Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
The first post of this thread is a WikiPost and can be edited by anyone with the appropiate permissions. Your edits will be public.

SamPotts

macrumors 6502
Sep 25, 2010
278
59
Sydney, Australia
I'm not sure that Recovery can update the MP6,1 firmware. I never investigate this for real, but I don't remember ever seeing the firmware updater daemon inside the Recovery files.

Using Recovery to install macOS to the blade will update the firmware after macOS is installed and you are booting macOS from the 12+16 Apple OEM blade. The update mechanism (eficheck) will detect a superseded firmware and will start the firmware update progress. With the general release macOS (10.15.3), the current firmware is 134.0.0.0.0. To get 135.0.0.0.0, you will need to install 10.15.4 DP4.

Thanks for your help (again!). I'll give it a try and report back.
 

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
M E G A S H I T:

Another really really stupid Intel CSME backdoor was found by Positive Technologies. This is the paper:


The Register has a good write up about the problem:


Anandtech article:


This will have implications for every Mac with Intel iX newer than 1st Generation and the late-2013 Mac Pro. Seems the first series of chipsets vulnerable are the series 5 (Ibex Peak platform), the chipset used by the 2nd generation Intel iX. Probably all Macs released after 2011, except mid-2012 Mac Pro and the Macs with T2-Security, are vulnerable in a way or another since all use a chipset that internally has and depends on the CSME.

If the firmware is encapsulated, Apple generic firmware upgrade image have the .scap extension, it has CSME support. Macs that use CPUs with socket 1366 are too old and don't have Intel CSME, so no problem with MP5,1.

Macs with T2-Security are probably indirectly immune since T2 validates the firmware itself, but that needs more info. I don't know enough about the implementation to be absolutely sure that Intel CSME is not running hidden somewhere between the PCH and the CPU.

At least, Apple never implemented most of what are vulnerable with CSME resources, never used CSME disk encryption, DRM or the CSME security enclave.

Btw, Intel usually soften a lot the blow of security vulnerabilities and we will only really know everything about the CSME flaw down the road.
 
Last edited:

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
It would be interesting to see the security announcement for 10.15.4, Apple only revamp the EFI firmware of all Macs at the same time when something really big happens.

They just did that, see post #4,167, maybe it's the start of the mitigation process…
 

bsbeamer

macrumors 601
Sep 19, 2012
4,313
2,713
When will government(s) REQUIRE Intel to support and update their CPUs against vulnerabilities for X number of years? The previous EOL for MP5,1 and previous CPUs means these machines will forever be vulnerable. No telling when they can hit another cutoff.
 

SamPotts

macrumors 6502
Sep 25, 2010
278
59
Sydney, Australia
I'll give it a try and report back.

Re-installing via the recovery partition didn't update the BootROM. I'm still on 133. Worse still, it installed 10.15.1 beta instead and refused to update to 10.15.4 so I had to revert to a Time Machine backup. Annoying. I'll wait for 10.15.4 general release and do the SSD swap and then update.
 

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
Re-installing via the recovery partition didn't update the BootROM. I'm still on 133. Worse still, it installed 10.15.1 beta instead and refused to update to 10.15.4 so I had to revert to a Time Machine backup. Annoying. I'll wait for 10.15.4 general release and do the SSD swap and then update.
Installing the 10.15.3 ComboUpdate, then installing the Developer/Public beta profile and letting it update to 10.15.4 DP4 would work, after several reboots.
 
  • Like
Reactions: SamPotts

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
Ah ok. Thanks! I'm just worried I'll have to strip it all down again to do it again if they release 136.x.
Since Apple is now updating constantly the BootROM of MP6,1, for sure you will have to do again…

Apple will continue to send BootROM upgrades in the near future. While nowhere near BridgeOS Macs cadence, Apple has been sending frequent updates for MP6,1 BootROMs.

Apple released six new MP6,1 BootROMs in 2019:

EFI version:EFI build date (not the release date):
128.0.0.0.01812191437
129.0.0.0.01902141849
130.0.0.0.01904121119
131.0.0.0.01905251553
132.0.0.0.01906132222
133.0.0.0.01907241309
134.0.0.0.01912181758

Besides the usual DXE corrections that Apple issued in the last two years, like the frequent APFSJumpStart improvements, Intel will have to correct Ivy Bridge microcodes sooner than later and Apple will follow up with new BootROMs for MP6,1.
 
