EFIFaker
This provides a very incomplete and hackish pseudo-EFI environment for the version of Apple's boot.efi that ships with OS X 10.9.2 (13C64).
- To load a different EFI binary, edit the linker flags so a different binary is loaded as the fake PAGEZERO
- If using a different version of
boot.efi, be sure to change the offsets used by the code that patches out various privileged instructions - To work, a copy of the raw SMBIOS tables must be in
smbios.h. The commandioreg -r -l -w0 -n AppleSMBIOS | sort -r | grep -E '"SMBIOS"|"SMBIOS-EPS"' | sed -Ee 's/[[:blank:]]*"SMBIOS-EPS" = <(.*)>/\1/' -e 's/[[:blank:]]*"SMBIOS" = <(.*)>/\1/' -e 's/([0-9a-f]{2})/0x\1, /g'will dump the SMBIOS data in the form of a C array on an OS X machine. In the future a fake SMBIOS table with usable data will be autogenerated. Yeah, I know, my sed-fu is just terrible.
The executable will ultimately crash once mach_kernel is loaded, since a kernel can't run in userspace, but until then you get lots of fun info about just what boot.efi is doing. Why didn't I use DumpEfiCalls or similar? Because this was more fun.