MP 7,1 Can an owner confirm it won’t boot without Apple SSD even with “No startup security”?

[giggles]

We are all basing this knowledge on this single source:

Mac Pro 2019: Interchangeable Parts, T2 Security & Custom Configuration - MacFinder Blog

Our Mac Pro 2019 arrived today and after 15 short minutes of looking at how pretty it is, and it truly is, we set to taking it apart. Our aim was to find

macfinder.co.uk

but they don’t even specify if they tested that before or after disabling secure boot.

To be extra sure, can an owner here test that? i.e. if the MacPro boots (from any other boot drive) when its apple ssd blade is removed AFTER secure boot was disabled.

Here how to switch to “No security”:

About Startup Security Utility on a Mac with the Apple T2 Security Chip – Apple Support (UK)

Use Startup Security Utility to make sure your Mac always starts up from your designated startup disk and always from a legitimate, trusted operating system.

support.apple.com

 

[goMac]

Snazzy Labs posted a video saying they were able to boot from an NVMe card _without_ disabling secure boot or modifying any T2 settings.

They did not try removing the included storage, but I don’t think that would change anything.

Edit: I see in their guide they got a hardware fault after removing the SSD. Answer seems obvious then: Keep the internal SSD in even when booting from an NVMe card.

 

[DearthnVader]

Edit: I see in their guide they got a hardware fault after removing the SSD. Answer seems obvious then: Keep the internal SSD in even when booting from an NVMe card.

If true, this is a design flaw, not a terrible issue while the machine is under AppleCare, but down the road when it's out of warrantee, where would you get a replacement SSD when the OEM card dies?

 

[GeorgeBanner12]

Hi, I'm the author of the article. We disabled secure boot and had the OS on a PCIe mount Samsung 970 Evo. Once you remove the SSD It won't boot without the SSD secure boot or not.

 

[majus]

... but down the road when it's out of warrantee, where would you get a replacement SSD when the OEM card dies?

Or when Apple stops supporting the machine -- you would be out of luck. Hopefully someone will come up with a solution, a third-party replacement or something.

 

[bsbeamer]

I would expect an update to be released to address this via software/firmware. File a bug report if you've experienced it.

 

[tsialex]

You can't boot a 2017 iMac Pro or a 2019 Mac Pro without the NAND blades (it's not an SSD, but a bank of NAND chips and buffers without the controller) since it's the storage of the T2 and the BootROM is stored there.

 

[DearthnVader]

You can't boot a 2017 iMac Pro or a 2019 Mac Pro without the NAND blades (it's not an SSD, but a bank of NAND chips and buffers without the controller) since it's the storage of the T-2 and the BootROM is stored there.

Would you clarify that, is that the internal storage of the 7,1?

 

[tsialex]

Would you clarify that, is that the internal storage of the 7,1?

Yes, the internal storage of iMac Pro 2017 and Mac Pro 2019 are managed and controlled by the T2.

The 2 blades are just NAND chips and buffers, without a controller, and are the T2 storage itself.

 

[bsbeamer]

You can't boot a 2017 iMac Pro or a 2019 Mac Pro without the NAND blades (it's not an SSD, but a bank of NAND chips and buffers without the controller) since it's the storage of the T-2 and the BootROM is stored there.

This would basically make the blade(s) on an MP7,1 logic board "serviceable" in that they are removable and accessible, but required for operation.

 

[tsialex]

This would basically make the blade(s) on an MP7,1 logic board "serviceable" in that they are removable and accessible, but required for operation.

Yes.

 

[DearthnVader]

Yes, the internal storage of iMac Pro 2017 and Mac Pro 2019 are managed and controlled by the T2.

The 2 blades are just NAND chips and buffers, without a controller, and are the T2 storage itself.

So if these chips fail, the Mac can't boot, and not only do you lose the data on that drive, but your $8k+++ Mac is now a brick?

 

[Slash-2CPU]

Would you clarify that, is that the internal storage of the 7,1?

Normal m.2 SSD's have a PCIe-to-NAND flash controller on the 'stick.' They also have the NAND flash chips and typically a little bit of RAM as well.

Apple's 'SSD' is just the NAND flash, no controller. The controller is the T2 chip on the motherboard. It's not really an SSD by the technical definition. It's a NAND flash module, just like RAM sticks are "memory modules," and the memory controller is inside the CPU.

On older Macs, the BootROM that the machine loads up before it loads MacOS is on a little flash chip on the motherboard. On T2 Macs, that BootROM is on the flash modules. No flash modules, no BootROM. No BootROM, no boot.

BootROM is like old BIOS. It's the basic logic the computer needs to have in order to initialize its hardware, access a storage device, and locate then start loading an OS.

 

[tsialex]

So if these chips fail, the Mac can't boot, and not only do you lose the data on that drive, but your $8k+++ Mac is now a brick?

Yes. The point is, it's a very robust solution and I don't know of iMac Pro 2017 bricks at all.

 

[Slash-2CPU]

So if these chips fail, the Mac can't boot, and not only do you lose the data on that drive, but your $8k+++ Mac is now a brick?

Yea, BUT if a ROM flash chip on any older Mac dies, you get the same result. How often does that happen? I've never heard of it.

Think of the OEM SSD as an integral part of the motherboard, not as a true SSD. I'm thinking once I'd drop in a m.2 SSD, I will delete all partitions from the OEM ssd. At that point, it will be just BootROM storage. When used as only that, the flash chips will outlive 90% of everything else in the Mac, and probably its owner as well.

 

[DearthnVader]

Yes. The point is, it's a very robust solution and I don't know of iMac Pro 2017 bricks at all.

Yea, BUT if a ROM flash chip on any older Mac dies, you get the same result. How often does that happen? I've never heard of it.

True if the EEPOMs that holds the BOOTROM on an older Mac fail they won't boot.

Are these NAND chips something a 3rd party can make for the T2 Mac's?

The only thing I'm concerned about is when Apple stops making replacement parts for these Mac's, if we will still have a source to buy them?

I assume if we need to replace the NAND chips that the new firmware app Apple uses for the T2 Mac's would be able to restore the firmware?

Also, does this mean that there will be no way to update the firmware without another Mac?

Seems that is going to be trouble down the line, if true, because there are always firmware bugs.

 

[tsialex]

Think of the OEM SSD as an integral part of the motherboard, not as a true SSD. I'm thinking once I'd drop in a m.2 SSD, I will delete all partitions from the OEM ssd. At that point, it will be just BootROM storage. When used as only that, the flash chips will outlive 90% of everything else in the Mac, and probably its owner as well.

I think won't work exactly the way you want, you'll need at least Recovery working from the T2 storage since it's from that Recovery that you access StartUp Security Utility.
[automerge]1577119107[/automerge]

True if the EEPOMs that holds the BOOTROM on an older Mac fail they won't boot.

Are these NAND chips something a 3rd party can make for the T2 Mac's?

The only thing I'm concerned about is when Apple stops making replacement parts for these Mac's, if we will still have a source to buy them?

I assume if we need to replace the NAND chips that the new firmware app Apple uses for the T2 Mac's would be able to restore the firmware?

Also, does this mean that there will be no way to update the firmware without another Mac?

Seems that is going to be trouble down the line, if true, because there are always firmware bugs.

The NAND blades are proprietary and we probably won't see any 3rd party doing it. Even if some 3rd party makes it, how do you pair it with the T2. Only Apple can replace/pair it.

T2 can be revived after bricked using Apple Configurator from another Mac, but the pairing process itself can't be done by it.

 

[bsbeamer]

Are these NAND chips something a 3rd party can make for the T2 Mac's?

They are serviceable by Apple and AASP's. Doubt you'll find true 3rd party until/unless a toolkit or service manual with software/firmware tool is released publicly.

 

[DearthnVader]

I think won't work exactly the way you want, you'll need at least Recovery working from the T2 storage since it's from that Recovery that you access StartUp Security Utility.
[automerge]1577119107[/automerge]

The NAND blades are proprietary and we probably won't see any 3rd party doing it. Even if some 3rd party makes it, how do you pair it with the T2. Only Apple can replace/pair it.

T2 can be revived after bricked using Apple Configurator from another Mac, but the pairing process itself can't be done by it.

They are serviceable by Apple and AASP's. Doubt you'll find true 3rd party until/unless a toolkit or service manual with software/firmware tool is released publicly.

Kind of sucks.........

As I know it NAND chips only have so many RW cycles in them, but that's true of EEROMs too, so maybe I'm just overthinking it.

 

[tsialex]

Kind of sucks.........

As I know it NAND chips only have so many RW cycles in them, but that's true of EEROMs too, so maybe I'm just overthinking it.

NANDs are much more resilient to erase/programming cycles than EEPROMs and Flash memories, besides that T2 storage have garbage collection, wear levelling and over provisioning that are not present with the old way to storage the BootROM.

 

[macguru9999]

I think won't work exactly the way you want, you'll need at least Recovery working from the T2 storage since it's from that Recovery that you access StartUp Security Utility.
[automerge]1577119107[/automerge]

The NAND blades are proprietary and we probably won't see any 3rd party doing it. Even if some 3rd party makes it, how do you pair it with the T2. Only Apple can replace/pair it.

T2 can be revived after bricked using Apple Configurator from another Mac, but the pairing process itself can't be done by it.

So exactly how would apple replace the built in storage if you took it to them ? They must have a procedure to pair the new flash modules. or will they leave that out of the manual ?

 

[tsialex]

So exactly how would apple replace the built in storage if you took it to them ? They must have a procedure to pair the new flash modules. or will they leave that out of the manual ?

Apple and AASPs have an internal software that pair the NAND blades to the T2, after that a BridgeOS restore is needed. It’s a supercharged version of what Apple Configurator do.

 

[macguru9999]

Apple and AASPs have an internal software that pair the NAND blades to the T2, after that a BridgeOS restore is needed. It’s a supercharged version of what Apple Configurator do.

So would they have a way of connecting the new blades to the machine at the same time as the old one(s) and writing a boot rom to them , then installing them ?

 

[tsialex]

So would they have a way of connecting the new blades to the machine at the same time as the old one(s) and writing a boot rom to them , then installing them ?

No need. Just install the new ones, use the internal software to do the pairing, then do the BridgeOS restore. After that even InternetRecovery works.

 

[macguru9999]

No need. Just install the new ones, use the internal software to do the pairing, then do the BridgeOS restore. After that even InternetRecovery works.

ok ... but how do they boot the machine to run the internal software when its got blank modules ? I mean there must be a way because that would be what they do during initial assembly...