Yesterday I forgot to check if BBS adds the 4th store/stream of the NVRAM. Re-checking it, I found that BBS does 2 things:
- Fills the empty 3rd stream with Fsys + SSN + checksum,
- Fills the empty 4th stream with Gaid + EOF + checksum.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MP 1,1-5,1 MacPro5,1: BootROM thread | 144.0.0.0.0
- Thread starter tsialex
- WikiPost WikiPost
- Start date
- Sort by reaction score
- Status
Yesterday I forgot to check if BBS adds the 4th store/stream of the NVRAM. Re-checking it, I found that BBS does 2 things:
Besides some internal tools that still use it, I think that the last product to use a Chicago based font was some iPod, maybe iPod
Last edited:
People who worry too much about hyper-threading flaw or the newly discover intel vulnerabilities should probably take a look at this article
Some scary stuff in there. Wonder what magical items they’re using currently.
Cool, then maybe the Xserve 6-core issue is solved then. Can you write a custom patcher for that? so we don't have to free up this version of BBS into the wild
[doublepost=1560775331][/doublepost]
Why for if even iCloud works after BBS inputs a serial number? So do Appstore downloads etc.
It's on the wild, just search for it. Anyway, it's useless since it won't fill enough hardwareIDs to make a Mac login with iCloud/iMessage/FaceTime.
[doublepost=1560775470][/doublepost]
A replacement board from Apple has all hardwareIDs except SSN/HWC/SON, so it will work after BBS inserts the SSN. A backplane flashed with a generic MP51.fd has none.
So maybe xServe is way different then, since on a 144 boot rom it worked for me on 3 different logicboards. Maybe you're using the wrong/old version of it. Do you need the two dumps for comparison, a blank one and after my BBS one?
[doublepost=1560775971][/doublepost]
Since it is an xServe, it was manually dirty flashed with an MP51.fd, so i doubt any useful info left inside afterwards.
If you are flashing a generic MP51.fd and then you can login with iMessage, post a screenshot of NVRAM Fsys and the last sector of the BootROM.
10.15 DP2 build 19A487l, MP5,1 blocked as expected.
No firmware for non BridegeOS Macs was released with this DP.
BridgeOS got updated:
[doublepost=1560793600][/doublepost]Release Notes: https://developer.apple.com/documen...tes/macos_catalina_10_15_beta_2_release_notes
No firmware for non BridegeOS Macs was released with this DP.
BridgeOS got updated:
[doublepost=1560793600][/doublepost]Release Notes: https://developer.apple.com/documen...tes/macos_catalina_10_15_beta_2_release_notes
If you are easily impressed, I advise you to not see the following binwalk, it's shocking 
I didn't even knew that a NVRAM could store 20 KPs…
Code:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
243907 0x3B8C3 BIOS version: MP51.88Z.F000.B00.1904121248
768195 0xBB8C3 BIOS version: MP51.88Z.F000.B00.1904121248
1179688 0x120028 NVRAM start of the 1st VSS stream
1179766 0x120076 NVRAM MemoryConfig type: (j)
1181218 0x120622 NVRAM PanicInfo Log B
1181507 0x120743 NVRAM PanicInfo Log B
1182463 0x120AFF NVRAM SIP state, type: (w)
1182586 0x120B7A NVRAM PanicInfo Log B
1183424 0x120EC0 NVRAM PanicInfo Log B
1184262 0x121206 NVRAM PanicInfo Log B
1185100 0x12154C NVRAM PanicInfo Log B
1185938 0x121892 NVRAM PanicInfo Log B
1186776 0x121BD8 NVRAM PanicInfo Log B
1187614 0x121F1E NVRAM PanicInfo Log B
1190253 0x12296D NVRAM MemoryConfig type: (i)
1193323 0x12356B NVRAM PanicInfo Log
1196152 0x124078 NVRAM MemoryConfig type: (g)
1198200 0x124878 NVRAM MemoryConfig type: (h)
1245255 0x130047 NVRAM start of the 2nd VSS stream
1245302 0x130076 NVRAM MemoryConfig type: (j)
1246754 0x130622 NVRAM PanicInfo Log B
1247043 0x130743 NVRAM PanicInfo Log B
1247999 0x130AFF NVRAM SIP state, type: (w)
1248122 0x130B7A NVRAM PanicInfo Log B
1248960 0x130EC0 NVRAM PanicInfo Log B
1249798 0x131206 NVRAM PanicInfo Log B
1250636 0x13154C NVRAM PanicInfo Log B
1251474 0x131892 NVRAM PanicInfo Log B
1252312 0x131BD8 NVRAM PanicInfo Log B
1253150 0x131F1E NVRAM PanicInfo Log B
1255789 0x13296D NVRAM MemoryConfig type: (i)
1258859 0x13356B NVRAM PanicInfo Log
1261688 0x134078 NVRAM MemoryConfig type: (g)
1343518 0x14801E HardwareID Base_xx: 19
1345188 0x1486A4 HardwareID 11-digits SSN: xxxxxxxxxxx
1345205 0x1486B5 HardwareID 3-digit HWC model: 20H
1416827 0x159E7B BIOS version: MP51.88Z.F000.B00.1904121248
1614976 0x18A480 Apple NVMe EFI Module
4128867 0x3F0063 BootBlock version: AAPLEFI1.88Z.0005.I00.1010071430
4194000 0x3FFED0 HardwareID MLB/LBSN: xxxxxxxxxx, BuildDate: 091012091012I didn't even knew that a NVRAM could store 20 KPs…
why does the bootrom save things like memory config & KP's?