  • Like
Reactions: SamPotts

SamPotts

macrumors 6502
Sep 25, 2010
278
59
Sydney, Australia
It'd be nice if they actually gave info on what's in their software and BootROM updates other than generic stuff like "Security fixes and improvements". I know we should always install them but at least so we'd know what we're getting.
 

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
It'd be nice if they actually gave info on what's in their software and BootROM updates other than generic stuff like "Security fixes and improvements". I know we should always install them but at least so we'd know what we're getting.
Sure, but they never did and I had lost any hope that public changelogs will ever be released. You have actively track the changes, extracting and comparing modules.
 
  • Like
Reactions: SamPotts

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
Apple released 10.15.4 DP5 (19E258c) today, only BridgeOS Macs got firmware updates.

MP7,1 - J160
Code:
Apple ROM Version
  BIOS ID:      MP71.88Z.F000.B00.2003070132
  Model:        MP71
  EFI Version:  1037.100.355.0.0
  Built by:     _reportmem@pdb648
  Date:         Sat Mar  7 01:32:51 2020
  Revision:     1037.100.355 (B&I)
  ROM Version:  F000_B00
  Build Type:   Official Build, RELEASE
  Compiler:     clang-1103.2.29.8
  UUID:         0BEAFF7F-2BDA-33FD-A7CE-6DCC461DF8DD
  UUID:         CE99EFF3-3110-34BF-9421-59050CCCE60C
Apple ROM Version
  BIOS ID:      MP71.88Z.F000.B00.2003070132
  Model:        MP71
  EFI Version:  1037.100.355.0.0
  Built by:     _reportmem@pdb648
  Date:         Sat Mar  7 01:32:51 2020
  Revision:     1037.100.355 (B&I)
  ROM Version:  F000_B00
  Build Type:   Official Build, RELEASE
  Compiler:     clang-1103.2.29.8
$IBIOSI$    MP71.88Z.F000.B00.2003070132
Copyright (c) 2005-2020 Apple Inc.  All rights reserved

EFI firmware list for non-BridgeOS Macs, same versions as 10.15.4 DP4:

Mac:EFI version:
IM13,1290.0.0.0.0
IM14,1142.0.0.0.0
IM14,2142.0.0.0.0
IM14,3142.0.0.0.0
IM14,4202.0.0.0.0
IM15,1233.0.0.0.0
IM16,1233.0.0.0.0
IM16,2233.0.0.0.0
IM17,1176.0.0.0.0
IM18,1181.0.0.0.0
IM18,3181.0.0.0.0
IM19,11037.100.345.0
MB10,1185.0.0.0.0
MB8,1188.0.0.0.0
MB9,1190.0.0.0.0
MBA5,1262.0.0.0.0
MBA6,1120.0.0.0.0
MBA7,1193.0.0.0.0
MBP10,1260.0.0.0.0
MBP10,2283.0.0.0.0
MBP11,1159.0.0.0.0
MBP11,2159.0.0.0.0
MBP11,4197.0.0.0.0
MBP12,1190.0.0.0.0
MBP13,1243.0.0.0.0
MBP13,2265.0.0.0.0
MBP13,3265.0.0.0.0
MBP14,1205.0.0.0.0
MBP14,2205.0.0.0.0
MBP14,3205.0.0.0.0
MBP9,1231.0.0.0.0
MM6,1283.0.0.0.0
MM7,1247.0.0.0.0
MP6,1135.0.0.0.0
 

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
Apple released 10.15.4 DP6 (19E264b) yesterday, only BridgeOS Macs got firmware updates, same EFI releases as 10.15.DP4:

1037.100.358 - 10.15.4 DP6 (19E264b) - 20200318 - 17.16.14261.5.1

Code:
Apple ROM Version
  BIOS ID:      MP71.88Z.F000.B00.2003152147
  Model:        MP71
  EFI Version:  1037.100.358.0.0
  Built by:     _reportmem@pdb648
  Date:         Sun Mar 15 21:47:04 2020
  Revision:     1037.100.358 (B&I)
  ROM Version:  F000_B00
  Build Type:   Official Build, RELEASE
  Compiler:     clang-1103.2.29.8
  UUID:         0BEAFF7F-2BDA-33FD-A7CE-6DCC461DF8DD
  UUID:         CE99EFF3-3110-34BF-9421-59050CCCE60
Apple ROM Version
  BIOS ID:      MP71.88Z.F000.B00.2003152147
  Model:        MP71
  EFI Version:  1037.100.358.0.0
  Built by:     _reportmem@pdb648
  Date:         Sun Mar 15 21:47:04 2020
  Revision:     1037.100.358 (B&I)
  ROM Version:  F000_B00
  Build Type:   Official Build, RELEASE
  Compiler:     clang-1103.2.29.8
$IBIOSI$    MP71.88Z.F000.B00.2003152147
Copyright (c) 2005-2020 Apple Inc.  All rights reserved

