Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MisterAndrew

macrumors 68030
Original poster
Sep 15, 2015
2,895
2,390
Portland, Ore.
Current security status: Good

Current Intel support status: Retired as of 1 July 2020 (self-support only from Intel after this date. Intel customer-agent support has ended.) Note: Support is provided by Apple.

Current microcode revision: 42E (1070 decimal)
-Future microcode updates: Yes, if necessary, according to Intel Customer Support for servers
-End date for microcode updates: Determined by Apple (Intel will provide them as requested from Apple)
-How to obtain current microcode revision: Included with latest firmware (boot ROM) applied via macOS updates

Current identified vulnerabilities:

No new vulnerabilities known to affect systems running current software or macOS

Intel vulnerabilities by processor list:
AFFECTED PROCESSORS: Latest Transient Execution Attacks by Product CPU Model

Note that the list shows two vulnerabilities affecting these processors, but when contacted, an Intel Customer Support representative clarified those vulnerabilities either don't affect these processors or systems running macOS. More info in post # 26.
 
Last edited:

tsialex

Contributor
Jun 13, 2016
13,455
13,602
Last edited:
  • Like
Reactions: MisterAndrew

tsialex

Contributor
Jun 13, 2016
13,455
13,602
This likely means no official MP6,1 for Big Sur release.
Someone wrote yesterday that E5 Xeons had a mitigation firmware that Ivy Bridge processors didn't had. I wouldn't discard MP6,1 from Big Sur before confirmation from Intel itself.

Edit:

Just checked, E5 v2 Xeons based on Ivy Bridge used on late-2013 Mac Pro are now retired:
Screen Shot 2020-06-23 at 08.27.16.png
 
Last edited:
  • Like
Reactions: bsbeamer

tsialex

Contributor
Jun 13, 2016
13,455
13,602
Can you explain? Big Sur support MacPro 2013 as from Apple.
Apple announced that macOS 11 supports late-2013 Mac Pro, the problem is that Intel killed microcodes updates for Xeon E5 v2 processors used by MP6,1 and Apple did killed Macs with microcodes vulnerabilities in the past. It's not likely since Apple sold MP6,1 until 2019 Mac Pro was released back in December.

Maybe Apple will just publish a support article warning about the vulnerabilities of the processor like they did with Mojave and MP5,1, the owner is then responsible for keeping late-2013 Mac Pros working or not.
 
  • Like
Reactions: bsbeamer and CC88

CC88

macrumors 6502
Sep 29, 2010
489
118
Apple announced that macOS 11 supports late-2013 Mac Pro, the problem is that Intel killed microcodes updates for Xeon E5 v2 processors used by MP6,1 and Apple did killed Macs with microcodes vulnerabilities in the past. It's not likely since Apple sold MP6,1 until 2019 Mac Pro was released back in December.

Maybe Apple will just publish a support article warning about the vulnerabilities of the processor like they did with Mojave and MP5,1, the owner is then responsible for keeping late-2013 Mac Pros working or not.

Thank you very much for explaining it.
 

bsbeamer

macrumors 601
Sep 19, 2012
4,313
2,713
Apple has a history of ending new OS version support for machines with EOL'd processors. Not making the processors is one thing, but Intel not issuing updates/patches (microcodes) is another entirely.

There was a push for Intel to commit to an X number of years roadmap before ending microcode support updates by several large customers. I assume Apple was part of that push. As it stands right now, there is a not a firm 100% requirement that Intel must support processors for any number of years beyond EOL. At this point, I'd expect that will only change with legal action or a change in law within USA. (This is not the reason Apple went with their own ARM CPUs, but it was likely a contributing factor.)
 

bsbeamer

macrumors 601
Sep 19, 2012
4,313
2,713
The 2013 Mac Pro is on the officially supported list with regards to Big Sur.

