MP 1,1-5,1 Going crazy with Mac Pro 2010

[tsialex]

To the te: stop using windows in uefi mode, you can mess up your Macs boot rom with certificates, going to the point it wont start no more.

Check for certificates in the Mac Pro forum for details.

This statement is incorrect. There is only one way to SecureBoot cause a brick on itself, when you still are on BootROM MP51.0087.B00, the one without microcodes. Without microcodes, Windows crashes when saving the SecureBoot data, causing NVRAM corruption.

Outside this nowadays very remote scenario, the certificates, DB/PKs and etc, that SecureBoot saves inside the NVRAM don't cause the bricks, it's a red-herring for a more serious problem, the fragmentation of the NVRAM.

A fragmented NVRAM is what cause the bricks. SecureBoot just exacerbate the fragmentation since the certificates, databases, public keys and etc need considerable space. Once the fragmentation of the NVRAM "filesystem" starts, older entries are not being deleted anymore and when your NVRAM free space ends, you can't change boot disks anymore for example.

The first symptom that people notice is not being capable of changing the default boot disk, after noticing this very soon you will corrupt the NVRAM volume totally and you won't boot anymore. Another problem of a fragmented NVRAM is that you will erase and write sectors inside the SPI flash memory much more rapidly than what the hardware design expects and failure of the SPI flash memory for excessive erase/write cycles is now a problem.

So, it's not the SecureBoot data saved on the NVRAM, but the fragmentation of the NVRAM after 9, 10 or 11 years of usage.

SecureBoot certificates and etc are not what cause the bricks, it just exacerbate an existing problem.

 

[toke lahti]

you will find it here (U8700):

View attachment 905227


mostly:

4,1 (2009) MX25L3205(A)
5,1 (2010) MX25L3205D/MX25L3208D
5,1 (2012) MX25L3206E

Which one of those 3 is this?

 

[tsialex]

View attachment 1660712
Which one of those 3 is this?

SST25VF032B is the most common used SPI flash for early-2009 Mac Pros from factory. Almost all early-2009 Mac Pros with build date within 2009 have it. ROMTool/flashrom identifies this SPI flash memory model automatically.

The second-source/alternate SPI flash memory for early-2009 Mac Pros is the MX25L3206E.

 

[toke lahti]

SST25VF032B is the most common used SPI flash for early-2009 Mac Pros from factory. Almost all early-2009 Mac Pros with build date within 2009 have it. ROMTool/flashrom identifies this SPI flash memory model automatically.

The second-source/alternate SPI flash memory for early-2009 Mac Pros is the MX25L3206E.

You seem to have deep knowledge of this "firmware messed" topic.
Could you help me with this?

How do I check if my fw is fragmented?
And if it is, how do I defragment it?
If it isn't fragmented, is there any fear in installing those windows certificates?
Fw version is now 144.(+lots of zeros and dots.)

I'm a bit amazed that 9/10 guides says "DO NOT install win10 in EFI mode, it will mess your fw".

The Definitive Classic Mac Pro (2006-2012) Upgrade Guide

The largest/most-complete guide to all possible classic Mac Pro upgrades covering OS, Firmware, GPU, CPU, Storage, USB, THunderbolt and Network upgrades.

blog.greggant.com

:"Installing Windows via USB installers is not recommended as it has managed to mess up some people's Mac Pros as it tries to install in UEFI mode. Installing off an optical disk runs in legacy mode. Legacy mode is required for Mac Pro compatibility unless running OpenCore."
Is there a mistake in that text?
How does EFI mode not mess up the fw with OpenCore? OpenCore somehow blocks the installation from messing up the fw? All this is misinformation?

or

Classic Mac Pro (5,1): installing Windows 10, switching between macOS Mojave & Windows without boot screen - CrystalIDEA Blog

crystalidea.com

:"Warning: DO NOT install Windows from a USB flash drive. It has been discovered that Windows when installed in EFI mode is corrupting the Mac Pro’s firmware by signing it with multiple Secure Boot (X.509) certificates."
Again, just hoax?

Then now, I'm trying to find out how to install win10 to its own drive in mp5,1(was4,1) witch will use gtx760, but now has 5770-non-apple-version. Or both inside, if win10 runs like that. (I had them years in mp3,1 and it was not a problem for osX.)

Do I need OpenCore to choose to boot to win10 or macos?
How would you install win10 to this config?
I might want to use VB version, so I could run win10 in virtual mode or in physical mode.
Does that mean I need to have "legacy install", so OpenCore is out of question?
But with the help of

 

[tsialex]

You seem to have deep knowledge of this "firmware messed" topic.
Could you help me with this?