EFI firmware list for non-BridgeOS Macs, same versions as 10.15.4 DP4:

Mac:EFI version:
IM13,1290.0.0.0.0
IM14,1142.0.0.0.0
IM14,2142.0.0.0.0
IM14,3142.0.0.0.0
IM14,4202.0.0.0.0
IM15,1233.0.0.0.0
IM16,1233.0.0.0.0
IM16,2233.0.0.0.0
IM17,1176.0.0.0.0
IM18,1181.0.0.0.0
IM18,3181.0.0.0.0
IM19,11037.100.345.0
MB10,1185.0.0.0.0
MB8,1188.0.0.0.0
MB9,1190.0.0.0.0
MBA5,1262.0.0.0.0
MBA6,1120.0.0.0.0
MBA7,1193.0.0.0.0
MBP10,1260.0.0.0.0
MBP10,2283.0.0.0.0
MBP11,1159.0.0.0.0
MBP11,2159.0.0.0.0
MBP11,4197.0.0.0.0
MBP12,1190.0.0.0.0
MBP13,1243.0.0.0.0
MBP13,2265.0.0.0.0
MBP13,3265.0.0.0.0
MBP14,1205.0.0.0.0
MBP14,2205.0.0.0.0
MBP14,3205.0.0.0.0
MBP9,1231.0.0.0.0
MM6,1283.0.0.0.0
MM7,1247.0.0.0.0
MP6,1135.0.0.0.0
 

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
10.15.4 released, ComboUpdate already available.
macOS Catalina 10.15.4 introduces iCloud Drive folder sharing, Screen Time communications limits, Apple Music time-synced lyrics view, and more. The update also improves the stability, reliability, and security of your Mac.

Finder
• iCloud Drive folder sharing from Finder
• Controls to limit access only to people you explicitly invite, or to grant access to anyone with the folder link
• Permissions to choose who can make changes and upload files and who can only view and download files

Screen Time
• Communication limits for controlling who your children can communicate with and be contacted by throughout the day and during downtime
• Playback control of music videos for your children

Music
• Time-synced lyrics view for Apple Music, including the ability to jump to your favorite part of a song by clicking a line in lyrics view

Safari
• Option to import Chrome passwords into your iCloud Keychain for easy AutoFill of your passwords in Safari and across all your devices
• Controls for duplicating a tab and for closing all tabs to the right of the current tab
• HDR playback support on compatible computers for Netflix content

App Store with Apple Arcade
• Universal Purchase support enables the use of a singular purchase of a participating app across iPhone, iPod touch, iPad, Mac, and Apple TV
• Recently played Arcade games appear in the Arcade tab so you can continue playing on iPhone, iPod touch, iPad, Mac, and Apple TV

Pro Display XDR
• Customized reference modes that you can tailor to specific workflow needs by selecting from several color gamut, white point, luminance, and transfer function options

Accessibility
• Head pointer preference for moving a cursor on the screen based on the precise movements of your head

This update also includes bug fixes and other improvements.
• High Dynamic Range output to HDR10-compatible third-party displays and TVs connected with DisplayPort or HDMI
• OAuth authentication support with Outlook.com accounts for improved security
• CalDav migration support when upgrading to iCloud reminders on a secondary device
• Resolves an issue where text copied between apps may appear invisible when Dark Mode is active
• Fixes an issue in Safari where a CAPTCHA tile may display incorrectly
• Resolves an issue where Reminders may send notifications for completed reminders
• Fixes an issue with screen brightness for the LG UltraFine 5K display after waking from sleep

Some features may not be available for all regions, or on all Apple devices. For more detailed information about this update, please visit: https://support.apple.com/kb/HT210642