That is for the beta. Would not be the first time they dropped a machine (or two) from the official release, if they do. If they do decide to support MP6,1 there will be published documentation for security venerability with lack of microcode updates. Likely need to disable HT and/or other user-end mitigations for mostly workable security workaround, usually at the cost of performance. That is basically what happened with MP5,1 during the Mojave cycle and why it was officially unsupported by Catalina. There are usually community driven workarounds, however.
 

chrfr

macrumors G5
Jul 11, 2009
13,716
7,290
That is for the beta. Would not be the first time they dropped a machine (or two) from the official release, if they do. If they do decide to support MP6,1 there will be published documentation for security venerability with lack of microcode updates. Likely need to disable HT and/or other user-end mitigations for mostly workable security workaround, usually at the cost of performance. That is basically what happened with MP5,1 during the Mojave cycle and why it was officially unsupported by Catalina. There are usually community driven workarounds, however.
Support for the 6,1 is listed on the public page for Big Sur. It’s not going away.
 
  • Like
Reactions: MisterAndrew

MisterAndrew

macrumors 68030
Original poster
Sep 15, 2015
2,895
2,390
Portland, Ore.
The 6,1 was sold new until this past December. There’s no way Apple isn’t continuing with the already announced Big Sur support.

Yes, that’s the fact that makes this so bizarre. Presumably Apple was still purchasing these processors from Intel fairly recently. It’s nasty of Intel to end support for a product they recently sold. It’s also ridiculous how many vulnerabilities their CPUs have. I’m never buying another Intel based computer.
 

minifridge1138

macrumors 65816
Jun 26, 2010
1,175
197
Yes, that’s the fact that makes this so bizarre. Presumably Apple was still purchasing these processors from Intel fairly recently. It’s nasty of Intel to end support for a product they recently sold. It’s also ridiculous how many vulnerabilities their CPUs have. I’m never buying another Intel based computer.

A big +1 to this.

If Intel hadn’t sold the processors since 2013, I would understand ending microcode support. But something sold within the past year?
 

bsbeamer

macrumors 601
Sep 19, 2012
4,313
2,713
What will also be interesting with the MP6,1 is the date it gets listed as vintage. Technically from previous guidance, this would be in late 2024. Personally do not see Apple letting a 2013 machine with EOL'd processors drag on until then. Guess we'll see.

Any semi easy method to check CPU serial numbers then check against date range of manufacture? There's a chance Apple over purchased CPU's and just continued to make these machines since they had stock/parts available.
 
Last edited:

minifridge1138

macrumors 65816
Jun 26, 2010
1,175
197
What will also be interesting with the MP6,1 is the date it gets listed as vintage. Technically from previous guidance, this would be in late 2024. Personally do not see Apple letting a 2013 machine with EOL'd processors drag on until then. Guess we'll see.

Any semi easy method to check CPU serial numbers then check against date range of manufacture? There's a chance Apple over purchased CPU's and just continued to make these machines since they had stock/parts available.
Good point about Apple burning through old stock.
 

MisterAndrew

macrumors 68030
Original poster
Sep 15, 2015
2,895
2,390
Portland, Ore.
Okay, here's the latest microcode file. According to MC Extractor it's from 14 March 2019. It's version 42E, so that matches the revision guidance from 31 August and it's the version currently supplied with boot ROM 136.0.0.0.0 (1070 decimal = 42E hex).


MC Extractor.png Microcode 42E.png
 
Last edited:

MisterAndrew

macrumors 68030
Original poster
Sep 15, 2015
2,895
2,390
Portland, Ore.
Great news. The most recently discovered vulnerabilities affecting these processors don't require microcode updates in order to mitigate them. So just keep macOS up do date.

Further info:
-For Load Value Injection Intel states, "There is no additional microcode update needed to mitigate LVI (either for Intel SGX or in general)."
-For Snoop-assisted L1 Data Sampling Intel states, "As the processors affected by snoop-assisted L1D sampling are a subset of those affected by L1 Terminal Fault (L1TF), software may have already applied L1TF mitigations on systems affected by snoop-assisted L1D sampling." L1 Terminal Fault was discovered in 2018, so fixes have already been applied via a previously issued microcode update.

