MP 1,1-5,1 Manually Configured OpenCore on the Mac Pro

[w1z]

* @w1z, you come to incorrect conclusions with your exploration. Kexts, once injected by OpenCore, do not depend on the disk anyhow, as it is simply inaccessible from there. The reason you get filesystem corruption is either because of some bug in macOS, or, more likely, because you already have corrupted filesystem, just macOS does not see it.

Creating logs or writing anything in UEFI pretty certainly corrupts EFI partition on e.g. APTIO IV. But the results of this may not be immediately visible. If we assume MacPro bug is similar, for you the key part may be overwriting the existing files. Perhaps a certain modification of the file system tree happens due to this action and the corruption becomes apparent.

Thanks for shedding light on how kexts are injected. I find it very strange that even after formatting the EFI partition which is residing on an almost new drive that the same corruptions occurs only when kexts already residing within the kexts folder under OC are overwritten.

As you have mentioned, most likely a bug with macOS or the fat driver.

Anyway, I really don’t think this is a major issue. Just sharing in case someone else comes across it.

Edit: Thank you for the latest features

 

[octoviaa]

Okay, got my Windows 10 EFI install working now. Couple of things:

- Followed the instructions for driver installation - all good, except there's no control panel appearing in the system tray, I have to run it from Windows\System32\AppleControlPanel.exe.
- Changing the boot device overrides OC entirely. How are you guys getting persistence of OC when using the boot pickers?

I also had it all go south when Windows would stick at its own boot screen with no spinner, just the blue logo. Had to use the inbuilt repair and rebuild to get it back, but I doubt this is anything to do with OC.

Finally, how do I go checking that this install isn't harming my NVRAM and make sure OC is in play under Windows? Because of the picker overriding OC I'm pretty sure this boot is not under OC's power, so I'm guessing this could be a scenario where those certificates being written to NVRAM become an issue.

You might want to check:

MP5,1: BootROM thread | 144.0.0.0.0

I'm a newbie in this topic, I'll try to answer as best as possible. While AHT can check for hardware issue (RAM, CPU, etc) on your Mac, it won't detect the certificate issue. You'll need: 1. ROMTool to dump your ROM (tsialex have it here: #2458) - You must disable the SIP first - When...

forums.macrumors.com

Basically you need 'RomTool' and binwalk, to install binwalk you can use brew:
'brew install binwalk'

MP5,1: BootROM thread | 144.0.0.0.0

Is there a post that describes the best way to install binwalk for analyzing ROMs on the Mac, or just use the instructions here? https://github.com/ReFirmLabs/binwalk/blob/master/INSTALL.md I am curious what my 2009 looks like (the 2012 should be clean).

forums.macrumors.com

 

[h9826790]

You might want to check:

MP5,1: BootROM thread | 144.0.0.0.0

I'm a newbie in this topic, I'll try to answer as best as possible. While AHT can check for hardware issue (RAM, CPU, etc) on your Mac, it won't detect the certificate issue. You'll need: 1. ROMTool to dump your ROM (tsialex have it here: #2458) - You must disable the SIP first - When...

forums.macrumors.com

Basically you need 'RomTool' and binwalk, to install binwalk you can use brew:
'brew install binwalk'

MP5,1: BootROM thread | 144.0.0.0.0

Is there a post that describes the best way to install binwalk for analyzing ROMs on the Mac, or just use the instructions here? https://github.com/ReFirmLabs/binwalk/blob/master/INSTALL.md I am curious what my 2009 looks like (the 2012 should be clean).

forums.macrumors.com

For those who don't want to install Brew / Binwalk, or not that familiar with terminal. You may also check the ROM image as simple as by using TextEdit (macOS build in apps). For corrupted NVRAM, if you search "Secure" (case sensitive) in TextEdit, you will see the actual certificate.

e.g. This is the Binwalk result from my corrupted 0087.B00 ROM image.

You will also see these two MS certs in TextEdit if you search "Secure".

For a "healthy" BootROM, there will be no result

Of course, also no result for the certificate if you check that by using Binwalk

 

[h9826790]

Latest OpenCore in master got HideAuxiliary support and various other enhancements, which should improve startup performance.

It's confirmed the boot picker performance is much better with my Radeon VII.

In the previous version. If I use the arrow key on my keyboard in boot picker, it's like input -> little delay -> screen shutter (redraw).

Now, the boot picker screen response to my arrow key input instantly without any shuttering.

 

[startergo]

Here you go - https://www.screencast.com/t/EymwXxEplWg

I use OC configurator to load the EFI partition. When I replace the Kexts and repair the OC drive everything is fine no errors.

