GUIDE How to Fix KASLR Slide Values

During the time of Clover, a simple fix was to just use slide=X. Where, the value of X was.

Is usually required by HEDT systems (TRX40, TRX50) and the newer Ryzen 7000 series CPUs on 700 or 800 series platform, such as (X670, X870)

Using DevirtualiseMmio​

By default, the

Since OpenCore v., the DevirtualiseMmio Quirk exists/implemented. By default, DevirtualiseMmio quirk is generally not required on most of the systems. However, starting with Intel 300 series chipsets (such as Z370, Z390) and for AMD (), this quirk is required in order to boot into macOS installer and installed macOS Operating System on a target systems having such chipsets.

However, with the release of AMD's 3rd Generation Threadripper CPUs (sTRX4), do require this quirk or the system may not boot. These systems typically require MMIO Whitelist as using only the DevirtualiseMmio quirk is not sufficient to boot. By calculating the MMIO Whitelist values, it is possible to boot a system into macOS, which was not booting earlier due to lack of the MMIO Whitelist implementation.

Calculating the MMIO Whitelist values​

By enabling DevirtualiseMmio Quirk and using a DEBUG version of OpeCore with the required parameters, the MMIO Whitelist values can be obtained.

As indicated in the installation guide, you should not use someone's else configuration for various reasons as described in the guide. The same applies for the MMIO Whitelist values as well. You must calculate it for the target system you want to install macOS on.

This guide assumes that you have a Bootable USB ready with the appropriate EFI configuration as per the installation guide.

Backup EFI Configuration​

Before you make changes to your EFI, it is highly recommended to backup first. To backup the EFI, follow the steps below:

STEP 1: Mount your ESP.
STEP 2: Copy the EFI to somewhere else with the name RELEASE-X-X. Where, XX is your OpenCore version.

Switch to OpenCore DEBUG​

To obtain the MMIO values, you'll have to switch to OpenCore DEBUG version as it offers more than the standard RELEASE version. Follow the steps below to switch to OpenCore DEBUG version. Generally, there are two ways to use the DEBUG version. The first one option is to use the DEBUG version and prepare an EFI configuration from scratch and the second is to replace certain files with the DEBUG version.

1. Determine the OpenCore version using Hackintool>Boot tab.

2. Depending on your OpenCore version, download the appropriate OpenCore package. If you want to use the latest OpenCore version, you'll have to update your existing EFI configuration to the latest.
3. Extract OpenCore-1.0.1-DEBUG.zip and you'll get the following directories inside:
4. Navigate to your ESP and replace the following:

• Bootx64.efi in the EFI/BOOT directory
• OpenRuntime.efi and OpenCanopy.efi (if you're using it) in the EFI/OC/Drivers directory.
• OpenCore.efi in EFI/OC directory

5. Open your config.plist using any XML editor and set the Display Level to 2147483714 and also set the Target to 67 under the Misc>Debug section of your config.plist. In addition, enable DisableWatchDog, AppleDebug and ApplePanic under the same section.
6. Save your config.plist.
NOTE: In order to extract the MMIO regions, SetupVirtualMap Quirk MUST be enabled.

Extract MMIO​

Once you have the OpenCore DEBUG version ready, the next step is to extract the MMIO values. To extract the MMIO values, follow the steps below:

1. Eject the Bootable USB and plug it to the target system.
2. Boot using the USB and then proceed with the Install macOS... option from OpenCore picker.
3. Eject the USB and Shut down the target system.
4. Plug the USB back to your Windows/Linux/macOS system.
5. Mount your ESP of the Bootable USB. Inside the root of the ESP, you should have a OpenCore log file with the name opencore-20XX-XX-XX-155522.txt. The file name could be different due to the time but that really does not matter.
6. Open the OpenCore log file and look for the line OCABC: MMIO devirt start. You should have something similar in the log file as shown below:

