ChanServ changed the topic of #asahi-re to: Asahi Linux: porting Linux to Apple Silicon macs | Hardware / boot process / firmware interface reverse engineering | WARNING: this channel (only) may contain binary reverse engineering discussion | RE policy: https://alx.sh/re (MANDATORY READ) | GitHub: https://alx.sh/g | Wiki: https://alx.sh/w | Logs: https://alx.sh/l/asahi-re
checkfoc_us9 has quit [Remote host closed the connection]
checkfoc_us9 has joined #asahi-re
chrisl has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
pb17 has quit [Ping timeout: 480 seconds]
pb17 has joined #asahi-re
chrisl has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
chrisl has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
pb17 has quit [Ping timeout: 480 seconds]
pb17 has joined #asahi-re
chadmed has quit [Quit: Konversation terminated!]
chadmed has joined #asahi-re
chadmed has quit []
chadmed has joined #asahi-re
chadmed has quit []
chadmed has joined #asahi-re
chadmed has quit []
chadmed has joined #asahi-re
chadmed has quit []
chadmed has joined #asahi-re
chadmed has quit []
chadmed has joined #asahi-re
chrisl has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
chrisl has joined #asahi-re
JayBeeFOSS has quit [Ping timeout: 480 seconds]
JayBeeFOSS has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
pb17 has quit [Ping timeout: 480 seconds]
pb17 has joined #asahi-re
ece314378925355451680698427415 has joined #asahi-re
chrisl has joined #asahi-re
ece31437892535545168069842741 has quit [Ping timeout: 480 seconds]
chrisl has quit [Ping timeout: 480 seconds]
kubed has joined #asahi-re
jtingiris has quit [Read error: Connection reset by peer]
kubed is now known as jtingiris
mattia013 has quit [Remote host closed the connection]
mattia013 has joined #asahi-re
chrisl has joined #asahi-re
mattia013 has quit [Read error: Connection reset by peer]
mattia013 has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
pb17 has quit [Ping timeout: 480 seconds]
yuyichao_ has quit [Ping timeout: 480 seconds]
pb17 has joined #asahi-re
chrisl has joined #asahi-re
yuyichao_ has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
nimprod3l has joined #asahi-re
chrisl has joined #asahi-re
pb17 has quit [Ping timeout: 480 seconds]
chrisl has quit [Ping timeout: 480 seconds]
pb17 has joined #asahi-re
chrisl has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
pb17 has quit [Ping timeout: 480 seconds]
chrisl has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
cds has quit [Remote host closed the connection]
Guest9364 has quit [Remote host closed the connection]
swapgs has quit [Remote host closed the connection]
akspecs has quit [Remote host closed the connection]
d4ve has quit [Remote host closed the connection]
okt has quit [Remote host closed the connection]
pitust has quit [Remote host closed the connection]
coder_kalyan has quit [Remote host closed the connection]
nightbreak has quit [Remote host closed the connection]
pldtf has quit [Remote host closed the connection]
alethkit has quit [Remote host closed the connection]
pitust has joined #asahi-re
nimprod3l has quit [Quit: Leaving]
d4ve has joined #asahi-re
coder_kalyan has joined #asahi-re
pb17 has joined #asahi-re
swapgs has joined #asahi-re
OctopusET has joined #asahi-re
OctopusET is now known as Guest12829
okt has joined #asahi-re
cds has joined #asahi-re
nightbreak has joined #asahi-re
akspecs has joined #asahi-re
alethkit has joined #asahi-re
pldtf has joined #asahi-re
chrisl has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
loki_val has joined #asahi-re
crabbedhaloablut has quit [Remote host closed the connection]
TheLink6 has joined #asahi-re
midou has quit [Read error: Connection reset by peer]
snuck has quit []
sneak has joined #asahi-re
TheLink has quit [Read error: Connection reset by peer]
TheLink6 is now known as TheLink
jannau_ has joined #asahi-re
mini__ has joined #asahi-re
jannau has quit [Read error: Connection reset by peer]
mini_ has quit [Read error: Connection reset by peer]
mini__ is now known as mini_
midou has joined #asahi-re
john-cabaj has joined #asahi-re
chrisl has joined #asahi-re
chadmed has quit [Quit: Konversation terminated!]
chadmed has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
chadmed has quit []
chadmed has joined #asahi-re
chadmed has quit []
chadmed has joined #asahi-re
chadmed has quit []
chadmed has joined #asahi-re
pb17 has quit [Ping timeout: 480 seconds]
pb17 has joined #asahi-re
chrisl has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
chrisl has joined #asahi-re
chrisl has quit [Ping timeout: 480 seconds]
chrisl has joined #asahi-re
pb17 has quit [Ping timeout: 480 seconds]
pb17 has joined #asahi-re
<sven>
time to RE iboot then I guess :(
<sven>
not looking forward to that either
<yuka>
I assume you have noticed the difference between 15.1 and 15.2+ iboot (at least on base M4)?
