Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MP 1,1-5,1 Mac Pro 5,1 MDS vulnerability information thread
- Thread starter MisterAndrew
- WikiPost WikiPost
- Start date
- Sort by reaction score
- Status
I found this posting on another forum on how to read the info from the MDSTool app. Someone made an infographic that shows how to tell if a particular vulnerability is mitigated or not. For MDS it shows if MD_CLEAR is green then it is mitigated. With SMT green I'm not sure if that means it is mitigated, but it could be.
https://www.techpowerup.com/forums/threads/an-attempt-to-decipher-mdstool.255881/
https://www.techpowerup.com/forums/threads/an-attempt-to-decipher-mdstool.255881/
What's kind of alarming is that according to the readout I got the Westmere CPUs are vulnerable to Spectre variant 2 attacks regardless if SMT is disabled. I thought that was mitigated with an earlier microcode update.
Maybe someone else can confirm, but BELIEVE it's only mitigated with microcode AND software/OS update in combination. Microcode update alone does not mitigate.
I ran the MDSTool on my MacBook Pro 9,1 and it shows everything is mitigated except for Direct Branch Speculation. Except I'm not sure about Foreshadow (L1 Terminal Fault). It shows L1d Flush as available in yellow. Hopefully the OS is taking care of that. It has the latest Ivy Bridge microcode 0x21 (33) so Apple included that with 10.14.5, so I'm assuming those with a Mac Pro 6,1 are in good shape.
[doublepost=1559252506][/doublepost]
I think it depends on the processor, but the MDSTool should be taking both into consideration.
[doublepost=1559252506][/doublepost]
I think it depends on the processor, but the MDSTool should be taking both into consideration.
Thank you!
that looks like a simple problem, now I'm struggling to work out how to update the firmware.
from best i can tell that should have happened as i upgraded to Mojave. but it didn't.
I am not sure how i upgraded but it's on a 1TB APFS formatted Samsung 850EVO in an OWC MountPro2.5 in the 4th drive bay (not PCIE).
I (think I) have reset the NVROM by holding the P+R+cmd+option as it started until it chimed 4 times then released. (it then chimed a 5th time). but the bootrom did not update spontaneously after that.
Do I really need to erase the whole SSD, reinstall Mojave from a Mojave installer just to see if maybe that works? Or is there a simple procedure for updating from 140.0.0.0.0 to 144.0.0.0.0? something like a firmware updater?
thanks for any additional insights!
Robert
Thank you that helped! Basically I just had to download the latest Mojave installer, open that which instructed me to press a button to shut down, boot up while holding the power button until long beep and then wait. When it rebooted and prompted to install Mojave (which is already installed) I canceled the installer. Meanwhile 144.0.0.0.0 was updated.
Perfect, thank you!
It depends on your comfort level. I’ve read these recently discovered vulnerabilities are more serious than the Spectre and Meltdown vulnerabilities discovered earlier. The CPUs in the 5,1 are vulnerable to Spectre and MDS attacks. I don’t personally feel comfortable using hardware that has known un-patched vulnerabilities.
Hardware will always have unpatched vulnerabilities. RAMBleed showed us today that.
The question is if the vulnerability can be exploited or not. Most MDS can’t be easily exploited, except those that were mitigated by patching the browser JavaScript engine. I would be very worried in two years, when Apple stops the security updates for Mojave, not now.
I don’t think that’s a very good way to look at it. Newer supported hardware will receive mitigations, but cMP hardware won’t receive any more patches. As additional vulnerabilities are uncovered the security risk will continue to increase.
According to Intel most DDR4 is resistant to RAMBleed, especially ECC.
According to Intel most DDR4 is resistant to RAMBleed, especially ECC.
If you have means to buy a new system, then go for it and have peace of mind. People who don't, my case, will have to mitigate it.
RAMBleed developers and Intel seems to be speaking different things about it and with past disclosures, Intel seems to downplay everything. I don't doubt that they are doing the same now.
My mitigation strategy is to switch back to Firefox with NoScript and cross my fingers. It’s not like I execute a lot of other untrusted code.
I'm not the most savvy guy on this forum but installing/enabling these mitigations are only going to slow down your mac pro and thats pretty much it. I've ran linux with all mitigations turned off on a machine and I have yet to see any negative repercussions. Maybe someday...
