MP 1,1-5,1 MacPro5,1: BootROM thread | 144.0.0.0.0

[tsialex]

Intel just published the Intel Microcode Guidance for May 2019:

The important thing is that Intel will not update microcodes for any Xeons used in MP5,1.

 

[Squuiid]

Intel just published the Intel Microcode Guidance for May 2019:

The important thing is that Intel will not update microcodes for any Xeons used in MP5,1.

View attachment 836969

As long as HyperThreading can be disabled outright by the OS then perhaps the lack of microcode updates by Intel won’t be an issue.

I’d rather lose performance and have a safe(r) system than the other way around.

 

[tsialex]

As long as HyperThreading can be disabled outright by the OS then perhaps the lack of microcode updates by Intel won’t be an issue.

I’d rather lose performance and have a safe(r) system than the other way around.

You can always re-enable hyper-threading and disconnect form the Internet when doing CPU intensive tasks…

BTW, pressure on Intel made them modify the processors that would have new microcodes before, let's see what will happen.

 

[Spacedust]

Still don't know how to update. On 10.9.5 it requires now 10.13.6.

From 10.13.6 it doesn't work. From 10.14.5 it doesn't work as well.

I don't want to reconstruct myself.

 

[LightBulbFun]

I wonder if the boot-arg that disabled HT does so at an OS X level or at a Firmware level, will have to play with it and boot into windows and see

 

[tsialex]

I wonder if the boot-arg that disabled HT does so at an OS X level or at a Firmware level, will have to play with it and boot into windows and see

From last page…

How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities

Note: The full mitigation is not enabled while using Boot Camp to run Windows on a Mac.

 

[tsialex]

There's more security vulnerabilities being divulged today:

RIDL and Fallout: MDS attacks

Fallout paper: https://www.cs.vu.nl/~herbertb/download/ridlers/files/fallout.pdf

RIDL paper: https://mdsattacks.com/files/ridl.pdf

 

[Spacedust]

Finally it worked. I've placed Mavericks HDD in slot 1 and installed all HS updates. Then rebooted pressing the power button and boom 144.0.0.0 installed. GPU used: flashed HD7870.

 

[w1z]

Apple's take on these recent vulnerabilities

https://support.apple.com/en-us/HT210107
https://support.apple.com/en-us/HT210108

Edit: just noticed @tsialex posted the full mitigation - cheers mate!

For those with SIP disabled or partially enabled without nvram protection, you can run the commands from within Mojave. Just add sudo to the 2 commands and reboot.

[doublepost=1557862731][/doublepost]

Intel just published the Intel Microcode Guidance for May 2019:

The important thing is that Intel will not update microcodes for any Xeons used in MP5,1.

Intel needs to be sued to smithereens ... I'm done with them and their CPUs. Moving forward, it's AMD or ARM for me.

Quoting https://mdsattacks.com/ :

Ironically, the recent hardware countermeasures introduced by Intel in recent Coffee Lake Refresh i9 CPUs to prevent Meltdown make them more vulnerable to Fallout, compared to older generation hardware.

 

[flowrider]

Third party SSD boot times with APFS are always slow with trim enabled. I suspect the system ALWAYS updates the trim list to make sure, it was not booted without trim from another boot.

I have both AHCI in an Angelbird and NVME in I/O Crest. My boot times are noticeably faster with the AHCI drive.

Lou

 

[LightBulbFun]

alright heres some interesting info

the nvram variable to disable HT, does so at a firmware level and works in all OS as a result, whats interesting is, when I set the NVRAM variable and rebooted, instead of the MP doing a normal warm reboot, it fully shut down with a Click of the Relay, then clicked back on, exactly like what happens during a BootROM update

in fact it disables it so well, that Hwinfo64 cant tell the CPU supports HT

(Hwinfo64 will normally show the feature as Red if its supported by the CPU but disabled by something)

and heres my CPU-Z validation http://valid.x86.fr/j0xr1z



speaking of CPU-Z validations while validating my MacPro5,1, in the recent validations I spotted a Dual CPU X5675 MacPro5,1 running BR 144, but a GTX 980 Ti IIRC, I wonder if that was anyones Mac Pro here?

 

[tsialex]

Apple already put the blame on Intel about the lack of microcodes…

 

[MarkC426]

Without going off-topic, what exactly would be the signs of such an attack (in laymans terms)?

 

[LightBulbFun]

BTW for comparisons here is a CPU-Z validation i did when 144 came out, with HT enabled (you can compare the benchmark numbers) http://valid.x86.fr/k29j50

 

[tsialex]

Without going off-topic, what exactly would be the signs of such an attack (in laymans terms)?

The first vector of attack and the POC is webpages stealing data. Like a JavaScript code crafted to steal the keychain.

