MP 1,1-5,1 MacPro5,1: BootROM thread | 144.0.0.0.0

[zzzippp]

All said and done, my view is that Legacy Windows is best for a Legacy Mac.

Anyhow, updating to the latest RefindPlus release, I will be flashing my BootROM with my reconstructed backup, booting into the UEFI Windows 10 install, and then check ROM dump after all that to see if SecureBoot X509 certificate entries were added again.

That would be very useful feedback. Please mention me when you post it, or since it would be a RefindPlus issue that needs addressing if it doesn't work as it should, please raise an issue on the GitHub Repo.

I'd have preferred to stick with my Legacy BIOS Windows 10 install, but even installed on an internal SSD it is nearly an order of magnitude slower than on an NVMe blade, in terms of raw read speeds, anyhow. Things certainly feel noticeably much more responsive in everyday use of the NVMe install for me.

In any event, it's been two weeks since I flashed my mid-2010 MacPro 5,1 with the reconstructed BootROM, and despite numerous boots back and forth between MacOS Mojave and Windows 10, I have not seen the SecureBoot X509 certificate entries reappear, even after some Microsoft system software updates.

I have set RefindPlus' configuration file to auto-select the MacOS install (only overridden with a keypress during boot to choose Windows 10 or the selection menu.) I don't see how a Windows "boot coup" is possible with this configuration, so I believe I am safe in that regard.

@Dayo and @tsialex, I am grateful for the wealth of knowledge and tools you share with others to help keep old Macs running well-past their "prime". Thank you!

 

[Dayo]

Good to know things are working as they should.

With respect to this though ...

I have set RefindPlus' configuration file to auto-select the MacOS install (only overridden with a keypress during boot to choose Windows 10 or the selection menu.) I don't see how a Windows "boot coup" is possible with this configuration, so I believe I am safe in that regard.

RefindPlus cannot stop a boot coup.

When boot coups happen, they generally happen after you have booted into an OS regardless of mechanics how you have done this. So it doesn't matter what you have set RefindPlus or any other tool to auto select. Such a coup can only ever happen after you have gone ahead to boot Windows ... via key press or whatever.

They typically happen during updates, usually major updates. Basically, the OS changes the boot parameters from what you have set. Either by overwriting/changing the boot loader file or the Boot Order Variables in the NVRAM.

The first you will know that a coup has happened is that the next time you boot up, instead of the expected screen, such as the RP screen in your case, you will see Windows or whatever has staged the coup, loading instead ... you, President for Life of the Republic, have been locked out of the Palace of the People and must now either go into exile or stage a counter coup.

Any pure UEFI OS, including Linux, can stage a boot coup. Mac OS is actually not a pure UEFI OS and as such, while not technically impossible, it does not really stage boot coups. Temporary 'coups" can happen during Mac OS updates but unlike most coup plotters, these actually do organise and implement a rapid return of power to a new democratically elected administration.

Anyway, to repeat, RefindPlus cannot stop a boot coup and does not claim to do so ... nothing can technically, but some, such as OpenCore, are better at limiting the chances.

I will advise you to remove the UEFI Windows entry from RefindPlus and boot your UEFI Windows instance via OpenCore. Not a 100% protection but far safer than RefindPlus for UEFI Windows on a Classic Mac. Your call though.

 

[trifero]

I prefer legacy windows 10 infinitely in a Mac Pro 5,1. At the end, UEFI windows always give problems. Unless you work with very big files, it´s indistinguishable for me to do it in an NVMe or in a SSD. Sure, speed tests are so different, but not the daily use.

 

[joevt]

RefindPlus cannot stop a boot coup.

When boot coups happen, they only happen after you have booted into an OS regardless of mechanics how you have done this. So it doesn't matter what you have set RefindPlus or any other tool to auto select. Such a coup can only ever happen after you have gone ahead to boot Windows ... via key press or whatever.

They typically happen during updates, typically major updates. Basically, the OS changes the boot parameters from what you have set. Either by overwriting/changing the boot loader file or the Boot Order Variables in the NVRAM.

The first you will know that a coup has happened is that you boot up and instead of the expected screen, such as the RP screen in your case, you will see Windows loading.

Any pure UEFI OS, including Linux, can stage a boot coup. Mac OS is actually not a pure UEFI OS and as such, while not technically impossible, it does not really stage boot coups.

Anyway, to repeat, RefindPlus cannot stop a boot coup and does not claim to do so ... nothing can technically, but some, such as OpenCore, are better at limiting the chances.

I will advise you to remove the UEFI Windows entry from RefindPlus and boot your UEFI Windows instance via OpenCore. Not a 100% protection but far safer than RefindPlus for UEFI Windows on a Classic Mac. Your call though.

RefindPlus could stop boot coup by not allowing NVRAM boot variables to change and by not being installed where Windows writes its EFI boot files. OpenCore does at least the first.