38:937 00:034 OCABC: MMIO devirt start
38:971 00:034 OCABC: MMIO devirt 0xC5100000 (0x81 pages, 0x8000000000000001) skip 0
39:004 00:033 OCABC: MMIO devirt 0xC6180000 (0x81 pages, 0x8000000000000001) skip 0
39:038 00:033 OCABC: MMIO devirt 0xD1180000 (0x81 pages, 0x8000000000000001) skip 0
39:072 00:033 OCABC: MMIO devirt 0xD1300000 (0x100 pages, 0x8000000000000001) skip 0
39:106 00:034 OCABC: MMIO devirt 0xD2100000 (0x181 pages, 0x8000000000000001) skip 0
39:140 00:033 OCABC: MMIO devirt 0xFEA00000 (0x100 pages, 0x8000000000000001) skip 0
39:174 00:033 OCABC: MMIO devirt 0xFEC00000 (0x1 pages, 0x8000000000000001) skip 0
39:208 00:033 OCABC: MMIO devirt 0xFEC10000 (0x1 pages, 0x8000000000000001) skip 0
39:248 00:039 OCABC: MMIO devirt 0xFED00000 (0x1 pages, 0x8000000000000001) skip 0
39:281 00:033 OCABC: MMIO devirt 0xFED40000 (0x5 pages, 0x8000000000000001) skip 0
39:316 00:034 OCABC: MMIO devirt 0xFED80000 (0x10 pages, 0x8000000000000001) skip 0
39:350 00:033 OCABC: MMIO devirt 0xFEDC2000 (0xE pages, 0x8000000000000001) skip 0
39:389 00:039 OCABC: MMIO devirt 0xFEDD4000 (0x2 pages, 0x8000000000000001) skip 0
39:545 00:156 OCABC: MMIO devirt 0xFEE00000 (0x100 pages, 0x8000000000000001) skip 0
39:579 00:033 OCABC: MMIO devirt 0xFF000000 (0x1000 pages, 0x8000000000000001) skip 0
39:613 00:033 OCABC: MMIO devirt 0x1040000000 (0x10400 pages, 0x8000000000000001) skip 0
39:646 00:033 OCABC: MMIO devirt 0x6EE0000000 (0x10400 pages, 0x8000000000000001) skip 0
39:680 00:033 OCABC: MMIO devirt 0x6F10000000 (0x10400 pages, 0x8000000000000001) skip 0
39:714 00:034 OCABC: MMIO devirt 0xCDC0000000 (0x10400 pages, 0x8000000000000001) skip 0
39:748 00:033 OCABC: MMIO devirt end, saved 1087664 KB

NOTE: It doesn't matter if the installer does not boot to the installer screen. Its because, at this point, we are going to extract/grab the MMIO values. In the next step, when we whitelist it, the installer should be able to boot. If you have a drive connected to the system which has macOS already installed, you should be able to boot from that as well. Provided that the EFI configuration is up to the mark.

Converting the MMIO Address​

Now, to use these MMIO addresses that you obtained, you must convert it from Hexadecimal to Decimal. You can use either Hackintool or any web based tool for the conversion. To convert the MMIO addresses using Hackintool, follow the steps below:

1. Open the OpenCore log file with the name opencore-20XX-XX-XX-155522.txt.
2. Open Hackintool and navigate to Calc tab.
3. Copy the Hexadecimal address from the opencore-20XX-XX-XX-155522.txt and convert it to Decimal.

In our case, converting the above hexadecimal to Decimal looks like the following:
MMIO devirt 0xC5100000 = 3306160128
MMIO devirt 0xC6180000 = 3323461632
MMIO devirt 0xD1180000 = 3508011008
MMIO devirt 0xD1300000 = 3509583872
MMIO devirt 0xD2100000 = 3524263936
MMIO devirt 0xFEA00000 = 4271898624
MMIO devirt 0xFEC00000 = 4273995776
MMIO devirt 0xFEC10000 = 4274061312
MMIO devirt 0xFED00000 = 4275044352
MMIO devirt 0xFED40000 = 4275306496
MMIO devirt 0xFED80000 = 4275568640
MMIO devirt 0xFEDC2000 = 4275838976
MMIO devirt 0xFEDD4000 = 4275912704
MMIO devirt 0xFEE00000 = 4276092928
MMIO devirt 0xFF000000 = 4278190080
MMIO devirt 0x1040000000 = 69793218560
MMIO devirt 0x6EE0000000 = 476204498944
MMIO devirt 0x6F10000000 = 477009805312
MMIO devirt 0xCDC0000000 = 883689521152

NOTE: Your address may be different due to difference in the hardware configuration itself.

Adding the addresses to MmioWhitelist​

Once you have converted the obtained addresses to decimal, you can add these addresses to your config.plist so that the system can boot normally. Before you start adding the converted values obtained in previous step, you must know what regions you need to explicitly enable and which one to skip. In the OpenCore DEBUG log, these regions are listed and starts with MMIO devirt line. If you pay attention, these all regions will have either skip 0 or skip 1 at the end of the line. skip 0 basically means its a devirtualized area and if during its internal operations the UEFI expects this particular region to be present but isn't, malfunctions, kernel panics, intermittent reboots or random freezers can likely occur.

