New Hackintosh using OpenCore

Ddd126a3b2f1424995a2019c1c75b8f6

 

I now have a new Hackintosh. My old Hackintosh was completed at the end of 2012. And for the last year or so, it has been running really slow. I also managed to kill the GPU slot a few years ago, due to my usual impatience. So, it had been running with the on-board Intel GPU. However, I was still able to play League of Legends on its lowest quality graphics mode, all credit to Riot Games.

This build was rather frustrating: I decided to use OpenCore, as it seemed (last fall) to be the future of Hackintosh. I had all parts in hand last November. I worked on the build a bit at a time over the last few months, but kept running into issues. E.g. fixing the "slide" value for KASLR, random crashes, black screens, etc.

In any case, all the bits and pieces sat around for a few months. I finally installed Windows on its own HDD, and had been running it for a few weeks. Finally decided to take a look at OpenCore, again. I ended up using OpenCore 0.5.9. The documentation had also been tidied up a bit, and it seemed a little easier to follow this time around.

It took me only a couple of days to get everything up and running, stably and consistently.

Here is the parts list:

Additionally, I re-purposed an old 2.5" 500 GB HDD that I had lying around from an old used Mac Mini that I destroyed. (Did I mention that I tend to destroy hardware due to impatience?)

Before I go into some detail about the process, here is a short rundown on what works and what doesn't:

  • Messages works
  • FaceTime may work -- I don't have a webcam, so I can't confirm
  • iTunes works
  • AppleTV does not work due to DRM issues (HDCP, I think?)
  • Netflix on Safari does not work, again due to DRM
  • Netflix on Google Chrome works, but at 720p, I think (it does not look like 1080p)
  • YouTube 4K works
  • Audio (analog) input and output jacks on rear and front panels work; the rear panel jacks appear as "built-in"
  • On-board Bluetooth works
  • On-board WiFi does not work
  • Blu-ray reading/playing does not work. Have not tried burning. UPDATE July 2020: need to consult the motherboard documentation. Installing M.2 storage may disable one or more of the SATA ports due to sharing of data lanes in the chipset. Now, reading/playing/ripping CDs works fine, playing DVDs works fine, ripping DVDs with Handbrake works fine (install libdvdcss using Fink), reading Blu-Ray works but can’t play them (of course), MakeMKV recognizes the Blu-Ray but hit a “fatal error” when trying to rip.
  • Steam games pretty much do not DO work (updated Jul 20, 2020 - not sure what has changed, but Steam games seem to work, now)
  • League of Legends works (Teamfight Tactics is what I'm playing most, nowadays)

Here is what I did. There is a lot of detail follow in the official guides, so I will just present an outline, and the key hardware-specific things I had to do.

I also found the diagrams in this forum post useful, even though it uses TonyMacx86, since they use the same motherboard.