Last edited:
Is there a post that describes the best way to install binwalk for analyzing ROMs on the Mac, or just use the instructions here? https://github.com/ReFirmLabs/binwalk/blob/master/INSTALL.md
I am curious what my 2009 looks like (the 2012 should be clean).
I am curious what my 2009 looks like (the 2012 should be clean).
Just use Homebrew, after brew is installed:
Code:
brew install binwalkBoth are needed.
- Memory configs are the parameters of each DIMM.
- KP's are needed for debug purposes. Mac firmware save the KP to the NVRAM, so the next time you open macOS you have the KP.
Well that was easy. Other than the 2 certs, it looks pretty clean?
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 UEFI PI firmware volume
16524 0x408C UEFI PI firmware volume
24972 0x618C CRC32 polynomial table, little endian
35787 0x8BCB mcrypt 2.2 encrypted data, algorithm: blowfish-448, mode: CBC, keymode: 8bit
49948 0xC31C UEFI PI firmware volume
524288 0x80000 UEFI PI firmware volume
540812 0x8408C UEFI PI firmware volume
549260 0x8618C CRC32 polynomial table, little endian
560075 0x88BCB mcrypt 2.2 encrypted data, algorithm: blowfish-448, mode: CBC, keymode: 8bit
574236 0x8C31C UEFI PI firmware volume
1048576 0x100000 UEFI PI firmware volume
1114112 0x110000 UEFI PI firmware volume
1183976 0x1210E8 Certificate in DER format (x509 v3), header length: 4, sequence length: 986
1249512 0x1310E8 Certificate in DER format (x509 v3), header length: 4, sequence length: 986
1343538 0x148032 bzip2 compressed data, block size = 100k
1376256 0x150000 UEFI PI firmware volume
Binwalk signature files are not made to detect Mac problems and the default install only detects the SecureBoot certificates.
All binwalk results that I post are based on signatures that I'm developing for almost a year - it's not ready for end users usage and not public yet.
With all my effort to install MacOS Mojave last year with 4.1->5.1 and GTX680 (except FileVault), I was hoping my Mac Pro would survive a few more years.
If Catalina full release can be installed (with some tweaks) will it be able to run as it should? Updates won't require a new hack etc?
Atm. everything is running vanilla, which I very much like, but there seems to be so many nice additions to Catalina that I'd like it to run on my Mac Pro 2009, which is a nice partner to my MacBook Pro 2018.
If Catalina full release can be installed (with some tweaks) will it be able to run as it should? Updates won't require a new hack etc?
Atm. everything is running vanilla, which I very much like, but there seems to be so many nice additions to Catalina that I'd like it to run on my Mac Pro 2009, which is a nice partner to my MacBook Pro 2018.
Apple released 10.14.6 DP3, build is 18G59b.
I'm downloading it to check any firmware upgrades.
For Catalina DP3/PB1 check here #267
I'm downloading it to check any firmware upgrades.
For Catalina DP3/PB1 check here #267
10.14.6 DP3 EFI Version table for non BridgeOS Macs:
(no firmware upgrades, same as DP2)
(no firmware upgrades, same as DP2)
| Mac: | EFI version: |
|---|---|
| IM13,1 | 286.0.0.0.0 |
| IM14,1 | 138.0.0.0.0 |
| IM14,2 | 138.0.0.0.0 |
| IM14,3 | 138.0.0.0.0 |
| IM14,4 | 198.0.0.0.0 |
| IM15,1 | 229.0.0.0.0 |
| IM16,1 | 228.0.0.0.0 |
| IM16,2 | 228.0.0.0.0 |
| IM17,1 | 168.0.0.0.0 |
| IM18,1 | 173.0.0.0.0 |
| IM18,3 | 173.0.0.0.0 |
| IM19,1 | 220.270.076.0.0 |
| MB10,1 | 176.0.0.0.0 |
| MB8,1 | 182.0.0.0.0 |
| MB9,1 | 182.0.0.0.0 |
| MBA5,1 | 258.0.0.0.0 |
| MBA6,1 | 116.0.0.0.0 |
| MBA7,1 | 187.0.0.0.0 |
| MBP10,1 | 256.0.0.0.0 |
| MBP10,2 | 279.0.0.0.0 |
| MBP11,1 | 155.0.0.0.0 |
| MBP11,2 | 155.0.0.0.0 |
| MBP11,4 | 193.0.0.0.0 |
| MBP12,1 | 185.0.0.0.0 |
| MBP13,1 | 234.0.0.0.0 |
| MBP13,2 | 257.0.0.0.0 |
| MBP13,3 | 257.0.0.0.0 |
| MBP14,1 | 196.0.0.0.0 |
| MBP14,2 | 196.0.0.0.0 |
| MBP14,3 | 196.0.0.0.0 |
| MBP9,1 | 227.0.0.0.0 |
| MM6,1 | 279.0.0.0.0 |
| MM7,1 | 243.0.0.0.0 |
| MP5,1 | 144.0.0.0.0 |
| MP6,1 | 131.0.0.0.0 |
Code:
$IBIOSI$ MP51.88Z.F000.B00.1904121248
Apple ROM Version
Model: MP51
EFI Version: 144.0.0.0.0
Date: Fri Apr 12 12:43:00 2019
Build Type: Release
