I've purchased a cross-flashed Mac Pro 4,1 to 5,1 2 weeks ago and I absolutely love it. It also came with the latest BootROM available for the cMP (144.0.0.0.0) which was kind of surprising since the previous owner had High Sierra installed on it. I spent the last hour reading about the BootROM of the 2009, 2010 and 2012 Mac Pros and it is quite an interesting read, albeit scary taking into consideration how easy it theoretically to corrupt it. I think I will backup my Mac Pro's ROM with your ROM tool and see if there are any Microsoft certificates active (hopefully there aren't any but I really have no idea what that particular Mac Pro has been used for the last ~ 14 years). I do have some questions and perhaps you or someone more familiar with the matter could answer them, I'd really appreciate it:
Why is booting Windows over USB bad vs. booting it by using optical media? (coincidentally I have both Windows 7 and 10 running on my Mac Pro 2,1 and Mac Pro 3,1 and I have never encountered any issues with the BootROM on those machines, I do have to state though that I've always installed Windows via DVD since that is just the way I prefer to install it, i.e. I was unaware that booting Windows on USB could be dangerous)
USB = UEFI Windows and consequently Windows SecureBoot signing the Mac Pro BootROM.
CD/DVD = BootCamp/CSM/BIOS Windows installs, no UEFI, no Windows UEFI SecureBoot.
Doesn't OpenCore fully protect the firmware of the Mac Pro when MacOS and Windows installers are booted with it? (from what I understand it spoofs the BootROM version which makes changes to the BootROM harmless so that Windows could even be booted via USB without concern)
You are mixing two extremely different things.
OpenCore spoofing of EFI and SMC versions is just to avoid macOS Software Updates that try to update the Mac Pro firmware, it fails and sometimes makes a boot loop that you can't get out.
ProtectSecureBoot is to block Windows SecureBoot signing the BootROM.
Is BootROM corruption a thing on 1,1-3,1s? (I never gave the possibility of a BootROM corruption by installing Windows a thought on those machines since you really don't hear bad stories about Windows on those machines).
MacPro3,1 can also corrupt the BootROM, but since the design is simpler and different from MacPro5,1, it's a lot more difficult to happen.
I haven't had much time to tinker around with my 4,1 flashed to 5,1 yet but I intend to install Monterey and Windows 11 on it. Can the BootROM be considered safe if I install Martin LO's OpenCore package first and do every install of an operating system with it afterwards?
Thanks for any insights!
When OpenCore config.plist is configured correctly, you can avoid boot loops from Software Updates and also Windows SecureBoot, but these two are just two of the various ways that the MacPro5,1 BootROM/NVRAM can fail.
You will never avoid failure of the NAND cells of the SPI flash for example. You can't also avoid garbage collection failures. There are other ways that the BootROM fails, but let's keep it simple here.
MacPro5,1 BootROM design back in 2008 was made for the reality of that time - no iCloud, no constant usage of the NVRAM by macOS - and was never intended with the presumption that 14 years later people would be actively running it as daily drivers.
The design is prone to fail by itself overtime and to make matters worse, Apple used a first generation SPI flash memory that have little endurance when the application is a NVRAM (contiguous erases/re-writes).