That's the
ProtectSecureBoot, not RequestBootVarFallback.From memory, we never recommend anyone to turn on
RequestBootVarFallback.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MP 1,1-5,1 Manually Configured OpenCore on the Mac Pro
- Thread starter cdf
- WikiPost WikiPost
- Start date
- Sort by reaction score
- Status
From memory, we never recommend anyone to turn on
This is a complex topic, with different problems from different sources and different causes.
The NVRAM is a volume, this volume is stored inside the same SPI flash that stores the BootROM. The NVRAM volume have 4 partitions, the stores. The first two stores are where the various NVRAM settings are stored, the third (Fsys) is where hardwareIDs (SSN, HWC, Base_xx, SON and some more exoteric data for tracking repairs/refurbishment by Apple) and the hardware descriptor are stored at the manufacture time, the last one is another store for settings (Gaid) but the exact function of this one is still not understood, seems a analogous of a HWC and changes with different HWCs. Gaid is filled at the manufacture time too, these two stores are not changed, unless when Apple stores tracking data for repairs/refurbishment. The first two stores are 64KB each, the full NVRAM is 192KB. All stores have checksums at the end, CRC32-little endian.
When you do a clear NVRAM, only settings stored at the first and second stores are cleaned and only settings that are user accessible. The user accessible settings are what nvram -xp shows you, so, anything listed below are not cleared:
- Microsoft certificates/BD/PK/etc,
- MemoryConfig settings and DIMM SPD dumps,
- NVIDIA blobs
- other obscure settings
With BootROMs older or newer than MP51.0087.B00, you can't immediately brick your Mac Pro running W10, since the W10 crash is related to the Intel missing microcodes of MP51.0087.B00. The Mac Pro bricks because the NVRAM volume was trashed while the SecureBoot data were being written during the W10 crash.
The multiple SecureBoot data stored inside the NVRAM is a symptom of the fragmentation that we got early on before understanding all the implications. If you have two or more, you probably don't have much more space inside the stores since the SecureBoot data written on the NVRAM requires considerable space. Some people here reported that with just two occurrences, showing with binwalk report, don't have space to change the default boot disk anymore, usually they boot Windows 10 and have to remove the disk to boot macOS back. This happens with other Macs too, owners of Mini late-2012 had the same problem and asked for a clean-up.
The BootBlock problem is caused by the MP4,1>5,1 firmware upgrade process, you have a MP4,1 BootBlock with a MP5,1 firmware and can't recover from that if your BootROM is corrupted. It's a real problem, while would be better to have a MP5,1 BootBlock and the capability to try to recover from a corrupted BootROM, it's not something that will interfere with the normal usage of your Mac Pro.
I thought that was recommended because windows updates could override the boot priority of OC and cause windows 10 to boot up directly? I think by roobarb!?
I've been playing with OpenCore on a machine I use for experimenting with trying to decide if I want to use it on a machine that I actually use regularly. I know that if I have that turned on, and select a specific MacOS from the windows boot camp control panel, it boots into OC bootpicker first with macOS selected. If I have that turned off and do the same thing, it boots directly into macOS without OC! With window's automatic updates, it certainly seems safer to have that on.
[automerge]1583620865[/automerge]
It sounds like you are saying if you are not running that firmware its (at least somewhat) safer to use windows in UEFI mode? Also, If you haven't changed RAM and CPU's often your NVRAM is probably in better shape?
I am not concerned about having the 4,1>5,1 firmware for daily use, have been doing it for years, but what you said about the bootblock and the restore cds had me curious as to what those cds actually do, and if they would clear out some of those old configs or secure boot certificates for those people who might not have a backup of their roms before the problem was discovered.
Last edited:
Yes, the MacOS one seems fine with RequestBootVarFallback off... but apparently windows can (and does) set boot priority and bypasses OC. For me if I turn on the fallback one, it doesn't seem to be able to bypass OpenCore.
I get that having both of them on breaks the prefpane in macOS, but it seems to protect you from Windows changing the boot priority and booting directly into Windows without the protection OC's ProtectSecureBoot provides.
SecureBoot is constantly writing on the Mac Pro NVRAM, if your NVRAM is fragmented, you will have problems. That's why OC now blocks the SecureBoot variables.