To add the addresses to the MmioWhitelist, follow the steps below:

1. Open your config.plist using any XML editor and add all the addresses (converted to decimals) up to 0xFF000000 in the Booter>MmioWhitelist section of your config.plist. In addition, make sure you have the DevirtualiseMmio Quirk enabled.
2. Save your config.plist.

Verifying the MMIOWhitelist
After you add the address to your config.plist, you must restart the system and validate the added address. To do that, just restart your system and boot via macOS Installer.

1. Eject the Bootable USB and plug it to the target system.
2. Boot using the USB and then proceed with the Install macOS... option from OpenCore picker.
3. Eject the USB and Shut down the target system.
4. Plug the USB back to your Windows/Linux/macOS system.
5. Mount your ESP of the Bootable USB. Inside the root of the ESP, you should have a new OpenCore log file with the name opencore-20XX-XX-XX-155522.txt. The file name could be different due to the time but that really does not matter.
6. Open the OpenCore log file and look for the line OCABC: MMIO devirt start. The regions that we converted and added it to the MMIOWhitelist section in the config.plist, should now be listed as skip 1. If the listed regions does not return as skip 1 in the DEBUG log, you must re-check the regions (if its enabled or disabled) and ensure that the converted decimal values are correct.

Switch back to OpenCore RELEASE ​

Now, that we have obtained and added the address in our config.plist, we'll have to switch back to OpenCore RELEASE version from DEBUG. To switch back to OpenCore RELEASE version, follow the steps below:

1. Mount your ESP.
2. Navigate to your ESP and replace the following from the OpenCore RELEASE backup that you backed up in STEP #X:

• Bootx64.efi in the EFI/BOOT directory
• OpenRuntime.efi and OpenCanopy.efi (if you're using it) in the EFI/OC/Drivers directory.
• OpenCore.efi in EFI/OC directory

Boot using the new Configuration​

Once you're done with the above steps, you'll need to boot with the updated configuration. Simply restart your system. It is recommended to reset NVRAM twice at least. Now, you should be able to boot the installer and as well as to the installed system.


NOTE: You must re-calculate the values if you change a parameter in the BIOS or add/remove any hardware from the system. Options such as Above 4G Decoding and Resizable BAR can affect the regions when enabling or disabling them. Although, the existing values may be able to boot the system, it may cause certain problems (such as black screen or random reboots due to crashes). Therefore, it is always recommended to re-calculate the values again after such changes are made on the target system.

is typically required for HEDT systems.


Examples:
To help users understand with systems in real environment, some examples are given below from a working system:

ASRock TRX40:

Settings: 4G Decoding Disabled

69:330 00:094 OCABC: MMIO devirt start
69:424 00:093 OCABC: MMIO devirt 0xB2500000 (0x81 pages, 0x8000000000000001) skip 0
69:517 00:093 OCABC: MMIO devirt 0xB3580000 (0x81 pages, 0x8000000000000001) skip 0
69:610 00:093 OCABC: MMIO devirt 0xE2100000 (0x181 pages, 0x8000000000000001) skip 0
69:732 00:121 OCABC: MMIO devirt 0xFA180000 (0x81 pages, 0x8000000000000001) skip 0
69:826 00:093 OCABC: MMIO devirt 0xFA300000 (0x100 pages, 0x8000000000000001) skip 0
69:919 00:093 OCABC: MMIO devirt 0xFEA00000 (0x100 pages, 0x8000000000000001) skip 0
70:012 00:093 OCABC: MMIO devirt 0xFEC00000 (0x1 pages, 0x8000000000000001) skip 0
70:130 00:117 OCABC: MMIO devirt 0xFEC10000 (0x1 pages, 0x8000000000000001) skip 0
70:223 00:093 OCABC: MMIO devirt 0xFED00000 (0x1 pages, 0x8000000000000001) skip 0
70:317 00:093 OCABC: MMIO devirt 0xFED40000 (0x5 pages, 0x8000000000000001) skip 0
70:410 00:093 OCABC: MMIO devirt 0xFED80000 (0x10 pages, 0x8000000000000001) skip 0
70:504 00:093 OCABC: MMIO devirt 0xFEDC2000 (0xE pages, 0x8000000000000001) skip 0
70:597 00:093 OCABC: MMIO devirt 0xFEDD4000 (0x2 pages, 0x8000000000000001) skip 0
70:690 00:093 OCABC: MMIO devirt 0xFEE00000 (0x100 pages, 0x8000000000000001) skip 0
70:784 00:093 OCABC: MMIO devirt 0xFF000000 (0x1000 pages, 0x8000000000000001) skip 0
70:877 00:093 OCABC: MMIO devirt 0x10000000000 (0x10400 pages, 0x8000000000000001) skip 0
70:971 00:093 OCABC: MMIO devirt 0x3CB90000000 (0x10400 pages, 0x8000000000000001) skip 0
71:064 00:093 OCABC: MMIO devirt 0x3CBC0000000 (0x10400 pages, 0x8000000000000001) skip 0
71:185 00:121 OCABC: MMIO devirt 0x69750000000 (0x10400 pages, 0x8000000000000001) skip 0
71:278 00:093 OCABC: MMIO devirt end, saved 1087664 KB

