Why kexts are loaded by Boot Loader but not after Kernel gets the control

2.4k views Asked by At

I am very new to Hackintosh and now I am studying the boot process.

As far as I know:

  • efi binary is a "byte-code" that UEFI firmware runs
  • kexts is the kernel mode device driver that is complied in machine specific code, loaded by the kernel, running in kernel mode with the kernel
  • kexts injection is like the dynamic loading of library but in kernel mode

My question is, why there is some relationship with the bootloader like chameleon/clover and the kexts? The kexts should be loaded by the kernel but not the bootloader, right?

I see thing here. http://cloverboot.weebly.com/kexts.html?bcsi_scan_50b5cc4d2c82cc03=bG/X91Fwptz2CvnL0WdFPvjdTdWsAAAAioMalg==&bcsi_scan_filename=kexts.html

Say Hackintosh needs FakeSMC.kext. But it is not the business of the bootloader. What bootloader needs to do is to put the init code of Mac OS kernel in memory and passes the control to it. And it should be that Mac OS kernel loads that FakeSMC.kext.

Isn't it?

1

There are 1 answers

0
mateass On

Firstly PCs in the past only had legacy bios and no EFI, but Apple never used legacy bios, only EFI.

But this has changed as now most of the modern PCs have builtin UEFI so there is no need to emulate EFI.

There are two ways to boot OS X on a hackintosh with legacy bios. The first is Chameleon and the second is Clover.

Clover and Chameleon loads OS X differently.

Clover uses a modified version of DUET EFI (open source EFI implementation on top of legacy bios) or if the computer has it's own UEFI built in clover uses that. Clover also uses the default bootloader on the OS X Partition located at /System/Library/CoreServices/boot.efi to boot OS X. boot.efi loads the kexts and passes control to the kernel as on a real mac.

Chameleon has it's own built in fake EFI implementation that makes the kernel think it's running on an EFI Mac. But that fake EFI is not enough to load boot.efi so Chameleon has it's own loader. Chameleon loads the kexts by itself and then passes the control over to the kernel.

Both bootloaders have built in ACPI table injection, SMBIOS spoofing, Device ID injection, etc.

FakeSMC is an emulator that emulates the System Management Controller found in a real Mac which contains the key to decrypt Apple Protected Binaries.

Chameleon loads FakeSMC and other kexts by itself as standalone or part of the kernelcache and if you use Clover the same thing gets done by boot.efi.

Note: Clover has a feature that you're probably talking about that injects kexts on the fly that make it seem like they get loaded by Clover but they actually become part of the kernelcache.