  1. Create USB flash drive installer.
    1. You will need a 16 GB USB flash drive.
    2. This can be done on macOS (including a Hackintosh), Windows, or Linux. Here is another guide for doing this on Windows.
  2. BIOS settings. There are a variety of settings to make: first, "Load Optimized Defaults" as a starting point.
    1. Use UEFI boot mode
    2. Disable the following:
      1. Fast Boot
      2. VT-d. N.B. can be enabled if you set DisableIoMapper to True.
      3. CSM
      4. Thunderbolt
      5. Intel SGX
      6. Intel Platform Trust
      7. CFG Lock (MSR 0xE2 write protection). This may not exist in your BIOS.
      8. All RGB lighting
    3. Enable the following:
      1. VT-x
      2. Hyper-Threading (technically irrelevant, since the i7-9700 does not do hyperthreading)
      3. Execute Disable Bit
      4. Above 4G decoding
      5. EHCI/XHCI Hand-off
    4. Set OS type to: Windows
  3. OpenCore setup on the USB flash drive.
    1. This is probably the most tedious part: setting up OpenCore in the EFI folder, and creating a config.plist file.
    2. However, if you use the ProperTree OpenCore config.plist editor, quite a bit of the work is automated.
    3. NB some of the text instructions in the OpenCore guide do not match up with the pictures which illustrate the instructions. If there was a conflict, I took the text to be authoritative, and ignored the pictures.
  4. Once OpenCore config.plist is done, save a copy of that config.plist (I add a date-time stamp to the backup copy). Then, reboot from the USB flash drive, and run the macOS Installer.
    1. For the initial install, I installed on the NVMe boot drive. I selected APFS format.
  5. Post-install, set up the new Hackintosh boot drive with its own EFI partition so that the installer USB flash drive is no longer needed. 
    1. Optionally, set up a GUI for the boot device selector
    2. Fix the audio interface: find the appropriate PCI ID for the device. The motherboard includes a Realtek® ALC1220-VB codec. I used layout 1.
  6. Once it was installed, I ran Disk Utility to format the data HDD for use as my home folder.
    1. I suggest formatting HDD as HDFS+. My experience with APFS on a HDD in my old Hackintosh is that APFS on HDD is pretty slow, particularly when backups run and a snapshot is created.
    2. Then, follow these instructions to set a new location for the home folder.
    3. Reboot, and make sure the new home folder works.
    4. Apply any OS updates.
  7. I have a Time Machine backup HDD in a USB enclosure. I hooked up the backup HDD to the new Hackintosh, and used Migration Assistant to move OS and applications. Since my home folder on the old Hackintosh and the new Hackintosh are not on the same device as the boot drive, Migration Assistant was not able to transfer the data.
    1. I tried mounting the old HDD containing the home directory using USB on the new Hackintosh, but was unable to see any of the data at all. I didn't spend too much time to figure out why: after about 30 minutes trying a couple of obvious tricks, I bailed.
    2. The old Hackintosh was started up with the home folder HDD attached. I used rsync to transfer the data. NB you will likely need a newer version of rsync than what comes with macOS Catalina. This is because I ran into errors using the default rsync: it had trouble with some extended file attributes. Compilation was straightforward; standard GNU style: ./configure ; make ; make install

Late addition based on post-install experience: Do not bother with USB mapping unless you find one or more USB ports that you need are not working. Things just seem to work.

And that was pretty much it.

Screen_Shot_2020-06-14_at_6_31_43_PM

Screen_Shot_2020-06-20_at_2_00_45_PM


New bicycle - Priority Continuum Onyx

I have the dubious distinction of being an essential worker, due to being an IT person. Anyway, once work allowed essential workers back on site in April, I started cycling to avoid public transit. The bike is an 8-year old steel-frame Windsor Kensington from BikesDirect.com: 8-speed Shimano Nexus internal gear hub, set up for “utility” cycling around town. I upgraded the brakes to Tektro R559 with FL750 levers, to retain a vintage-ish look; along with it, the brake cables were upgraded to Jagwyre Road Elite Sealed. That was a huge improvement: no more sponginess, and I could actually stop in the rain (with the normal precautions). I also upgraded the shifter cable to Jagwyre Road Elite Sealed: see this old post. And upgraded the rack, too, since the original one worked loose, and I wasn't too satisfied with its sturdiness. Not to mention the Pletscher Twin center kickstand, which was one of the first changes I made.

105986930_10112061976229741_6508330217104676276_o

Anyway, my commute is only 4 miles. But I was still noticing the bike was pretty heavy. Fortunately, I can store it on the ground floor, currently, so I don’t have to schlep it up two floors to my apartment. And there were other minor annoyances, like a cheap steel chainring which rusted (it had been painted), some unexplained rattling in the Nexus hub (which did resolve itself after a couple of weeks of normal riding). 

More importantly, I had an idea of my ideal commuter bike. But pricing the parts put it way over my budget, not to mention my skill set in building a bike. Pre-built ones were also pretty pricy. I wanted an internal gear hub (without needing a massive gear range), belt drive, hydraulic disc brakes, and maybe a dynamo hub wheel.

Finally, after some months of cursory browsing, I found the Priority Continuum Onyx. It checked all the boxes, plus it added an aluminum frame, and a Nuvinci Enviolo (manual) continuously variable internal “gear” hub. Reviews from regular bike commuters on YouTube and in Reddit were favorable: these were people who put many more miles per day on their bikes, and rode in much rougher weather than I would. All those factors fell in place at the right time, and I bought one. I paid the nice people at Firth & Wilson Transport Cycles to assemble it for me.

