Hackintosh: Unlocking MSR 0xE2 Register (CFG Lock) for My XPS 13

2021-07-18
3 min read
Blog , Hackintosh , Zheteng

I once posted an article on my blog about unlocking the BIOS CFG Lock, and this article is a restoration from the original blog.

Unexpectedly, a small CMOS battery led to an incident: due to laziness, I postponed the idea of replacing the CMOS battery. When I replaced the battery, installed the laptop’s back cover, and powered it on, Hackintosh failed to boot! I realized that the BIOS settings had reset due to power loss.

Preparation Tools

  1. OpenCore Boot Tool
  2. DiskGenius or Windows built-in Disk Management
  3. Flash Programming Tool, which can be found in Intel CSME System Tools. It needs to match your chipset. For example, my i7-6500U belongs to Skylake, and the chipset is the 100 series.
  4. UEFITool for finding related variables (strings) in the BIOS.
  5. IRFExtractor

Starting Operations

Backup and Extract BIOS

First, back up the local BIOS:

FPTW64.exe -D backup_filename.rom -bios

2344528473

Analyze BIOS Information

Use UEFITool to find the content with GUID: 899407D799FE43D89A2179EC328CAC21, and then extract it.

65520-jsakfia4v4k.png

31088-930tk8xnexk.png

83476-aogo74uv0es.png

34613-i9io54og9bq.png

Next, we need to convert this module into text information. Using IFRExtractor, load the module by clicking the button on the right, then click Extract to convert the module into text and save it in the corresponding folder, as shown in the image below:

28109-ga5k5ezq1np.png

Find Offset

55958-vlamwixawes.png

Look for the CFG Lock entry.

0x343B7 				One Of: CFG lock, VarStoreInfo (VarOffset/VarName): 0x109, VarStore: 0x1, QuestionId: 0x278, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 15 01 16 01 78 02 01 00 09 01 10 10 00 01 00}
0x343C8 					One Of Option: Disabled, Value (8 bit): 0x0 {09 07 21 02 00 00 00}
0x343CF 					One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 20 02 30 00 01}
0x343D6 				End One Of {29 02}

Where

VarStoreInfo (VarOffset/VarName): 0x109, VarStore: 0x1

is the information we need.

The value of VarStoreInfo is the address of the CFG Lock option, which can also be referred to as its offset in the BIOS. The subsequent VarStore is the default BIOS value, which is 0x1.

0x1 corresponds to the option below as Enabled, meaning that the CFG Lock option is enabled by default, indicating that MSR 0xE2 is locked by default. To unlock it, we need to change this option to 0x0 (Disabled), meaning we need to modify the value at address 0x109 to 0x0.

74647-jzzl7kmbtfo.png

Modify in Grub

  1. Shut down and restart, enter the OpenCore boot interface, use the arrow keys to find the shell tool, and press Enter to enter the UEFI Shell.
  2. Locate the EFI partition, typically fs0.
  3. Navigate to cd EFI/BOOT and boot into GRUB.
  4. Type setup_var 0x109 and press Enter (the 0x109 is the value we extracted earlier).
  5. If you see offset: 0x109 is:0x01, it indicates it is not unlocked.
  6. Input setup_var 0x109 0x00. The setup is complete.
#Blog #Hackintosh
Avatar

Kirin

 Technology is elegant and charismatic.
Next Several Methods to Enter DFU Mode on iOS/iPadOS

See Also

Several Methods to Enter DFU Mode on iOS/iPadOS