How do I check if my fw is fragmented?
And if it is, how do I defragment it?
If it isn't fragmented, is there any fear in installing those windows certificates?
Fw version is now 144.(+lots of zeros and dots.)

I'm a bit amazed that 9/10 guides says "DO NOT install win10 in EFI mode, it will mess your fw".

The Definitive Classic Mac Pro (2006-2012) Upgrade Guide

The largest/most-complete guide to all possible classic Mac Pro upgrades covering OS, Firmware, GPU, CPU, Storage, USB, THunderbolt and Network upgrades.

blog.greggant.com

:"Installing Windows via USB installers is not recommended as it has managed to mess up some people's Mac Pros as it tries to install in UEFI mode. Installing off an optical disk runs in legacy mode. Legacy mode is required for Mac Pro compatibility unless running OpenCore."
Is there a mistake in that text?
How does EFI mode not mess up the fw with OpenCore? OpenCore somehow blocks the installation from messing up the fw? All this is misinformation?

or

Classic Mac Pro (5,1): installing Windows 10, switching between macOS Mojave & Windows without boot screen - CrystalIDEA Blog

crystalidea.com

:"Warning: DO NOT install Windows from a USB flash drive. It has been discovered that Windows when installed in EFI mode is corrupting the Mac Pro’s firmware by signing it with multiple Secure Boot (X.509) certificates."
Again, just hoax?

Then now, I'm trying to find out how to install win10 to its own drive in mp5,1(was4,1) witch will use gtx760, but now has 5770-non-apple-version. Or both inside, if win10 runs like that. (I had them years in mp3,1 and it was not a problem for osX.)

Do I need OpenCore to choose to boot to win10 or macos?
How would you install win10 to this config?
I might want to use VB version, so I could run win10 in virtual mode or in physical mode.
Does that mean I need to have "legacy install", so OpenCore is out of question?
But with the help of

The fragmentation process that self destroy the NVRAM volume and bricks a Mac Pro was first observed back in 2018 when I started to investigate dumps extracted from bricked Mac Pros.

At the beginning, it was very poorly understood and we (me and @h9826790) thought that what was causing the bricks was just SecureBoot + the crash caused by the missing microcodes of MP51.0087.B00. Some time later, I started to notice that bricks were happening even with Mac Pros that never had MP51.0087.B00 nor Windows. Took lot's of different Mac Pro dumps and months to track what was really going on. SecureBoot is just a red-herring like I explained before lot's of times, including here on this thread. Anyway you can read the full story following my posts on the BootROM thread.

Firmware fragmentation is not easy to check, to see it you have to know what is being written repeatedly and most importantly where is being written on the NVRAM volume, this varies from Mac to Mac, the easiest to notice is MemoryConfig. It's definitively not an end-user task.

Windows 10 UEFI should only be installed with a clean/reconstructed BootROM and with OpenCore blocking SecureBoot.

 

[tsialex]

Btw, the easiest Mac Pro to brick is an early-2009 Mac Pro cross-flashed to MP5,1 via MacEFIROM tools (Netkas forum method).

This way of cross-flashing just upgrade the EFI part of the BootROM - NVRAM, BootBlock and the hardwareIDs inside the 3rd and 4th stores of the NVRAM volume are all kept as is. In resume, only the EFI really is upgraded to the MP5,1 standard while all the rest is still MP4,1, this is why is so much more common to have early-2009 bricks.

 

[toke lahti]

The fragmentation process that self destroy the NVRAM volume and bricks a Mac Pro was first observed back in 2018 when I started to investigate dumps extracted from bricked Mac Pros.

At the beginning, it was very poorly understood and we (me and @h9826790) thought that what was causing the bricks was just SecureBoot + the crash caused by the missing microcodes of MP51.0087.B00. Some time later, I started to notice that bricks were happening even with Mac Pros that never had MP51.0087.B00 nor Windows. Took lot's of different Mac Pro dumps and months to track what was really going on. SecureBoot is just a red-herring like I explained before lot's of times, including here on this thread. Anyway you can read the full story following my posts on the BootROM thread.

Firmware fragmentation is not easy to check, to see it you have to know what is being written repeatedly and most importantly where is being written on the NVRAM volume, this varies from Mac to Mac, the easiest to notice is MemoryConfig. It's definitively not an end-user task.

Windows 10 UEFI should only be installed with a clean/reconstructed BootROM and with OpenCore blocking SecureBoot.

Okay, will check "BootROM" thread, if I can find it.

OpenCore blocks SecureBoot, checked, thanks for that info!

Any advice what should I do with win10 install?

 

[toke lahti]

Btw, the easiest Mac Pro to brick is an early-2009 Mac Pro cross-flashed to MP5,1 via MacEFIROM tools (Netkas forum method).