The first thing I switched out was the seat/saddle: put in a Fabric Cell Radius Elite.

 

I took it for a 6-mile ride, and it’s pretty nice. Light compared to the old bike. Larger gear range: much faster on the high end. No sticking on the low end, which is an issue on my Shimano Nexus. Brakes are decent: honestly they did not feel much better than the Tektro rim brakes on my old bike. I expect they will be much better in wet weather. The ones on the Priority are low-end Tektro hydraulic disc brakes. It felt pretty nimble, and lively. The belt drive was very quiet. The Nuvinci continuously variable hub was nice: shift while stopped, find the “in-between gear ratios”. 

Of course, I have some gripes: the flat-straight handlebars are pretty uncomfortable for me. I find myself pitched further forward than I like, and the grips don’t sit in my palms well: my hands were tingling even after the 20-minute ride. The grips are not very comfortable, either: they are pretty hard, and just felt like two hard slightly tacky cylinders in my hands.

The Fabric Cell saddle was kind of disappointing: it was a lot harsher than I expected, despite the reviews I read or watched. (I think those were comparing against normal road racing saddles.) I’ll give it some more time, and maybe re-adjust the positioning.

Future upgrades: I definitely need a rear rack. Topeak make the same rack I have on my old bike, but which accomodates disc brakes. I use the bike for shopping errands, and picking up or dropping off packages. Definitely need more comfortable handlebars, something with a bit of a sweep back. Almost definitely more comfortable grips. Maybe a QuadLock mount for my phone.


Hackintosh USB mapping - attempt to fix broken Bluetooth

UPDATE 2: My attempts at “fixing” USB mapping broke all the USB 3.x ports. None of the USB 3.x ports work. I did set them to “Type 3” which is “USB 3 Standard-A connector”. Undoing all the USB mapping stuff fixed my non-functioning USB ports. Everything works OK, including Bluetooth. No idea why: everything about OpenCore is still kind of a mystery to me.

UPDATE: Bluetooth fixed itself. What I did: booted into Windows (installed on a separate SSD), used Windows to connect to the speaker, quit Windows to boot into Hackintosh, and Bluetooth works again. Quick way to see that Bluetooth is OK is that System Information on the Bluetooth device should show a non-trivial address. If it were broken, the address would be 00-00-00-00-00-00.

Screen_Shot_2020-07-12_at_10_38_26_PM edited

tl;dr This did NOT fix my Bluetooth issue. I had also cleared the CMOS and re-set all the BIOS settings before I went through all of this. So, this may be of some use as a summary of USB port mapping in OpenCore, but of no use at all for fixing Bluetooth issues.

Bluetooth stopped working for unknown reasons. Discovered that Bluetooth is actually an internal USB device.

Suspicion: the breakage is due to the macOS 15 USB port limit. (Additional USB hubs get their own 15-port limit.)

Follow instructions:

  • https://dortania.github.io/USB-Map-Guide/
  • https://github.com/corpnewt/USBMap

Using the USBMap script, can see that there are 26 ports listed: HS01 - HS14, USR1 - USR2, SS01 - SS10. (This is the same as the list that corpnewt has on their system.)

The script allows you to disable all SSxx ports and all HSxx ports. Then, manually enable a specific set of HSxx ports. From this post at tonymacx86, someone has listed the USB ports for this motherboard: back panel, and internal headers. I have verified this is correct, for the ports that I can use. I have no USB Type-C devices, so I cannot check the two USB Type-C ports on the rear panel.

Designare Rear IO Layer v3_resize
Designare Rear IO Layer v3_resize

The case I am using has no front-panel USB Type-C ports, so I can leave HS01 disabled. I do not currently have any USB 3.1 Gen 2 Type C devices, but I am planning to get at least one: I will enable both HS08 and HS13. I will leave the internal Bluetooth (HS14) enabled. There is no HS02 shown in either diagram, and none of the ports I could test were HS02: so, disable that. There was no USR1, either, but the USBMap documentation does not say anything about enabling or disabling USR* ports, so leave that enabled.