Disabled hyperthreading on my MacPro5,1 last night and threw a few tests at it. Frankly, as I do most of my encoding with NVENC under Windows before passing it on, the extra couple of minutes on a CPU Handbrake encode under macOS is really no big deal for me. Somebody asked for a comparative Geekbench I think (might be dreaming) but here we are:
Single-Core Score: 2968 (Enabled), 2966 (Disabled)
Multi-Core Score: 24773 (Enabled), 22572 (Disabled)
Reusing an older result for the enabled tests, but the hardware hadn't changed and still on 10.13.6 (17G6029 for enabled and 17G8029 for disabled). I should probably retest in case the multicore drop is due to other changes in the latest 10.13.6 (2019-4) but it's a reasonable ballpark, I guess.
Standard desktop use of the system I've noticed no difference in performance at all, but then it's got twelve physical cores to play with anyway.
UPDATE: I forgot to say, disabling SMT appears to be honoured under Boot Camp Windows 10 as well. Certainly mdstool and Task Manager report results in line with there being 12 cores and 12 threads.
Single-Core Score: 2968 (Enabled), 2966 (Disabled)
Multi-Core Score: 24773 (Enabled), 22572 (Disabled)
Reusing an older result for the enabled tests, but the hardware hadn't changed and still on 10.13.6 (17G6029 for enabled and 17G8029 for disabled). I should probably retest in case the multicore drop is due to other changes in the latest 10.13.6 (2019-4) but it's a reasonable ballpark, I guess.
Standard desktop use of the system I've noticed no difference in performance at all, but then it's got twelve physical cores to play with anyway.
UPDATE: I forgot to say, disabling SMT appears to be honoured under Boot Camp Windows 10 as well. Certainly mdstool and Task Manager report results in line with there being 12 cores and 12 threads.
Last edited:
Disabled hyperthreading on my MacPro5,1 last night and threw a few tests at it. Frankly, as I do most of my encoding with NVENC under Windows before passing it on, the extra couple of minutes on a CPU Handbrake encode under macOS is really no big deal for me. Somebody asked for a comparative Geekbench I think (might be dreaming) but here we are:
Single-Core Score: 2968 (Enabled), 2966 (Disabled)
Multi-Core Score: 24773 (Enabled), 22572 (Disabled)
Reusing an older result for the enabled tests, but the hardware hadn't changed and still on 10.13.6 (17G6029 for enabled and 17G8029 for disabled). I should probably retest in case the multicore drop is due to other changes in the latest 10.13.6 (2019-4) but it's a reasonable ballpark, I guess.
Standard desktop use of the system I've noticed no difference in performance at all, but then it's got twelve physical cores to play with anyway.
UPDATE: I forgot to say, disabling SMT appears to be honoured under Boot Camp Windows 10 as well. Certainly mdstool and Task Manager report results in line with there being 12 cores and 12 threads.
Very encouraging!
I'll do the same and post back; I'll also run some After Effects tests (my primary use case) to see how that shakes things down.
Benchmarks show very little impact. Real-world I'm noticing about a 10-20% performance hit with Apple's MDS (partial) mitigation method. AE CC 2019 is closer to 15-20% on some true output renders. Working renders are not always that much slower, really depends on effects, cache, stacking, and any pre-renders. Media Encoder is generally about 10-15% slower. Reported exact results in another thread.
Disabled hyperthreading on my MacPro5,1 last night and threw a few tests at it. Frankly, as I do most of my encoding with NVENC under Windows before passing it on, the extra couple of minutes on a CPU Handbrake encode under macOS is really no big deal for me. Somebody asked for a comparative Geekbench I think (might be dreaming) but here we are:
Single-Core Score: 2968 (Enabled), 2966 (Disabled)
Multi-Core Score: 24773 (Enabled), 22572 (Disabled)
Reusing an older result for the enabled tests, but the hardware hadn't changed and still on 10.13.6 (17G6029 for enabled and 17G8029 for disabled). I should probably retest in case the multicore drop is due to other changes in the latest 10.13.6 (2019-4) but it's a reasonable ballpark, I guess.
Standard desktop use of the system I've noticed no difference in performance at all, but then it's got twelve physical cores to play with anyway.
UPDATE: I forgot to say, disabling SMT appears to be honoured under Boot Camp Windows 10 as well. Certainly mdstool and Task Manager report results in line with there being 12 cores and 12 threads.
Geekbench tests only do cores.
If you try Cinebench, this uses threads so you will see a difference.
It depends if your daily activities are multi-threaded.
If I get some time I'll do a comparative run with Cinebench.
There are no known attack methods in the wild as yet, but I would imagine someone will come up with a malicious website exploit eventually. It probably already exists, but it's not in the hands of folks who'd risk wasting it on regular Joes such as myself.