This way of cross-flashing just upgrade the EFI part of the BootROM - NVRAM, BootBlock and the hardwareIDs inside the 3rd and 4th stores of the NVRAM volume are all kept as is. In resume, only the EFI really is upgraded to the MP5,1 standard while all the rest is still MP4,1, this is why is so much more common to have early-2009 bricks.

Is there any other way to do it than MacEFIRom's (which I did use)?
I first installed 10.9 in mp4,1, then fw upgrade and then 10.11, 10.13 & 10.14.
In every hop there was a fw upgrade. Are those "partial" or the whole BootROM?

 

[tsialex]

Is there any other way to do it than MacEFIRom's (which I did use)?

Reconstruction, but it's no an end user method.

I first installed 10.9 in mp4,1, then fw upgrade and then 10.11, 10.13 & 10.14.
In every hop there was a fw upgrade. Are those "partial" or the whole BootROM?

Apple tools upgrade just the EFI part of the BootROM image.

 

[toke lahti]

How do I know if win10 install is going to be EFI or legacy?
Installing from dvd will always result legacy?
From usb always EFI?

Is it just if the target drive is MBR -> legacy install
and
GPT -> EFI install?

 

[kkinto]

I used this tool to make a ROM backup of Mac Pro 5,1 2010. It also gave me the "EEPROM has multiple definitions..." dialog as above. I didn't want to look inside and pull stuff out to get at the chip area and see what it was so I did it 3 times, each time using a different model number selection.

The resulting files seem identical with Beyond Compare. Are they? Is doing it 3x enough to ensure I have a backup for the future? Or do I have to actually identify the chip first? As this is an "in case" backup I just want to be 100% sure I have a backup of the ROM.

From reading above it seems that identifying the chip is more important for the reverse process (flashing or re-flashing) in which case the chip will be out of the Mac anyway. Is that a correct assumption?

Thanks

 

[tsialex]

I used this tool to make a ROM backup of Mac Pro 5,1 2010. It also gave me the "EEPROM has multiple definitions..." dialog as above. I didn't want to look inside and pull stuff out to get at the chip area and see what it was so I did it 3 times, each time using a different model number selection.

The resulting files seem identical with Beyond Compare. Are they? Is doing it 3x enough to ensure I have a backup for the future? Or do I have to actually identify the chip first? As this is an "in case" backup I just want to be 100% sure I have a backup of the ROM.

From reading above it seems that identifying the chip is more important for the reverse process (flashing or re-flashing) in which case the chip will be out of the Mac anyway. Is that a correct assumption?

Thanks

Sent you a PM.

 

[Nguyen Duc Hieu]

Any advice what should I do with win10 install?

You can install windows 10 to an SSD in a PC, then move the SSD to the MP5,1.

 

[tsialex]

You can install windows 10 to an SSD in a PC, then move the SSD to the MP5,1.

Bad advice, if the PC is UEFI, probably all post 2013-ish PCs are UEFI computers, the install will be an UEFI Windows install and when you move the drive to the Mac Pro, the SecureBoot signing will happen instantly?

 

[Dayo]

How do I know if win10 install is going to be EFI or legacy?

Terve ... you are already aware of one method: https://forums.macrumors.com/threads/thread.2250317

 

[Nguyen Duc Hieu]

Bad advice, if the PC is UEFI, probably all post 2013-ish PCs are UEFI computers, the install will be an UEFI Windows install and when you move the drive to the Mac Pro, the SecureBoot signing will happen instantly?

I don't have any PC newer than the HP Prodesk 600 G1. On that PC, I can choose whether to partition the disk as MBR or UEFI.

 

[toke lahti]

Terve ... you are already aware of one method: https://forums.macrumors.com/threads/thread.2250317

I guess you might have an opinion to this:
Would it be easiest for moderate user, just to forget beautiful simpliness, like "one OS to on drive"?
SSD's are getting cheaper (at least if the seller isn't Apple), and Apple insists that everything should be done within the internal non-replaceable expensive ssd.
Prerequisite to get support for macOS problems is now that homedir has to be in the boot drive.
Windows can be officially bootcamped only to the same drive where macOS is.

After spending too many hours to get windows working with separate disk both in mini and mp, I suddenly thought if it's all worth it?

With my mini2018 I now have macOS installed in internal (I never use it, too small to fit everything needed), external ssd (homedir) and external hdd (extension of the homedir). Why not to install macOS to every fraking drive, if it makes Apple happy. Maybe they like some statistics on how many installations have been done. Even if you never use it.

Just to be sure: there's no "official" installation method of linux to macs?

 

[MarkC426]

Personally I would never install windows full stop, but that’s another story....?
I have always put OS’s on different drives.
With windows especially so, I wouldn’t want any Microsoft crap infecting my MacOS.