Of course if there is a serious vulnerability discovered in the future that requires a microcode update we'll be out of luck. We'll just have to stay aware of the current vulnerabilities and keep our fingers crossed.

Also note:
Non-Xeon Ivy Bridge processors found in the 2012 MacBook Pro and Mac mini are affected by CVE-2020-0543 (Special Register Buffer Data Sampling) and that vulnerability requires a microcode update to mitigate. Since there will be no microcode update issued for those processors that may be the reason support for those Macs was dropped from Big Sur. The Xeon Ivy Bridge EP processors found in the 6,1 are not affected.
 

jdb8167

macrumors 601
Nov 17, 2008
4,865
4,602
Most of these vulnerabilities don't really apply much to Mac Pros used as personal computers. I don't have hostile processes running that are attempting to read other processes protected memory. Sure, if you have malware it gives an additional opportunity for exploitation but if you have malware, you are in pretty bad trouble anyway.

These exploits are dangerous for shared CPUs for things like cloud service providers that may have multiple users on the same cluster of machines. I doubt there will be such a serious vulnerability that Apple has obsolete the 2013 Mac Pro early.
 
  • Like
Reactions: MisterAndrew

AidenShaw

macrumors P6
Feb 8, 2003
18,667
4,677
The Peninsula
These exploits are dangerous for shared CPUs for things like cloud service providers that may have multiple users on the same cluster of machines. I doubt there will be such a serious vulnerability that Apple has obsolete the 2013 Mac Pro early.
I agree. The biggest issue is that a malicious VM on a cloud service can get to memory for other VMs on the same cloud system. That's really not a serious risk for single user workstations - even if they run VMs.
 

chrfr

macrumors G5
Jul 11, 2009
13,716
7,290
Since there will be no microcode update issued for those processors that may be the reason support for those [2012] Macs was dropped from Big Sur.
I think you're reading too much into Apple's motivations. Apple still will be supplying security updates to the 2012 computers via Catalina for 2 more years, even if the CPU doesn't get a microcode update.
 
  • Like
Reactions: MisterAndrew

MisterAndrew

macrumors 68030
Original poster
Sep 15, 2015
2,895
2,390
Portland, Ore.
I received this official response from Intel regarding the support status of the CPUs.

"After looking into the microcode 0x42E, I can see that you are running the system with the most recent version offered by Intel. It is always a good practice to have the system’s firmware and drivers from Apple up to date. Finally, if you have more questions about the microcode updates please contact us.

NOTE: The Intel Xeon Processor E5-1680 v2 was launched back on Q3'13 and it will be discontinued as of July 1, 2020. Keep in mind that all warranty questions related to prebuild systems should be referred to the Original Equipment Manufacturer (OEM)."

On the support page for the Intel® Xeon® Processor E5 v2 Family it says, "Intel will discontinue interactive support for these Intel® Xeon® Processors as of July 1, 2020. Effective on this date, Intel Customer Support agents will no longer provide technical support via telephone, chat, web ticket, forum, or email inquiries for these products."

The page titled Customer Support Options for Discontinued Intel® Processors lists the support end date for each processor family.

The strange part is that support is ending for Sandy Bridge processors released in 2012 on the same date. You would think support for Ivy Bridge processors released in 2013 and 2014 would end at a later date. Therefore it appears support doesn't end at a certain time after launch, but rather whenever they feel like it.
 
Last edited:

ScreenSavers

macrumors 68020
Feb 26, 2016
2,125
1,677
Bloomingdale, GA
The Mac Pro 6,1 will get Big Sur. Apple says “see if your Mac WILL get Big Sur” so that means it will. Remember, these were sold as the newest Mac Pro for power users until December 2019. Expect at least one or two more OS updates.

BTW running in on my 12 core 6,1 and performance is great. I know that has nothing to do with microcode updates but the machine is very capable.
 
  • Like
Reactions: MisterAndrew
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.