Since today’s security vulnerabilities are much more faster to steal data from side channel attacks, we will see this in the wild being using by the bad guys a lot sooner than Meltdown/Spectre.

 

[Squuiid]

The first vector of attack and the POC is webpages stealing data. Like a JavaScript code crafted to steal the keychain.

Yep, it’s pretty bad.

 

[tsialex]

Yep, it’s pretty bad.

A security researcher talked today that Meltdown/Spectre attacks were serious but impractical since the exfiltration rate is in the low KB per day. Today's side channel attacks are exponentially faster.

 

[bsbeamer]

Not that it means anything, but there is no official Apple mention of mid-2012 Mac Pro being unsupported. Processors were/are basically the same, except for entry level config. Looks like Apple is trying to publicly push this as 2010-era machines being impacted when in reality several others likely are.

 

[nobullone1964]

I go through this each time since using Mojave. I install from my external USB drive. I click install macOS. It says I need the Rom update and I hit the power icon below. It just sits there. Is this supposed to take awhile? I am on rom 141, but I'm always surprised by the update. After the machine sits in that mode waiting to reboot, I would wait 10-15 minutes and power down. Then power on holding the button until I get the lights and long tone, then iy chimes and goes in. It's hit or miss with me. I'm trying to get the latest rom 144. Any help? Alex?

 

[tsialex]

I go through this each time since using Mojave. I install from my external USB drive. I click install macOS. It says I need the Rom update and I hit the power icon below. It just sits there. Is this supposed to take awhile? I am on rom 141, but I'm always surprised by the update. After the machine sits in that mode waiting to reboot, I would wait 10-15 minutes and power down. Then power on holding the button until I get the lights and long tone, then iy chimes and goes in. It's hit or miss with me. I'm trying to get the latest rom 144. Any help? Alex?

Don't upgrade firmware from USB installer, do it from macOS. Read here to know what you have to do: MP5,1: What you have to do to upgrade to Mojave (BootROM upgrade instructions)

 

[zozomester]

Don't upgrade firmware from USB installer, do it from macOS. Read here to know what you have to do: MP5,1: What you have to do to upgrade to Mojave (BootROM upgrade instructions)

I also had a with USB installer. True I switched it off. Worked....

 

[mavots]

If you go to the first page and click on the first appearance of the 144 firmware, go to that page and read tho whole page you will see the differences between 142 and 144 .

Thanks, I already read the first page sticky notes.
I saw some changes listed for the previous beta version:

Lots of EFI modules changed:

• IoTrap
  
• UsbBus.dxe, UhciDxe
  
• DxeMain, UndiRuntimeDxe
  
• HfsPlus.efi, APFSJumpStart, LegacyBootFS.efi
  
• PchSerialGpio, PchSmbusDxe, PchSpiRuntime.efi, PchSmiDispatcher
  
• SataController
  
• SmbiosMisc
  
• AppleGraphicsPolicy.efi

Which of these changes are important to a Mac Pro and make an noticeable improvement?

Thanks.

 

[tsialex]

Thanks, I already read the first page sticky notes.
There was no list of benefits, just a minor numeric change.

After reading through this thread the last couple of days, i still do not see any compelling reason to update the BOOT Rom just because one can.
My question still remains, what benefit does 144 provide???

Thanks.

Apple don't provide any release notes for firmware.

Everything that is know was found by users that noticed changes like faster booting with some configurations or by me extracting the modules and comparing with previous releases and poking inside out.

You won't find anything more complete than this post. #3326 Btw, this post is linked on the first page.

 

[mavots]

Apple don't provide any release notes for firmware.

Everything that is know was found by users that noticed changes like faster booting with some configurations or by me extracting the modules and comparing with previous releases and poking inside out.

You won't find anything more complete than this post. #3326 Btw, this post is linked on the first page.

You beat me to it. I just updated my message. I had seen that list but am not sure how it applies. Updating the BOOT Rom is not hard, I just wonder if I can skip some versions. or is there a compelling reason to update?

Thanks

 

[tsialex]

You beat me to it. I just updated my message. I had seen that list but am not sure how it applies. Updating the BOOT Rom is not hard, I just wonder if I can skip some versions. or is there a compelling reason to update?

Thanks

To update or not is a question that only you can answer. Apple requires that you have the current BootROM if you are doing a clean install of 10.14.5. If you are not doing a clean install, you can stay as you are.

Every BootROM release changes things here and there, but from 141.0.0.0.0 to 144.0.0.0.0 there are a lot of changes and corrections, like to the unbootable problem that plagued some users here.

There are even security changes with this release, Apple is cryptical as always but it's the EFI part on the security notes for 10.14.5: macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra