Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
The first post of this thread is a WikiPost and can be edited by anyone with the appropiate permissions. Your edits will be public.
PM me your dump, detailed instructions on how to in a previous comment here.
Can’t seem to find any divinitive instructions in the past few comments, do I use ROMTool? If you could just copy and paste some instructions on how to do so I’d be glad to
 
Maybe dosdudes downloads are down right now, but the download for romdump gives me a cpgz file and i cant seem to extract the actual app from the zip.
Do you still have ROMTool, v2.0? You can use it. If you have other dumps, send me today's and your oldest dump too.

Instructions:

  • First disable SIP. Boot the Recovery partition, go to the menu Utilities and open Terminal, run "csrutil disable", reboot.
  • Decompress, right click to open ROMDump/ROMToolv2.0, open it, then save your BootROM dump.
  • Compress the dump (go to Finder, right click the dump, compress) and send to me via PM.
  • You can re-enable SIP now. Boot the Recovery partition, open Terminal, run "csrutil enable", reboot.
 
Last edited:
  • Like
Reactions: handheldgames
Just managed now to upgrade my 5,1 to BootROM 0138, but I found that unless I deleted ROMTool's preferences and Application Support folders (presumably created when I flashed 0089 and then injected the DXE NVMe driver,) ROMTool would keep trying to reload DirectHW.kext, fail, and refuse to flash my machine.

Am going to try flashing an upgraded 4,1 -> 5,1 to 0138 and NVMe armed with this knowledge.
 
Just managed now to upgrade my 5,1 to BootROM 0138, but I found that unless I deleted ROMTool's preferences and Application Support folders (presumably created when I flashed 0089 and then injected the DXE NVMe driver,) ROMTool would keep trying to reload DirectHW.kext, fail, and refuse to flash my machine.

Am going to try flashing an upgraded 4,1 -> 5,1 to 0138 and NVMe armed with this knowledge.

Were you trying to flash while in Mojave or High Sierra?

Also were you using RomTool v1.0 or v2.0?
 
One more slightly corrupted, but still booting BootROM. @t8er8 2010 MP51 dump is missing the SON.

Screen Shot 2018-08-21 at 7.30.02 PM.png
 
Yikes. For clarification, t8er8 did you ever do any of the ROM mods for NVMe? My hunch says no since you were unfamiliar with the tools involved.

Do you happen to know which bootrom you were on before you installed 138? I wonder if that matters? And I wonder how many of the rest of us could have corruption lurking in our firmware and don't realize it yet? I will say that iCloud continues to work for me after installing 138 last week. Haven't had any password prompts and things like iMessage are still working.
 
Yikes. For clarification, t8er8 did you ever do any of the ROM mods for NVMe? My hunch says no since you were unfamiliar with the tools involved.

Do you happen to know which bootrom you were on before you installed 138? I wonder if that matters? And I wonder how many of the rest of us could have corruption lurking in our firmware and don't realize it yet? I will say that iCloud continues to work for me after installing 138 last week. Haven't had any password prompts and things like iMessage are still working.
never touched this tool until now! Nor did I install any NVMe mods! my prior bootrom was 0089, and before that, 0085, never was on 0087 either. It only stopped working after the Mojave update, and even when I first installed it I was on 0089.
 
Later I'll do a post with annotated screenshots, without any personal data, to show the corrupted ones I got compared with good ones.

Maybe the examples will help advanced users identify problems.
 
Later I'll do a post with annotated screenshots, without any personal data, to show the corrupted ones I got compared with good ones.

Maybe the examples will help advanced users identify problems.

Thanks, yeah that would be great. I also took the same progression as t8er8: 0085, (purposely skipped 0087 due to the missing microcode), 0089, 138. I'd be interested to take a look at my ROM dumps (I have them from 0085 and 0089, I'll dump again now that I have 138) to see if they reveal any corruption.
 
  • Like
Reactions: t8er8
Thanks, yeah that would be great. I also took the same progression as t8er8: 0085, (purposely skipped 0087 due to the missing microcode), 0089, 138. I'd be interested to take a look at my ROM dumps (I have them from 0085 and 0089, I'll dump again now that I have 138) to see if they reveal any corruption.
Great idea!
 
If you think that MP51 BootROM is a complex beast, don't start analysing MP61 one. It's scary.

Screen Shot 2018-08-22 at 00.09.20.png
 
Last edited:
Any idea what is causing the corruption?
Still a mystery. People has been corrupting the SPI-Flash since 2013-ish, at least. If anyone here is a Commodore Amiga fan and knows who is Hese, his cMP got corrupted TWO times.

If the firmware becomes so corrupt it can’t boot can it be restored with the firmware restoration CD?
@Cecco had to desolder his and I reconstructed it. It's the one with the SSN_HWC_SON block before the, what I call, compressed hardware descriptor blob. (I saw people referring to it as ACPI tables, but that's a wrong name for it)
 
Last edited:
Were you trying to flash while in Mojave or High Sierra?

Also were you using RomTool v1.0 or v2.0?

Tried both, but wound up flashing from PB7 of Mojave.

Also I used instalinstallmacos.py to create the image for PB7, then ran the updater directly from that image.

During the firmware flash, only saw a grey screen without a single progress bar to be found.

About the corruption- wonder if it's got to do with the kind of flash, after I deleted the ROMTool Prefs and App Support folders, the first thing that happened was that I got a popup to choose some RAM type code that I swear I didn't see the first time.
 
Last edited:
Tried both, but wound up flashing from PB7 of Mojave.

Also I used instalinstallmacos.py to create the image for PB7, then ran the updater directly from that image.

During the firmware flash, only saw a grey screen without a single progress bar to be found.
If I remember correctly, you did update to MP51.0087.B00, no?
 
That's right, I did.. or was it 0089 first? I know it was at 89 when I did the flash to 0138.

Back on Friday, I was preparing a quad core 5,1 running 10.11 for possible Mojave beta upgrade, I used a fresh download of 10.13.5, created a USB stick, performed the requested firmware upgrade and then the OS upgrade. When the smoke cleared, the machine was running 10.13.5 and the firmware was 0087.

If possible, I'd like to take a look on your MP51.0089.B00 BootROM dump. Every dump I looked from people who used MP51.0087.B00 has a quirk.
 
Last edited:
Tried both, but wound up flashing from PB7 of Mojave.

Also I used instalinstallmacos.py to create the image for PB7, then ran the updater directly from that image.

During the firmware flash, only saw a grey screen without a single progress bar to be found.

About the corruption- wonder if it's got to do with the kind of flash, after I deleted the ROMTool Prefs and App Support folders, the first thing that happened was that I got a popup to choose some RAM type code that I swear I didn't see the first time.

I did all my flashing within 10.13.6.

@handheldgames reported that he had issues with DirectHW.kext refusing to load properly under Mojave so I didn’t even try there.

Also, having previously used RomTool v1.0, I removed it, and all associated files, before using v2.0

Is it possible you had some leftovers from v1.0. Perhaps that was the problem in High Sierra?

In any case you’re at 138 now, and @tsialex can correct your BootRom if it’s mangled. You should give him the ROM dump as requested. Mine was a mess, and it started before NVMe came into the picture.

There have already been some anti-NVMe users pointing the accusatory finger at the injecting process. So far one has nothing to do with the other. It’s only that since we have started injecting the BootRom, it has come under scrutiny, which lead to the discovery of prior corruption.

Had I not decided to go with NVMe/DXE injection, it would have never been discovered and corrected.

Since @tsialex is now on the case, you won’t have any worries.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.