For detailed information about the security content of this update, please visit: https://support.apple.com/kb/HT201222
Security Updates for High Sierra and Mojave too:
Download Security Update 2020-002 (High Sierra)
Download Security Update 2020-002 (Mojave)
 

itadampf

macrumors member
Jan 16, 2016
38
58
Europe
Sorry to be OT in the thread Alex, but with this last update something weird happened: my MacBook Pro 13" 2015, with an Intel 660p, got the bootrom updated to 190.0.0.0.0, now on 10.15.4 (19E266)
This was unexpected, as I thought that you would get bootrom updates just the original apple ssd; apparently not, and that's good!
BTW, as I am doing home office now I went back to my MacPro as my hackintosh stayed in the office. Still a capable machine, louder and slower than the hackintosh but absolutely a good workstation, tnxs also to "your" bootrom cleaning months ago. Stay healthy!
 
  • Like
Reactions: tsialex

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
Sorry to be OT in the thread Alex, but with this last update something weird happened: my MacBook Pro 13" 2015, with an Intel 660p, got the bootrom updated to 190.0.0.0.0, now on 10.15.4 (19E266)
This was unexpected, as I thought that you would get bootrom updates just the original apple ssd; apparently not, and that's good!
BTW, as I am doing home office now I went back to my MacPro as my hackintosh stayed in the office. Still a capable machine, louder and slower than the hackintosh but absolutely a good workstation, tnxs also to "your" bootrom cleaning months ago. Stay healthy!
Some Macs can update without an Apple SSD, while others, like MP6,1, only update when an Apple SSDs is installed. AFAIK, there isn't a compiled list of what Macs can do the updates or not with a third party SSD.

Take care!
 
  • Like
Reactions: itadampf

matusalemmarques

macrumors newbie
May 21, 2017
6
1
Lisbon Area, Portugal
Some Macs can update without an Apple SSD, while others, like MP6,1, only update when an Apple SSDs is installed. AFAIK, there isn't a compiled list of what Macs can do the updates or not with a third party SSD.

Take care!

I think this might have changed with the latest release. I updated my MP6,1 with a Transcend NVME SSD from 10.15.3 to 10.15.4 and got 135.0.0.0 without switching to the original SSD in between. I was on 134.0.0.0 before (having used the original Apple SSD to get there).
 

cgscotto

macrumors member
Sep 29, 2018
70
31
Athens, OH
I am going to concur with matusalemmarque that the firmware situation seems to have changed for the 6,1. I updated my MP6,1 with a Samsung 960 Pro from 10.15.3 to 10.15.4 and the firmware was updated to 135.0.0.0 without switching to the original SSD for the update. I previously update to 134.0.0.0 using the Apple OEM SSD. This is great!
 

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
I am going to concur with matusalemmarque that the firmware situation seems to have changed for the 6,1. I updated my MP6,1 with a Samsung 960 Pro from 10.15.3 to 10.15.4 and the firmware was updated to 135.0.0.0 without switching to the original SSD for the update. I previously update to 134.0.0.0 using the Apple OEM SSD. This is great!
Some people reported this in the past, coincidentally users with 960 Pro and the Transcend 12+16 model.

While I'm hoping that Apple finally saw the reason and removed the efiflasher OEM SSD check, for sure it need reports from people with different SSDs and that efiflasher continues to update the firmware with 3rd party SSDs for the next series of updates.

Apple sometimes see the light even if takes time, they did that with MP5,1 and NVMe. I hope that's the case again.
 
  • Like
Reactions: cgscotto

tommy chen

macrumors 6502a
Oct 1, 2018
907
390
yes, my 2014 15" retina macbookpro (11,3) updates the bootROM to 159.0.0.0.0 with a
2TB samsung 970 evo plus on a sintech adapter only with security update 2020-002 10.14.6
 

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
Apple just released 10.15.5 DP1 (19F53f):

MP7,1 - J160:
Code:
Apple ROM Version
  BIOS ID:      MP71.88Z.F000.B00.2003210126
  Model:        MP71
  EFI Version:  1037.120.42.0.0
  Built by:     _reportmem@pdb172
  Date:         Sat Mar 21 01:26:35 2020
  Revision:     1037.120.42 (B&I)
  ROM Version:  F000_B00
  Build Type:   Official Build, RELEASE
  Compiler:     clang-1103.2.29.8
  UUID:         2377FE0D-73DC-34E3-9D50-0EA81B2D981B
  UUID:         9D7DF858-720F-3BFD-8F3B-50027EE371AD

Apple ROM Version
  BIOS ID:      MP71.88Z.F000.B00.2003210126
  Model:        MP71
  EFI Version:  1037.120.42.0.0
  Built by:     _reportmem@pdb172
  Date:         Sat Mar 21 01:26:35 2020
  Revision:     1037.120.42 (B&I)
  ROM Version:  F000_B00
  Build Type:   Official Build, RELEASE
  Compiler:     clang-1103.2.29.8
$IBIOSI$    MP71.88Z.F000.B00.2003210126
Copyright (c) 2005-2020 Apple Inc.  All rights reserved
[automerge]1585680376[/automerge]
Just checked and only BridgeOS Macs got firmware updates today, no new EFI versions for pre-T2 Macs.