Summary: 

  • Two disabled HS ports: HS01 and HS02

That leaves me with 12 HS ports, and 2 USR ports, bringing me up to 14 ports.

The boot-args option is:

debug=0x100 keepsyms=1 alcid=1 agdpmod=pikera -uia_exclude_ss -uia_exclude_hs uia_include=HS03,HS04,HS05,HS06,HS07,HS08,HS09,HS10,HS11,HS12,HS13,HS14,USR1,USR2

Back at the main menu of USBMap, pick “S. Build SSDT-UIAC”, which will generate two .aml files:

  • SSDT-UIAC.aml
  • SSDT-USBX.aml

Copy those to your EFI/OC/ACPI folder, edit your config.plist to add them to the ACPI section, and reboot.

Steps:

  1. Disable all ports named “SS* - using USBMap script, select “S. Exclude SSxx Ports. This appends the boot option -uia_exclude_ss to NVRAM which will persist across reboots. NB this does not modify config.plist. In OpenCore 0.5.9, this step did not work for me. So, manually modify config.plist to add the boot option (NVRAM->Add->...long string of chars->boot-args). Manually trying to set boot-args using the nvram command gives an error: “nvram: Error setting variable - 'boot-args': (iokit/common) not permitted”. So, set it in config.plist, instead.
  2. Download SSDT-USBX.aml from USB-Map-Guide/extra-files
  3. Use SSDTTime to generate SSDT-EC.aml. (Had SSDT-PLUG.aml from initial install.)
  4. Copy the .aml files into EFI/OC/ACPI/
  5. Add entries for both SSDT-USBX.aml and SSDT-EC.aml into config.plist

Hackintosh update - WiFi card added

I wanted to have Handoff on my Hackintosh. That requires WiFi.

The built-in WiFi on the Gigabyte Z390 Designare motherboard does not work with macOS. But Dortania, the people who work on OpenCore, have a list of recommended WiFi devices. I got an ASUS PCE-AC68 AC1900 Dual-Band Wireless PCI-E Adapter. And it just worked. I did not have to add more kexts or munge my config.plist.

Another point for OpenCore.

However, Handoff does not work. It seems like I need a Bluetooth adapter with a particular chipset. The ones that are pretty certain to work are ripped out of actual Macs: they use the Broadcom BCM94360CS2 or BCM94360CS (one person had better luck with this) chipset, and combine WiFi with Bluetooth. There are also generic adapters: search eBay for that product string. These are M.2 form factor. Since I wanted the second M.2 slot on my motherboard for a Windows installation, I could not go this route.


Migrating from Aperture to Lightroom Classic

I built a new Hackintosh, and am now running macOS Catalina (10.15). Since Catalina only runs 64-bit applications, I am finally forced to migrate all my photos from Aperture to Lightroom Classic. 

tl;dr Make Aperture store its masters as “referenced”. Split the library into smaller ones, no more than about 10,000 masters per library. (A 27,000-master library took > 24 hours to import.) Import into Lightroom, keeping Aperture masters in place, and copying Aperture-edited previews into the masters’ location to allow automatic stacking. 

The Aperture import plug-in that comes with Lightroom Classic is not great. If you have a very large library, it can get very slow. No one who has very large libraries seems to have waited. My library is about 700 GB, with about 560 projects and 81,500 images. I kept the library “managed” i.e. Aperture copied everything into its library package. I tried to import the full Aperture library into Lightroom Classic. After 5 full days (24 hours per day) of running, the import into Lightroom seemed to stall at 50%. From the start of the process, every additional percentage point seem to take longer and longer. (Felt like an N² algorithm or worse.) Others have had the same experience (Adobe support community forum post).

Without resorting to a manual import (aka “the Old Method”), as the person who posted that issue in the Adobe forum did, I figured I would try the latest suggestion posted there, i.e. to break up the single original library into multiple smaller libraries. That seems to be working pretty well. 

