Unlock 0xE2 MSR - profzei/Matebook-X-Pro-2018 GitHub Wiki

BIOS

Local repository

Version
v. 1.37	Matebook X Pro 1.37
v. 1.36	Matebook X Pro 1.36
v. 1.33	Matebook X Pro 1.33
v. 1.30	Matebook X Pro 1.30
v. 1.29	Matebook X Pro 1.29
v. 1.28	Matebook X Pro 1.28
v. 1.26.	Matebook X Pro 1.26

Official HUAWEI repository for BIOS & Driver list

CFG Lock

What is CFG Lock ? Here's an extract from Dortania's guide :

"CFG-Lock is a setting in your BIOS that allows for a specific register(in this case the MSR 0xE2) to be written to. By default, most motherboards lock this variable with many even hiding the option outright in the GUI. And why we care about it is that macOS actually wants to write to this variable, and not just one part of macOS. Instead both the Kernel(XNU) and AppleIntelPowerManagement want this register.

So to fix it we have 2 options:

Patch macOS to work with our hardware :

This creates instability and unnecessary patching for many The 2 patches we use for this: AppleCpuPmCfgLock for AppleIntelPowerManagement.kext AppleXcpmCfgLock for the Kernel(XNU)

Patch our firmware to support MSR 0xE2 write :

Very much preferred, as avoids patching allowing for greater flexibility regarding stability and OS upgrades"

• This guide will show you how to unlock CFG in our Matebook X Pro.

• WARNING : This guide will involve modifying your firmware. In case of an error, it could potentially brick your computer. Only go ahead if you understand what you're doing. We decline responsibility for any damage (we are not responsible by any means if this happen). You have been warned, proceed with caution.

The BIOS version used on my system is 1.28. Even if you use the same BIOS, please follow the guide to find your own offsets.

Check the CFG Lock address in your firmware

Tools :

• UEFITool : https://github.com/LongSoft/UEFITool
• IFRExtract (command line utility) : https://github.com/LongSoft/Universal-IFR-Extractor/releases/
• Keka : https://www.keka.io/en/

1. Download your bios file version (some are archived in this repository)

2. Extract the .exe file with Keka. You might need to do it twice : on some versions, the .exe file contains another .exe file.

3. You should now have a UEFI_FW.bin file (isflash.bin for 1.29 version / BIOS.Capsule.FD for 1.28 and 1.26 versions). Open it with UEFITool.

4. Search for "CFG Lock" (Cmd + F, then select the "Text" tab in the search dialog)

5. Double click on the search result in the bottom panel.

6. The PE32 image section key containing the "CFG Lock" should now be selected. This should be a subsection of a DriverSampleDxe key :

7. Select DriverSampleDxe, right-click and Extract as in. Save it is as a .bin file (don't forget to change the extension)

8. Then, open the Terminal and browse to the location of the IFRExtract utility. Type : ./ifrextract /path/to/your/bin/file/file.bin result.txt

9. You should now have a result.txt file in your ifrextract directory. Open it, and search for "CFG Lock". You should find a line similar to this one :

0x9A52D One Of: CFG Lock, VarStoreInfo (VarOffset/VarName): 0x3C, VarStore: 0x3, QuestionId: 0x149, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 8E 02 8F 02 49 01 03 00 3C 00 10 10 00 01 00}

10. What we are interested in here, is the address just after One Of: CFG Lock, VarStoreInfo (VarOffset/VarName): In this case : 0x3C. This is the register we need to change the value of, to disable CFG Lock.

• NOTE : for bios versions 1.26, 1.28, 1.29, 1.30, 1.33, 1.36 and 1.37, the address of the registry is 0x3C. But it might be different with other bios revisions, so checking this address is very important if you have a different bios version!

RU.efi

Tools :

• RU.efi utility : download it from http://ruexe.blogspot.com. You'll need a password to unlock the zip : it is provided close to the download link.

1. Grab a USB drive and format it as MBR/FAT32

2. At the root of this new drive, create an EFI folder. Inside this folder, create a BOOT subfolder. Inside this /EFI/BOOT folder, put the RU.efi file you've downloaded and rename it as bootx64.efi

3. Reboot your computer and boot your USB key (press F12 at boot)

4. You should see a welcoming screen. Press any key to enter the program. Then, press FN+F5 and select (A) UEFI variable by pressing Enter :

5. Scroll down to CpuSetup (in my case it is on the second page), press enter :

6. Now, you should select the registry address that we've found earlier (in my case : 0x3C). The first character stands for the line (0030), and the second one for the column (0C). Browse to the corresponding address. The upper left corner reminds you of the registry address currently selected :

7. The value should be changed from 1 to 0 to unlock CFG : type in 0, then press Enter.

8. Save your change with CTLR + W, then quit RU with ALT + Q

Check if CFG is unlocked

1. Download the OpenCore Release matching your running OpenCore version : https://github.com/acidanthera/OpenCorePkg/releases/

2. Copy the ControlMsrE2.efi file from the downloaded zip (located in X64/EFI/OC/Tools) to your computer EFI partition in /EFI/OC/Tools

3. Edit your config.plist to enable the tool : add another entry in Root --> Misc --> Tools :

4. Reboot and select ControlMsrE2.efi in the OpenCore boot menu

5. If you successfully unlocked your CFG, you should see this :

Disable CFG Patches

• Once you're sure you've successfully disabled CFG Lock, you should remove CFG patches in your config.plist since they are not needed anymore

• Disable Kernel -> Quirks -> AppleCpuPmCfgLock and Kernel -> Quirks -> AppleXcpmCfgLock

WARNING : If you update your BIOS, you must re-enable these patches before, as CFG Lock will be restored. After updating, you will have to unlock it again.

Credits

This guide was written by @ldan93 (Reference)

• https://dortania.github.io/OpenCore-Post-Install/misc/msr-lock.html
• https://www.reddit.com/r/hackintosh/comments/hz2rtm/cfg_lockunlocking_alternative_method/