RefindPlus could notify the user if an NVRAM boot variable has been changed and have that as an option to boot in order to continue installs.

 

[Dayo]

RefindPlus could stop boot coup by not allowing NVRAM boot variables to change and by not being installed where Windows writes its EFI boot files. OpenCore does at least the first.

RefindPlus could notify the user if an NVRAM boot variable has been changed and have that as an option to boot in order to continue installs.

It could replicate everything OpenCore does indeed, and more, if someone where to code these in (no intention here though). In any case, the point is that it can't do this today and the OP needs this now.

I suppose the issue sometimes is understanding that the reason RefindPlus exists in the first place is to support Opencore use (multiple instances and to facilitate booting into Legacy Windows).

While it can be used as a user sees fit, where RefindPlus sits in a MyBootMgr setup (OpenCore chain loading) is the primary consideration behind the development effort. Of course, there are secondary and tertiary considerataions and options that arise along the way. In addition, code submissions of other features by others are entertained.

The reason Certificate Filtering was added to RefindPlus was purely to protect cMP users from themselves:

1. cMP User ignores, or is unaware of, MyBootMgr guide and becomes UEFI Windows User on cMP
2. UEFI Windows User on cMP boots RefindPlus
3. UEFI Windows User on cMP sees icon for Windows
4. UEFI Windows User on cMP clicks icon
5. UEFI Windows User on cMP's NVRAM is hosed

Getting back on track for @zzzippp sake ...

• Once UEFI Windows is present on a cMP, OpenCore should also be present and such UEFI Windows should always be booted via OpenCore.
• For your use case of purely booting Mojave and UEFI Windows, you might as well remove RefindPlus and just use OpenCore.
• if you do want the flexibility RefindPlus can provide, modify your RefindPlus config to hide the UEFI Windows option and boot this after chain loading OpenCore.

 

[whgmkeller]

I just tried to find out which boot rom version I have, Unfortunately, it lists as 9999.999.999.999.999.

Does this have something to do with the fact that I am running Big Sur installed thru Open Core Legacy Patcher?

 

[tsialex]

I just tried to find out which boot rom version I have, Unfortunately, it lists as 9999.999.999.999.999.

Does this have something to do with the fact that I am running Big Sur installed thru Open Core Legacy Patcher?

Yes, boot without it.

 

[tsialex]

Sorry for the off-topic.

I recently bought a dead pristine MD770BZ/A (the single CPU mid-2012), missing just the RAM/GPU, from a media company liquidating old/defective gear. It was extremely cheap (~US$ 85 with shipping) and I bought it most for the immaculate case, but I had a tiny gleam of hope that it was a dead SPI flash memory.

I was right, the original MX25L3206E had a dead NAND cell right on the main VSS store and got it booting again the moment I installed the MATT card. Since then I replaced the SPI flash memory for a brand new MXIC MX25L3206E and started to look for a decent CPU to replace the beyond horrible factory Xeon W3565 (3.2GHz quad-core Nehalem 4.8 GT/s) and four 16GB DIMMs.

I've been tracking X5690 prices for a long long time - never personally had one since I'm a X5680 cost conscious guy - and from a month or so the AliExpress prices dropped to historic lows. Seems the obsolescence finally dropped the X5690 prices to reasonably levels.

Just bought one X5690 for US$ 34,11 with shipping.

Now I need to find 16GB DIMMs with a decent price.

 

[ironmanny1]

If you didn’t do a rom reconstruction….. this is what happens, dead pristine Mac Pro for cheap =)

 

[tsialex]

If you didn’t do a rom reconstruction….. this is what happens, dead pristine Mac Pro for cheap =)

Yep, I was happily surprised that the problem was just the dead SPI flash memory.

The media company removed the DIMMs, the original HD 5770 and sold everything else as a Mac Pro case. From the auction pictures I saw that even the original HDD, the four HDD carriers and the PCIe bracket were present, which is extremely unusual - this got my attention right away.

 

[howiest]

I'm feeling pretty dumb right now...
I used ROMTool to dump my ROM and am left with this file: "Untitled.bin" (4.2 MB)
If I try and open that, I'm left with a second file: "Untitled.bin.cpgz" (1.8 MB)
What am I missing here?

 

[tsialex]

I'm feeling pretty dumb right now...
I used ROMTool to dump my ROM and am left with this file: "Untitled.bin"
If I try and open that, I'm left with a second file: "Untitled.bin.cpgz"
What am I missing here?

Clicking two times over a .bin file compress it, since a .bin file is by default associated to ArchiveUtility.app.

Why you are doing it? It's a binary file that can only be open by a hex editor.

 

[howiest]

I wanted you folks to check my BootROM for bad certs.

 

[tsialex]

I wanted you folks to check my BootROM for bad certs.