 

[startergo]

Just tried your method of mounting and I can replicate the corruption in the EFI filesystem as soon as I copy a kext file that is already loaded by OC from the OS to the EFI/OC/Kexts folder.

Tried this and no corruption occurred.

 

[w1z]

I use OC configurator to load the EFI partition. When I replace the Kexts and repair the OC drive everything is fine no errors.

What exactly did you repair with your OC drive?

Tried this and no corruption occurred.

Thanks for testing. I'll wait for a couple of more test results before I ascertain the issue is on my end.

 

[startergo]

What exactly did you repair with your OC drive?

First Aid

 

[paulogilmour]

Just did some test of ROM dump / flash when boot via OC.

No problem at all.

Hold power button to boot can enter firmware flashing mode with OC boot picker display / work normally. ROMTool work as expected after boot to desktop.

And after flashing a clean ROM, the cMP can still boot to OC boot picker by default. This is amazing. Which means, no matter after we reset NVRAM, or even ROM flashing, the boot screen still there.

Very interesting!

Do you mean that if you rewrite the ROM initialized by OC, you fix the Bootpicker in the ROM?

Sorry my english, but I think you can understand it right?

 

[paulogilmour]

Hello everybody. I checked my ROM on BinWalk, and I have the certificate issue ... What problem does this generate? My system so far is working normally, both on Mac OS and Windows 10.

 

[h9826790]

Very interesting!

Do you mean that if you rewrite the ROM initialized by OC, you fix the Bootpicker in the ROM?

Sorry my english, but I think you can understand it right?

No, I just mean that we can safely write the ROM even boot via OC.

My test so far. There is no need to write anything into the BootROM to make OC stay.

Just turn on RequestBootVarRouting, then even after we flashing a new BootROM, or perform NVRAM reset, the cMP will still boot to OC by default.

However, I installed OC to all macOS drive's EFI partition. Which means, after NVRAM reset / firmware flashing. no matter the cMP pick which macOS drive to boot, it will still able to locate OC, and boot from it.
[automerge]1581878419[/automerge]

Hello everybody. I checked my ROM on BinWalk, and I have the certificate issue ... What problem does this generate? My system so far is working normally, both on Mac OS and Windows 10.

If only has one cert, your cMP still quite safe, and that's expected. But you should still install OC, and turn on ProtectSecureBoot, make sure no more cert can be written into the NVRAM.

Evidence shows that EFI Windows may write multiple certs into the NVRAM for unknown reason (low probability, but it happens), and once the 3rd cert exists, the cMP may not able to boot anymore (brick logic board).

If you want to know more, please go to join the BootROM thread.
[automerge]1581879113[/automerge]
Just curious, anyone has OSX drive laying around? I sold my Yosemite drive already, too lazy to make another one just run a "test for fun".

Theoretically, we can now boot Snow Leopard on 5,1 via OpenCore boot screen with RX580 (or some other non supported GPU like Radeon VII etc). Of course, no acceleration will work, but we should able to see the screen, and use it (at least should work for some simple stuff).

Anyone want to try?

 

[roobarb!]

- Changing the boot device overrides OC entirely. How are you guys getting persistence of OC when using the boot pickers?

Huh, well, turns out it wasn't being overridden. When I booted today I noticed the screen came to life almost immediately after the chime, but nothing was displayed. I tapped the up/down keys and it stayed on a blank screen - then pressed '1' and it booted Catalina.

So after choosing the Windows 10 drive in the boot picker under Windows (so it could reboot and do it's updates) it appeared as though the boot picker was being hidden. Or maybe I was just tired.

Either way ProtectSecureBoot is on, as is RequestBootVarRouting, so I should be in good shape for using the boot pickers...?

Checked my boot ROM as well - no sign of those certificates. Phew.

 

[h9826790]

Huh, well, turns out it wasn't being overridden. When I booted today I noticed the screen came to life almost immediately after the chime, but nothing was displayed. I tapped the up/down keys and it stayed on a blank screen - then pressed '1' and it booted Catalina.

So after choosing the Windows 10 drive in the boot picker under Windows (so it could reboot and do it's updates) it appeared as though the boot picker was being hidden. Or maybe I was just tired.

Either way ProtectSecureBoot is on, as is RequestBootVarRouting, so I should be in good shape for using the boot pickers...?

Checked my boot ROM as well - no sign of those certificates. Phew.

Do you install the latest 0.5.6 beta yet? (released about 13 hours ago)

Not sure if that helps to improve boot picker's display stability, but worth to try if not yet done.

 

[roobarb!]