To export in Aperture: File ▶ Export ▶ Items as New Library… Then, in the options: 

For this to work, your Aperture masters folder must have the same absolute path on the old computer and the new computer. My old computer’s Aperture masters (originals) folder was at: /Volumes/Homes/Users/myname/Pictures/Masters
 
On my new computer, I needed to make sure that my home folder was on a separate volume, such that it ended up with the same absolute path /Volumes/Homes/Users/myname/Pictures/Masters. I had tried one iteration, where my new home folder was in a slightly different location /Volumes/Homes/myname and that did not work because Lightroom Classic complained that the folder /Volumes/Homes/Users/myname/Pictures/Masters was missing. It is not the fault of Lightroom Classic, since the absolute paths are encoded in the exported Aperture libraries.
 
You also want to make sure the previews are copied into the exported library. Otherwise, Lightroom Classic would not have access to those (edited) previews.
 
To import into Lightroom Classic: File ▶ Plug-in Extras ▶ Import from Aperture Library…. There is an Aperture Import Info… menu selection which gives some info about the import process. A window will pop up, showing four sections.
 
The first section is “Previews from Aperture”. There is only one option, “For images which have been adjusted in Aperture, import full size previews from the Aperture library (if they are available and up-to-date)”: check that ON.
 
The last one, is “Files referenced in Aperture”. Here, check ON “Leave referenced files in your Aperture library in their current location”. If you have checked on “import previews”, a second option should be available: “For referenced images left in their original location, place version previews in the same folder as the master image to allow for automatic stacking”. Check this ON, too.
 
In short: import previews ON, leave referenced files in current location ON, place version previews in same folder as masters ON. Really, ALL options are checked ON.
 
Screen Shot 2020-07-04 at 5.29.38 PM
 
Click “OK”. As a check, you should see that the “Disk space required” value should be small, indicating no additional space for the masters will be used. It should just be the additional space to accomodate the previews.
 
It will return you to the first window, where you can click “Import” to start the import. How long it takes seems to depend on the number of images in the library. I didn’t time any of the imports, but a few thousand masters with maybe a thousand previews took maybe 2 or 3 hours. Certainly not the multiple days that a naïve import took.

Setting user home directory in macOS via command line

My old Hackintosh was messed up: it mounted the separate drive holding the Home directories in "/Volumes/Homes 1" rather than "/Volumes/Homes". That meant I could not login normally.

But, I was still able to login via ssh. Since macOS is a Unix-ish system, it just drops you in the root directory. From there, do the following:

    sudo dscl . -change /Users/username NFSHomeDirectory old-path new-path

Replace username, old-path, and new-path with appropriate values.

Credit to this answer at Stack Overflow. Like any *nix, there is a man page.


Migrating from Aperture to Lightroom Classic drops non-destructive adjustments layer

Well, this sucks: according to Apple, migrating Aperture RAW files to Lightroom Classic does NOT migrate the non-destructive adjustment layer. Which means my 650 GB or so of photos are the unedited versions. 

The old Hackintosh is dead. So, I can’t go in and re-export edited JPGs. But even if I could, I wouldn’t do that: who’s got the time?


YubiKey 5 NFC with 1Password on iOS

tl;dr Yubikey 5 NFC works great with 1Password on iOS (assuming your phone has NFC).

I just got 1Password to use on my iPhone and my Mac. The website allows using a Yubikey as a second factor (in addition to apps, like Authy or Google Authenticator). Turns out, the iOS 1Password app also handles the Yubikey 5 NFC properly: open the app and it asks for the password, and then for the second factor. If you scan your Yubikey using NFC, the app recognizes it. 

The alert pointing to the special website also appears, but it is not necessary to go to it.


Ubuntu optical drives

After spending about 45 minutes trying to figure out why the optical drive (ASUS BW-16D1HT) I installed in my new computer build was not being seen by Ubuntu 18.04, a post at AskUbuntu (I did not save the link) mentioned that the optical drive should be installed in the first SATA slot (ID 0 [zero]). After I did that, and rebooted, it worked fine:

  • insert a DVD or Blu-Ray disc, and the Nautilus file manager mounts it automatically
  • open VLC, and select the drive (now correctly known as /dev/cdrom or some similar friendly name), and it see the DVD properly and can play it

Regarding playing DVDs: you need to install VLC, and a bunch of codecs, typically in a “restricted” repo. Here is the official documentation -- no need to add third-party repos.

sudo apt install libdvd-pkg && sudo dpkg-reconfigure libdvd-pkg

You will also want to use "sudo apt install vlc" to install VLC. For some reason, installing using the graphical Software marketplace app gives you a slightly older version.

sudo apt install vlc

If you want (or need) to set your device region code:

sudo apt install regionset && sudo regionset

You may need to specify a device to regionset, e.g. /dev/cdrom


Using the Yubikey 5 NFC on iOS (and Android, and macOS, and Linux)

TL;DR Works in principle on iOS, but does not work in practice. If you're thinking of getting one to NFC tap the key to your phone when prompted for a security key as a second factor, this does NOT work.