Same firmware versions as 10.15.4 DP4:

Current EFI firmware list for non-BridgeOS Macs:

Mac:EFI version:
IM13,1290.0.0.0.0
IM14,1142.0.0.0.0
IM14,2142.0.0.0.0
IM14,3142.0.0.0.0
IM14,4202.0.0.0.0
IM15,1233.0.0.0.0
IM16,1233.0.0.0.0
IM16,2233.0.0.0.0
IM17,1176.0.0.0.0
IM18,1181.0.0.0.0
IM18,3181.0.0.0.0
IM19,11037.100.345.0
MB10,1185.0.0.0.0
MB8,1188.0.0.0.0
MB9,1190.0.0.0.0
MBA5,1262.0.0.0.0
MBA6,1120.0.0.0.0
MBA7,1193.0.0.0.0
MBP10,1260.0.0.0.0
MBP10,2283.0.0.0.0
MBP11,1159.0.0.0.0
MBP11,2159.0.0.0.0
MBP11,4197.0.0.0.0
MBP12,1190.0.0.0.0
MBP13,1243.0.0.0.0
MBP13,2265.0.0.0.0
MBP13,3265.0.0.0.0
MBP14,1205.0.0.0.0
MBP14,2205.0.0.0.0
MBP14,3205.0.0.0.0
MBP9,1231.0.0.0.0
MM6,1283.0.0.0.0
MM7,1247.0.0.0.0
MP6,1135.0.0.0.0
 
Last edited:

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
Seems Apple is starting to use AVX and AVX+ system wide on macOS. See this post from @Syncretic, the author of MouSSE:


If it's correct and Apple started doing that with 10.15.4, it's a very good signal that 10.16 kernel will probably require AVX or worse, AVX + AVX2. AVX-512 is probably a 10.17 thing, since only 2016+ processors support it.

Maybe 10.15 will be the last macOS release to run with MP5,1 unpatched.
 

thgoncalves

macrumors newbie
Mar 4, 2018
1
0
Hello

Hey tsialex, how are you doing man?

So, I might have a problem with my Mac Pro 5,1 bootrom and you might be able to help me. A while ago you helped a friend of mine with a similar issue, and that's how I got your name. I tried PM you, but I just couldn't find the option here (sorry, I don't use MacRumors Forum regular), that's why I am jumping here in the middle of this thread.

So the thing is. My Mac Pro 5,1 started taking a while to boot, lingering a lot on the white screen before the EFI boot selection. Also, the chime is gone. No more boot sounds. According to my friend, that can mean a future problem related to bootrom.

Do you think you can help me with troubleshooting this?

You can PM me so we can talk more about it.

Thanks. Appreciated.
 

worldburger

macrumors member
Jan 27, 2008
44
5
Is there any way to update 140 to 144 bootrom on a 5,1 Mac Pro *without* a Metal-enabled GPU?

If I could get the bottom separately, could I simply use something like the RomTool to update the bootrom (to get NVMe support) without actually updating to Mojave?
 

tsialex

Contributor
Original poster
Jun 13, 2016
13,455
13,601
Is there any way to update 140 to 144 bootrom on a 5,1 Mac Pro *without* a Metal-enabled GPU?
No, Apple efiflasher checks the presence of a METAL GPU and only updates if a METAL GPU, AMD or NVIDIA is present.

While it's possible to fully reconstruct a Mac Pro BootROM and indirectly overcome the METAL check flashing the reconstructed firmware image directly to the SPI flash, it's a process totally out of reach of users, advanced or not. Only firmware engineers with experience with Apple EFI and understanding of the Mac Pro firmware intricacies can go the reconstruction way.

My advice to you is to buy a cheap METAL supported GPU like NVIDIA GT 640 or GT 710.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.