Do you install the latest 0.5.6 beta yet? (released about 13 hours ago)

I'm on the debug version 0.5.6 from the 12th; where do the beta releases hide out or do I need to compile?

 

[Nick_P]

Hi all, I read some of you are storing the OC files on a USB drive. For clarification, lets say you have 6 SSD drives, some are OS drives, some data, can any one of them have the OC files in its EFI partition? Should "all" the drives have the OC files in their EFI partition?

If the EFI partition is on a USB stick, can it be on the OEM USB2 ports? Would that slow down booting or anything else? Can it be on a USB 3 port from a pcie card? Or does that gets connected too late in the boot sequence?

For the kexts that have the gpu acceleration and other stuff, do they need to be on the EFI partition of the OS they affect? Or can they be on any of the 6 drives or USB sticks?

Right now I have exact config as post #1. 10.14 on one ssd. 10.15 with modified EFI on second ssd. I just want to explore the options before I redo everything the way it will be long term (to include a windows drive). Thanks.

 

[astonius86]

I also have multiple certs in my bin dump. Are there instructions on how to clean them up in the BootROM thread somewhere?

 

[startergo]

Hi all, I read some of you are storing the OC files on a USB drive. For clarification, lets say you have 6 SSD drives, some are OS drives, some data, can any one of them have the OC files in its EFI partition? Should "all" the drives have the OC files in their EFI partition?

Not at all. Only install it in the EFI of the USB. This way in case of an issue you can easily remove OC by removing the drive. I don't think it will work from USB3 card as there is no driver for it at boot.

 

[h9826790]

I'm on the debug version 0.5.6 from the 12th; where do the beta releases hide out or do I need to compile?

Download the master package form the OpenCore GitHub page, and compile it yourself.

 

[roobarb!]

Not at all. Only install it in the EFI of the USB. This way in case of an issue you can easily remove OC by removing the drive. I don't think it will work from USB3 card as there is no driver for it at boot.

I've tried this and obviously done something wrong as my USB installs never like to boot. I format the drive GPT and make the main partition just HFS+ then follow the same procedure to mount, copy in and bless OC into the EFI partition on diskXs1. Reboot and... black screen. I have to zap NVRAM and put things right through Mojave recovery.

Am I missing a trick or got some iffy USB sticks around here? I'm using the front panel ports.

Download the master package form the OpenCore GitHub page, and compile it yourself.

Working nicely, going to see if a Windows update will bork again.

 

[h9826790]

I've tried this and obviously done something wrong as my USB installs never like to boot. I format the drive GPT and make the main partition just HFS+ then follow the same procedure to mount, copy in and bless OC into the EFI partition on diskXs1. Reboot and... black screen. I have to zap NVRAM and put things right through Mojave recovery.

Am I missing a trick or got some iffy USB sticks around here? I'm using the front panel ports.



Working nicely, going to see if a Windows update with bork it again.

Did you ever boot from that USB thumb drive? Not all USB drive can boot on cMP
[automerge]1581897374[/automerge]

Huh, well, turns out it wasn't being overridden. When I booted today I noticed the screen came to life almost immediately after the chime, but nothing was displayed. I tapped the up/down keys and it stayed on a blank screen - then pressed '1' and it booted Catalina.

So after choosing the Windows 10 drive in the boot picker under Windows (so it could reboot and do it's updates) it appeared as though the boot picker was being hidden. Or maybe I was just tired.

Either way ProtectSecureBoot is on, as is RequestBootVarRouting, so I should be in good shape for using the boot pickers...?

Checked my boot ROM as well - no sign of those certificates. Phew.

It seems the Radeon VII cause this issue.

Another net friend has similar issue.

In his case

1) This issue only happen with Radon VII. If he switch to RX580, everything back to normal

2) OpenCore boot picker display no text if he REMOVE the Windows drive (EFI, SATA), time out reduce to 1s automatically. Only can see the loading bar but not Apple log when macOS loading. But if he put the Windows drive back in, OpenCore boot picker work as expected. Apple logo also shows up during loading.

So, may be something in DirectGopRendering not perfect yet?

 

[roobarb!]

Did you ever boot from that USB thumb drive? Not all USB drive can boot on cMP

I honestly don't remember, I'll try others.

It seems the Radeon VII cause this issue.
...
So, may be something in DirectGopRendering not perfect yet?

Well, at least it wasn't just me. To be honest, with v0.5.6 it looks like AllowSetDefault is working perfectly from the picker, which is frankly easier than using the startup disk utilities.

