=401 "Failed to create local policy" UserInfo=(NSLocalizedDescription=Failed to create local policy, NSUnderlyingError=®x60000009d380 (Error Domain=com.apple.bootpolicy Code=11 "AP boot mode (11)" UserInfo={NSLocalizedDescription=AP boot mode (11)}}}

00:10 <nik875[m]> anyone know what might be going on here

00:10 <nik875[m]> * on here?

01:01 <nik875[m]> possibly more helpful error from when i tried to run csrutil disable:... (full message at https://matrix.org/_matrix/media/r0/download/matrix.org/gpGIEiXTVFaBESwsGxDUgHEv)

01:03 <chadmed> you need to bless the partition youre trying to change the boot policy for so that its the nominated startup disk

01:04 <nik875[m]> so do the option-click thing for always use?

01:04 <chadmed> on versions of macOS >12.0, the system-wide 1TR is no longer used and the SEP "pairs" the recovery from the nominated startup disk to be the 1TR environment. if you try to change security settings on a volume that isnt paired to that particular rOS then it doesnt work

01:04 <chadmed> yep

01:27 <amarioguy> nik875[m]: make sure you're in 1TR

01:27 <amarioguy> oh lol it's answered nvm

02:03 <nik875[m]> another error at the same step, running csrutil disable gives:

02:03 <nik875[m]> The OS environment does not allow changing security configuration options.

02:04 <marcan> you're not in 1tr

02:04 <marcan> "AP boot mode" means it's not 1TR

02:04 <marcan> that means you didn't do the power button hold dance properly

02:04 <nik875[m]> okay okay hang on

02:05 <nik875[m]> i thought that you held the power button for 5 seconds during startup to go to startup options

02:05 <marcan> yes, you do

02:05 <nik875[m]> then you select options to enter macos recovery, then select the second macos installation

02:05 <marcan> but if you double tap it, accidentally release it, etc. you can end up in startup options that is *not* 1TR

02:05 <marcan> 1TR is not just "startup options"

02:05 <nik875[m]> huh

02:05 <marcan> 1TR is a very specific mode that is more stringent in the exact thing you did

02:06 <nik875[m]> that's probably the issue then lol, lemme try again

02:06 <marcan> make sure the machine is fully off, wait a few extra seconds

02:06 <marcan> then press once and do not let go until startup options appears

02:07 <marcan> the pairing thing is something else; you can only change boot settings for the volume that is currently the default boot volume. both are required.

02:07 <marcan> one way to end up in both of those situations is to double-tap power. that gets you into system recoveryOS, which is neither 1TR nor paired to anything

02:07 <marcan> so that could be what you did

02:08 <nik875[m]> Out of curiosity, is there any way to tell once you’re in recoveryOS whether it’s 1tr?

02:08 <marcan> `bputil -d` should tell you

02:09 <marcan> look for "Current OS environment:"

02:09 <marcan> one of 'macOS', 'one true recoveryOS', 'recoveryOS'

02:10 <marcan> could be "OS Type" instead, in another version

02:17 <nik875[m]> marcan: that worked, thanks!

02:17 <nik875[m]> next question i have is how to install m1n1 as a custom boot object, does that just mean run the asahi installer for m1n1?

02:18 <nik875[m]> or is there some special configuration that links m1n1 to the macos partition?

02:28 <amarioguy> nik875[m]: nowadays i believe you just allocate some free space and the asahi installer will more or less do it for you

02:29 <amarioguy> but you can use kmutil to do it as well, if for example the partition you wish to associate m1n1 with is a macOS install

02:30 <amarioguy> kmutil configure-boot will have the details (entry-point is 2048, lowest-virtual-address is 0

02:30 <nik875[m]> I used kmutil on the macOS partition according to the hypervisor documentation, is that what you mean?

02:31 <amarioguy> hm?

02:31 <amarioguy> what was the command you used

02:31 <nik875[m]> Kmutil create with a lot of options that I copy pasted

02:31 <amarioguy> oh no

02:32 <amarioguy> this needs to be done from 1tr again

02:32 <nik875[m]> Rip lol, what’s wrong with that?

02:32 <amarioguy> the hypervisor page is what creates a kernelcache

02:32 <amarioguy> that command is for linking the kernel/kexts together to make a dev kernelcache that's bootable with m1n1

02:33 <amarioguy> so you can use symbols apple provides via the KDK

02:33 <nik875[m]> Is that not what we want lol?

02:33 <amarioguy> that's what you want if you need to create a kernelcache

02:33 <amarioguy> your question was to install a custom boot object

02:33 <amarioguy> you need to be in 1tr to actually install the custom boot object

02:34 <nik875[m]> Well yes, installing a custom boot object is part of the documentation for setting up the hypervisor

02:34 <amarioguy> you're on step 4 right?

02:35 <nik875[m]> Yes

02:36 <amarioguy> creating the kernelcache is one thing, setting m1n1 as a custom boot object is another (the command to set the boot object is kmutil configure-boot -c [path to m1n1.bin] --entry-point 2048 --lowest-virtual-address 0)

02:36 <amarioguy> remember that you need to be in 1tr to *actually set* the boot object

02:38 <nik875[m]> Where is the m1n1 bin? The build from the repo is supposed to be on the host machine I thought?

02:38 <chadmed> you have to copy it over to the rOS environment somehow

02:38 <amarioguy> ^

02:38 <chadmed> you can either use scp or start the python http server in the build dir and use curl

02:39 <amarioguy> i believe macOS volumes are accessible from rOS too

02:39 <nik875[m]> Huh okay, I can scp it

02:49 <nik875[m]> Missing the —volume argument it seems

02:53 <amarioguy> btw i can say now that from very very initial testing

02:53 <amarioguy> m2 does in fact support maintenance interrupts now lol

02:54 <amarioguy> idk if this was found out already but here you go

02:54 <nik875[m]> nik875[m]: Also says “could not find mount point” when I select the correct volume, even after running diskutil mount

02:57 <amarioguy> (on maintenance interrupts ICH_MISR_EL2 is configurable and register changes behaves as the spec says it should, furthermore having maintenance interrupts pending and enabling virtual interrupts results in an interrupt storm as there's no handling for this)

02:58 <amarioguy> in m1n1 anyways

03:00 <amarioguy> nik875[m]: general dev questions usually go in asahi-dev

03:00 <nik875[m]> Kk

05:38 <marcan> you don't need to create a kernelcache, you can just use a retail one

05:38 <marcan> we need to stop pushing that story, 99% of the time it's not necessary. I haven't used dev kernelcaches in forever.

05:38 <marcan> those were only useful for some really early hypervisor debugging

09:04 <j`ey> amarioguy: interesting, do you have linux running? maybe you can try enable the maint irq, if not maybe markan or jann4u can

10:52 <amarioguy> j'ey: i can do enablement on that sure

10:54 <amarioguy> still gotta fix the i2c stuff as well anyways so i can do this soon enough

11:11 <amarioguy> though i do want to do some more testing on this before i commit to making the patch series lol

12:15 <marcan> you want to talk to maz (who isn't here) about the kvm stuff

12:16 <amarioguy> gotcha