All values, except for the last four.

Settings: v1.73 | 4G Decoding Enabled

306:051 00:354 OCABC: MMIO devirt start
306:404 00:353 OCABC: MMIO devirt 0xCB100000 (0x81 pages, 0x8000000000000001) skip 0
306:757 00:352 OCABC: MMIO devirt 0xD7180000 (0x81 pages, 0x8000000000000001) skip 0
307:110 00:353 OCABC: MMIO devirt 0xE3180000 (0x81 pages, 0x8000000000000001) skip 0
307:511 00:401 OCABC: MMIO devirt 0xE3300000 (0x100 pages, 0x8000000000000001) skip 0
307:867 00:356 OCABC: MMIO devirt 0xEF100000 (0x181 pages, 0x8000000000000001) skip 0
308:220 00:352 OCABC: MMIO devirt 0xFEA00000 (0x100 pages, 0x8000000000000001) skip 0
308:574 00:353 OCABC: MMIO devirt 0xFEC00000 (0x1 pages, 0x8000000000000001) skip 0
308:926 00:352 OCABC: MMIO devirt 0xFEC10000 (0x1 pages, 0x8000000000000001) skip 0
309:279 00:353 OCABC: MMIO devirt 0xFED00000 (0x1 pages, 0x8000000000000001) skip 0
309:682 00:402 OCABC: MMIO devirt 0xFED40000 (0x5 pages, 0x8000000000000001) skip 0
310:035 00:353 OCABC: MMIO devirt 0xFED80000 (0x10 pages, 0x8000000000000001) skip 0
310:433 00:397 OCABC: MMIO devirt 0xFEDC2000 (0xE pages, 0x8000000000000001) skip 0
310:788 00:355 OCABC: MMIO devirt 0xFEDD4000 (0x2 pages, 0x8000000000000001) skip 0
311:141 00:352 OCABC: MMIO devirt 0xFEE00000 (0x100 pages, 0x8000000000000001) skip 0
311:494 00:352 OCABC: MMIO devirt 0xFF000000 (0x1000 pages, 0x8000000000000001) skip 0
311:847 00:352 OCABC: MMIO devirt 0x10000000000 (0x10400 pages, 0x8000000000000001) skip 0
312:200 00:352 OCABC: MMIO devirt 0x2BF40000000 (0x10400 pages, 0x8000000000000001) skip 0
312:553 00:353 OCABC: MMIO devirt 0x47E80000000 (0x10400 pages, 0x8000000000000001) skip 0
312:953 00:400 OCABC: MMIO devirt 0x63DC0000000 (0x10400 pages, 0x8000000000000001) skip 0
313:309 00:355 OCABC: MMIO devirt end, saved 1087664 KB

All values, except for the last four.

X870

41:960 00:060 OCABC: MMIO devirt start
42:010 00:050 OCABC: MMIO devirt 0xE0000000 (0x10000 pages, 0x800000000000100D) skip 0
42:061 00:050 OCABC: MMIO devirt 0xF7000000 (0x7E00 pages, 0x800000000000100D) skip 1
42:111 00:050 OCABC: MMIO devirt 0xFEE00000 (0x1 pages, 0x8000000000000001) skip 0
42:161 00:050 OCABC: MMIO devirt 0xFEE01000 (0x11FF pages, 0x800000000000100D) skip 0
42:222 00:060 OCABC: MMIO devirt 0x1060000000 (0x20200 pages, 0x800000000000100D) skip 0
42:272 00:050 OCABC: MMIO devirt end, saved 806912 KB

Here, we enable the regions except for the second and last.