Unfortunately the Windows update (to 2004 from 1909) completely failed with an 0xc1900101 error. I get the feeling it's something to do with the presence of other drives, but I had no issues with updates using the legacy boot mode. It managed to repair itself on the second boot, but still not great. Not sure what's at fault with that one.

 

[startergo]

I honestly don't remember, I'll try others.

Well, at least it wasn't just me. To be honest, with v0.5.6 it looks like AllowSetDefault is working perfectly from the picker, which is frankly easier than using the startup disk utilities.

Unfortunately the Windows update (to 2004 from 1909) completely failed with an 0xc1900101 error. I get the feeling it's something to do with the presence of other drives, but I had no issues with updates using the legacy boot mode. It managed to repair itself on the second boot, but still not great. Not sure what's at fault with that one.

I also can't update to 1909 from 1803. Probably because of multiple drives.

 

[octoviaa]

Download the master package form the OpenCore GitHub page, and compile it yourself.

Found below GitHub which appear to do continuous build of OpenCore:
https://github.com/williambj1/OpenCore-Factory/releases

Of course it is safer to build it yourself.

 

[roobarb!]

Been around the houses a bit on this tonight. I've found that it's very easy to wind up in a position where Windows boots itself in EFI mode with no indication that it's doing so; no blue Windows logo or spinner shown, just suddenly landing on the login screen. By that point the damage is done. I booted to my Mojave fallback to find the dreaded certificates appearing.

That's no bueno. A reflashed ROM from backup and all is well again, but it's too easy to fall foul of this.

So, to overcome the issue of major Windows upgrades failing (potentially due to the multiple drives, which is what I was setting out to test) and reduce the likelihood of ROM corruption, might it be possible to install OC to the EFI partition of the Windows disk? I've tried, but the EFI partition contains Microsoft's gubbins and replacing BOOTx64.efi and adding the OC directory (and setting HideSelf to false) only results in repeatedly landing back at the picker when choosing 'BOOTCAMP Windows'.

 

[mikems]

From About this Mac (italics mine):

Model Name: Mac Pro (Mid 2010) A1289
Model Identifier: MacPro5,1
Processor Name: 6-Core Intel Xeon [W3680 Westmere according to Everymac; sysctl machdep.cpu.brand_string confirms this]
Processor Speed: 3.33 GHz
Number of Processors: 1
Total Number of Cores: 6
L2 Cache (per Core): 256 KB
L3 Cache: 12 MB
Hyper-Threading Technology: Enabled
Memory: 32 GB
Boot ROM Version: 144.0.0.0.0
SMC Version (system): 1.39f11
SMC Version (processor tray): 1.39f11

tsialex, you can go back several pages to see my saga in greater detail, but at this point, I'm done. I'm not qualified to do the kind of open-heart rocket surgery that's apparently needed to make Catalina work on my machine, and honestly, I've lost interest.

Long story longer: After 3 weeks of fighting with this, and almost 30 years of living and working exclusively in the Apple ecosystem, I am finally, fully finished with BriktInTrash®. Fifteen years ago or so, when I bought a Power Mac G5, I had to toss a perfectly good, nearly new LaserJet because it wouldn't interface with the G5. Then, almost as soon as I'd bought the G5, Apple announced that they were done with PowerPC architecture. Now they're orphaning me again, and trying to force me to spend $6-$10k to replace a perfectly serviceable computer that they've orphaned...again. And it seems very much deliberate on Apple's part. There's a word for this: Ransomware. But I don't bargain with extortionists. I was once the biggest Mac fanboy in town, but not anymore. I'm done. Apple can suck my Newton. I'm rebuilding my desktop – but a Mac won't be on it, now or ever again. Goodbye infinite loop!

I'm installing a Linux distro (Zorin) on my existing Macs, and when they finally give up the ghost, I'll just buy cheap commodity hardware to run *nix distros on. Surely somebody out there besides Apple makes a halfway-decent keyboard.

Buh-bye Apple!

Have fun with your iPhones!

Sorry for the rant, folks, but this is just infuriating to me. And I bet I'm not the only one. Thank you for your help nonetheless, and best of luck to you all in your own Mac travails. Out –

CP

I was going along well with Hypercard as an Apple Developer back in the Dark Ages when Steve Jobs and friends eliminated the language. I was so low on the totem pole but I had spent countless full days and nights messing around with this and actually selling software. I am not smart enough to understand exactly what people are talking about in this Rumor website and will never be, but I know that people can get lost in all the rigamarole and never see the light of day trying to find out why this or that doesn't work right. More power to them. I just want things to work and make sense. That was Apple's mantra long ago. Good luck on your new vision and insight.