While it's possible to have an almost pristine NVRAM if you have a Mac that always used the original OS, never had hardware upgrades, never had without iCloud/iMessage/FaceTime, it's really really improbable. From the more than 3+ hundred dumps from different Mac Pros that I have, less than 5 are good enough that you don't find any flaws. They exist, but don't assume that your Mac is one.
Your idea is flawed from the start, the Firmware Restore CD don't touch the NVRAM or the LBSN/MLB sector at all. While the NVRAM and BootROM are inside the same SPI flash, the generic BootROM image don't have the NVRAM or the MLB/LBSN sector, just zeros.
If you restore the BootROM generic image to the SPI flash with a SPI flash programmer, you will lose all hardwareIDs, the NVRAM will be written over with zeros. You can boot a Mac Pro restored from the generic restore image, but you won't connect to iCloud/Messages/FaceTime, it will be a totally de-personalized Mac.
Oh I am not assuming anything... I don't have any clue thats why I'm asking questions. I don't currently have any problems with my systems that I'm hoping to resolve or anything. Mainly asking out of curiosity. What you are describing sounds like a terribly designed process/system... though I really don't know enough about it all to really judge.
Apple never intended that MP4,1 would be relevant eleven years later. They designed the platform back in the 2007/8 timeframe, the world changed a lot from there. iCloud made the NVRAM much more relevant for the Mac use, much more data are stored there, and much more dynamic data, now than when it was designed. While some of the changes could be predicted back then, no one would predict everything that happened since.
TBH, Apple did a good job designing the NVRAM, with lots of space unused, if you think with a point of view from back in March 2009 when MP4,1 was released, MP4,1/5,1 are really over engineered and because of that, MP4,1/5,1 are still relevant today.
Looking back today, the design seems flawed, but it's just one more for the list of the 640K moments in TI history.
Last edited:
Missing -no_compat_check on the boot-args.
Code:
sudo nvram boot-args="-no_compat-check"
Temporarily change your board Id in the smbios section of OC to some other Mac and that will bypass this. Or use my thread on how to edit the prefpane / cli utility to bypass the board Id check.
Thank you so much for this. I've searched on your name for threads you have created / posted on, and I can't seem to find it. Sorry for being lazy but can you maybe post the thread link?
so i read throu all of this, as well as the BootCamp w/o Bootscreen and the AMD Hardwareaccel Threads and i was able to
1. Succesfully clean install unpatched Catalina
2. Eneable full Hardware Accelaration
3. I can see a Bootpicker (really only sometimes, i cant make logic of when it shows and when it doesn't. i have a raeon vii installed and go out from DP1 to my EIZO Screen)
here's the issue i'm completely struggeling with now thou:
Bootup is really flaky. sometimes it shows the bootpicker and everything works perfectly. sometimes it boots straight into macOS and often it doesn't boot at all or at least only shows blackscreen. I have a clean install of Catalina on an NvME SSD inside a 4x4 PCI-E Card in one of the 16x slots and a Radeon VII as my GPU in the other 16x slot. no hdds installed at all.
Q1: How do i get bootup more stable? Do i only put OC on the EFI Partition of my main bootdrive or on all bootdrives EFI Partitions? do i maybe have to put a sata ssd or hdd in bay 1 with only an OC EFI Partition to ensure bootpicker loading or something?
I own a titan ridge card that i was never able to perform a handshake on because i was never able to install windows before. even before OC i just could't get it to work. i tried everything described by h9826790 and the other genuises in these formums but yeah no luck for some reason.
now after the great success of installing OC i thought i might give it another go. I don't really understand the difference between an EFI installation (same as UEFI?) of Windows and a legacy installation. i also don't really understand how to actually chose between one or the other when installing windows.
what i got from reading all of the posts was that: Installing from a DVD would result in a legacy installation and installing from a USB in a EFI install.
I couldn't pull of either. In the end i installed Win10 on a SATA SSD using a Windows PC and the WINtoUSB Tool.
If i plug this into my cMP via a SATAtoUSB Adapter i can boot into Win using the Bootpicker (whenever it shows).