I've sent you a PM, follow the instructions to the letter and I'll check your BootROM image.

 

[howiest]

I've sent you a PM, follow the instructions to the letter and I'll check your BootROM image.

Thanks!

 

[trifero]

Sorry for the off-topic.

I recently bought a dead pristine MD770BZ/A (the single CPU mid-2012), missing just the RAM/GPU, from a media company liquidating old/defective gear. It was extremely cheap (~US$ 85 with shipping) and I bought it most for the immaculate case, but I had a tiny gleam of hope that it was a dead SPI flash memory.

I was right, the original MX25L3206E had a dead NAND cell right on the main VSS store and got it booting again the moment I installed the MATT card. Since then I replaced the SPI flash memory for a brand new MXIC MX25L3206E and started to look for a decent CPU to replace the beyond horrible factory Xeon W3565 (3.2GHz quad-core Nehalem 4.8 GT/s) and four 16GB DIMMs.

I've been tracking X5690 prices for a long long time - never personally had one since I'm a X5680 cost conscious guy - and from a month or so the AliExpress prices dropped to historic lows. Seems the obsolescence finally dropped the X5690 prices to reasonably levels.

Just bought one X5690 for US$ 34,11 with shipping.

View attachment 1825335


Now I need to find 16GB DIMMs with a decent price.

I sent you a private message some months ago, no answer, with exacly same reason.

 

[tsialex]

I sent you a private message some months ago, no answer, with exacly same reason.

Sorry about that. I've read it when you sent and thought about making some calculations to see if it's at least economically reasonable* before answering and later I forgot to reply your kind offer - my bad.

*The Chinese sellers are experts at under reporting the value of goods and shipping them virtually free.

 

[quad121]

Can anyone advise?
I've just flashed my BootROM with a reconstructed one.
Now on performing a Dump on it shows that the 1st VSS Store has only 11780 and the 2nd VSS Store is 'new' at 65448?

Is this normal?

 

[quad121]

I’m now a little wiser on this. Thank you again tsialex

 

[G°LLY]

I've sent you a PM, follow the instructions to the letter and I'll check your BootROM image.

First of all, I would like to thank you for these extraordinarily interesting posts!
I now absolutely had to check the Boot Rom on my cMP 4,1>5,1 as well - booting without OC, in my working 10.14.6 with NVRAM reset.
Problems could already start here:
My cMP does not get past 2 chimes (command+alt+R+P), even after several attempts. (???°°)
Well, here is the Boot Rom dump that gave me (dosdudes..) RomTool.
Could this also get the cause of "only 2 chimes"? Have no other problems with the cMP so far. Still, I would like to intervene here before my cMP hits the wall.

Greetings

P.S.: My first post here, I hope that works with the screenshots upload

 

[tsialex]

First of all, I would like to thank you for these extraordinarily interesting posts!
I now absolutely had to check the Boot Rom on my cMP 4,1>5,1 as well - booting without OC, in my working 10.14.6 with NVRAM reset.
Problems could already start here:
My cMP does not get past 2 chimes (command+alt+R+P), even after several attempts. (???°°)
Well, here is the Boot Rom dump that gave me (dosdudes..) RomTool.
Could this also get the cause of "only 2 chimes"? Have no other problems with the cMP so far. Still, I would like to intervene here before my cMP hits the wall.

Greetings

P.S.: My first post here, I hope that works with the screenshots upload View attachment 1829087 View attachment 1829086

I'll open a PM thread with the instructions on how to save the BootROM dump and the SystemInformation report, please do it to the letter and I'll check your files.

 

[G°LLY]

I'll open a PM thread with the instructions on how to save dump and the SystemInformation report, please do it to the letter and I'll check your files.

Roger that.

 

[trifero]

My cMP does not get past 2 chimes (command+alt+R+P), even after several attempts. (???°°)

Never saw that in my life.

 

[tsialex]

Never saw that in my life.

Normal behavior of Apple Wireless keyboards, a lot of older wired Microsoft (older Microsoft 500/600 need to be disconnected and reconnected).

Most wired keyboards work for deep NVRAM resets, but some don't. When you have a keyboard that work with other Macs and still don't complete a deep reset, it's usually a sure sign of a problem.

 

[G°LLY]

Normal behavior of Apple Wireless keyboards, a lot of older wired Microsoft (older Microsoft 500/600 need to be disconnected and reconnected).

Most wired keyboards work for deep NVRAM resets, but some don't. When you have a keyboard that work with other Macs and still don't complete a deep reset, it's usually a sure sign of a problem.

I have a wired SATECHI kb in use and i remember i did 3+ chimes on this cMP in February 2021 with this kb (reason: changed OC 0.5.9 to 0.6.5).

Edit: This is what i got yesterday with *macschraubers rom dump tool (also without OC and 2 chimes (max.)