<yuka>
15.2+ does not boot custom code at all
<sven>
not yet
<sven>
huh, really?
<yuka>
yup
<sven>
I haven’t looked at iboot at all fwiw
<sven>
so 15.2 just has no support for custom boot objects / fuOS anymore?
<yuka>
unclear
<sven>
weird
<jannau_>
did you already test 15.4?
<yuka>
after updating the base system to mac os 15.2 I didn't get any uart output, just instant bootloop and eventually goes into the dfu mode
<yuka>
did not test 15.4 yet
<jannau_>
kmutil does not complain but reboot before early debug writing on the uart
<nickchan>
yuka: does setting the kernel for the ipsw as the custom boot object work at least
<nickchan>
from the ipsw
<nickchan>
need to disable ctrr too
<yuka>
My process has been: install second mac os, sth sth csrutil (disable SIP), set custom boot object
<yuka>
Everything works the same in mac os 15.1 and 15.2 except that on 15.2 it bootloops
<nickchan>
right and after unwrapping the macOS kernel macho from the img4 try setting the macho as the custom boot object
<nickchan>
on 15.2
<yuka>
Oooh I see
<yuka>
Haven't done anything like that yet
<yuka>
Just m1n1
<yuka>
I don't have access to my m4 until monday but I will certainly try 15.4 and maybe some other stuffs
<sven>
maybe they just broke raw boot objects in 15.2 and fixed that later
<yuka>
Possible
<sven>
that EL2 only issue still makes the hypervisor very painful though
<nickchan>
suppose that cannot be worked around without bugs the way I see is run m1n1 in EL2 under sptm in GL2 and then have (possibly NV if sptm & xnu really does not like it) GL1 sptm and EL1 xnu
<nickchan>
which is ultra complex, of course
<nickchan>
like, at that point i am not sure if proper hypervisor is worth it compared to just hijack xnu vbar handling and tracing by disabling access in pagetables (all under sptm)
<nickchan>
which I may do on a11 soontm
m42uko has quit []
m42uko has joined #asahi-re
<sven>
yeah, at that point hacking xnu itself might be the easier approach
pb17 has quit [Ping timeout: 480 seconds]
pb17 has joined #asahi-re
pb17 has quit [Ping timeout: 480 seconds]
pb17 has joined #asahi-re
iaguis has joined #asahi-re
iaguis_ has quit [Ping timeout: 480 seconds]
chadmed has quit [Quit: Konversation terminated!]
chadmed has joined #asahi-re
chadmed has quit [Quit: Konversation terminated!]
<sven>
okay, so on t8112 the chickens are done inside SPTM now so that's probably true for t8132 as well now
<sven>
xnu is already loaded with MMU enabled afaict
<chaos_princess>
i've grepped disassembly of kernel (15.something, don't remember which) for the msrs to chicken registers and they are still present on m3 and down kernels and are only missing on m4 (though could be dead code)
<sven>
so the sptm for t8112 inside UniversalMac_15.4_24E248_Restore.ipsw contains the chicken sequence
<chaos_princess>
interesting
<chaos_princess>
do we need to do it from raw boot object? i assume yes
<sven>
i currently think so as well
<chaos_princess>
thats gonna be annoying to reverse via m1n1 on future machines
<sven>
i don't think any of the previous chicken bits have been reverse with m1n1 tbh
<sven>
*reversed
<sven>
they're either from xnu source dumps or just taken from the xnu entry point
<sven>
my assumption is that for macho it's iboot -> sptm (-> maybe iboot again because sptm's entry seems to eventually return) -> xnu in EL2
<sven>
and for raw it's just iboot -> m1n1.bin in EL2
<sven>
so we'll probably need the chicken bits because SPTM never ran
<sven>
huh, don't think i see any chicken bits inside t8132 SPTM though
ipatch has quit [Read error: Connection reset by peer]