I was able to install Bootcamp5, and 61 drivers and the volume now also shows up in macos in the system preferences/startup volumes tab and also in Bootchamp.
Using Clover Configurator i found out there is a EFI Partition on the SATA Drive that i installed Win10 but no EFI Folder in the root of the actual System Partition of this SATA Drive. So does this mean its a legacy install then? since there is no EFI Folder in the root or is the EFI Partition i can mount using Clover this "EFI Folder" and proof that my installation is in fact an EFI install. I DON'T GET IT haha.
Q2: What type of Win install do i have and is it safe with OC?
I used ROMtool to dump my BootROM and seached for "secure" in the resulting .bin file but dint't find any entries so i'm hoping i didn't **** up my BootROM (yet).
Anyway the issues that i am having are that with the SATA Drive installed in HDD Bay1 the bootpicker sometimes shows sometimes not. sometimes it boots straight into macOS sometimes it doesn't boot at all or at least just shows a blackscreen. i can not figure out any regularities it just seems to happen at random. it also happens when the drive is connected over USB but maybe a bit less often but not sure. Even if i manage to succesfully boot into windows i don't seem to be able to then boot back into macos using the bootcamp app without turning the mac off completetly therefore making it impossible to perform a handshake for my titan ridge. i don't need windows for anythink but this handshake.
so what am i doing wrong? is there a way to make this more stable/reliable? e.g show bootpicker ALL the time so i could switch between win and mac using the bootpicker instead of bootcamp?
Q3: if i have a drive with a win install plugged in, do i need to copy the OC folder onto the EFI partition of the Windows drive as well or would that then lead to those unwanted entries in my BootROM?
Sorry if this is difficult to understand/follow. i am as i said in way over my head and don't really understand what i am doing anymore.
any toughts / tips?
thanks
Last edited:
Try using that great old literary device, the paragraph, as opposed to putting everything into one big lump of text so that people can read and comprehend what you are trying to convey.
[GUIDE] Bypass FileVault blacklist on 5,1 in Mojave -- on existing installation
I know there are some methods to get FileVault to work but none that I recall are simple for someone who is already running macOS, or they require access to another Mac to do it. Apple added simple board-id checks to the Security prefpane file and the command line utility to prevent enabling...
forums.macrumors.com
You can try this driver here to get this interface at boot:
GitHub - n-d-k/NdkBootPicker: External GUI boot picker for Official OpenCore bootloader
External GUI boot picker for Official OpenCore bootloader - n-d-k/NdkBootPicker
github.com
I think it's time for me to jump on the OpenCore train, as I've been using Windows EFI again for a few months now.
I'm interested in this ProtectSecureBoot option, boot screens on my Radeon VII, and enabling Hardware Acceleration in Mojave / Catalina.
Are people mostly just sharing configs around and looking at eachother's configs for these things, or is there any additional documentation on ProtectSecureBoot / Windows EFI and also MacOS Hardware Acceleration? Where do you all go to read up on OpenCore?
I'm interested in this ProtectSecureBoot option, boot screens on my Radeon VII, and enabling Hardware Acceleration in Mojave / Catalina.
Are people mostly just sharing configs around and looking at eachother's configs for these things, or is there any additional documentation on ProtectSecureBoot / Windows EFI and also MacOS Hardware Acceleration? Where do you all go to read up on OpenCore?
Hi, I have a few more questions before I do everything.
1; How do I enable boot screen?
2; How do I enable and disable upgrades for installing Catalina?
3; How do I enable FileVault?
Is this all enabled in the main config file on the original post?
1; How do I enable boot screen?
2; How do I enable and disable upgrades for installing Catalina?
3; How do I enable FileVault?
Is this all enabled in the main config file on the original post?
1 and 2 are in the original post (page 1 of this thread).
Pay attention to point 7 and 8 (make sure you read the post as enable / disable require changes in the config file).
So after doing everything correctly, when I went to install Mac OS Catalina it shows black screen and doesn't provide any progress bar or something to know if its actually installing.
Would you feel comfortable sharing? No problem if not. I just like it.
FWIW I found it in the guide but greatly lack the tools to do what you did to it.
I am having an issue with FileVault. it says it cannot be used on this system and operating version.