PROTIP: Set up BOTH your primary key and a backup at the same time, especially for accounts where the physical key is required and is the only U2F accepted.

I just bought a pair of Yubikey 5 NFC security keys, as a more convenient alternative to phone apps like FreeOTP, Authy, Duo Mobile, or Google Authenticator to generate a numeric one-type second factor for logins.

Despite the description, the Yubikey 5 NFC does not work well with iOS. I have an iPhone 11 Pro running iOS 13.3 Beta. If you hold the Yubikey up to the back of the phone (near the top, next to the camera lens cluster), it will pop up an alert that asks if you want to open a web page in Safari for verification. This is the WebAuthn protocol  

 

58B7FE4E-2412-48E0-998E-E1673A244CF9
 

I set up all my Google accounts to use the Yubikey, and also Facebook and Github. When trying to sign in using the Chrome browser in iOS, tapping the Yubikey to the phone does not work as a second factor. It just pops up the "Open NFC link in Safari" alert.

They do have a Yubico Authenticator app. This app is available on iOS, Android, macOS, Windows, and Linux. It takes the place of Google Authenticator (and the usual mobile time-based OTP apps). The difference is that you need to tap the Yubikey to the phone (or plug it in to USB if you're using it on a computer) to generate the numeric second factor to be typed in.

The vulnerability of all the usual phone-based OTP apps (besides the possibly weaker crypto parameters used) is that the cryptographic secrets are stored on the phone, and may be compromised by malware. Using Yubico Authenticator moves the cryptographic secret to the physical key.

HOWEVER, the Yubikey 5 NFC does not work as expected with this app on iOS: all it does is again pop up the alert to open Safari with a verification URL. It seems to only work if you have the Yubikey 5Ci with Lightning and USB-C connectors. (I am assuming, since I do not have one of these to test.) Even using Chrome and then trying to login to Github, it does not work.

So, all in all:

  • I like that logging in on a computer or laptop is now simplified
  • I am annoyed that it does not work on the iPhone: I would have gotten the cheaper Yubikey (less than half the price of the Yubikey 5 NFC)

Maybe the product I am looking for is the yet to be released Yubikey 5C NFC. Honestly, why is there such a broad product line?

On Android, using a Nokia 6, things seem to work as expected, with a minor hiccup. Note that I am not using the Yubico Authenticator app.

I run Chrome, and login to Github. I select “Security key” as the second factor, when prompted. Then, hold the key to the back of the phone, and I am in. The glitch is that a new tab also opens on the Yubico verification website. I think the URL is embedded in the NFC.

On the macOS side of things, everything works as expected using Google Chrome. (Safari does not support USB security keys.)

This post will be updated when I try this on Ubuntu Linux and a Chromebook at work, tomorrow.

UPDATE 1: Works fine on Firefox macOS.

UPDATE 2: Works with Chromebook since it's a Chrome browser. HOWEVER, there seems to be no setting to use it as a second factor for logging into the Chromebook itself.

UPDATE 3: Works with Chrome and Firefox on Ubuntu, as expected. U2F for sudo following the instructions from Yubico also works: as noted there, if the u2f_keys file has been moved to a root-only directory /etc/yubico, the option “authfile=/etc/yubico/u2f_keys” must be appended to the line. The same setup will also require the USB key for logins: after you type in your password and hit Enter, the USB key will start flashing, and you touch the flashy bit.

UPDATE 4: If you use KeePassXC for storing passwords, it can be configured to require a YubiKey for challenge-response. This has to be manually set up with Yubico's YubiKey Personalization Tool. A setup tutorial video is here.