MP5,1: Return of the microcodes (MP51.0089.B00) **OBSOLETE**

[Spacedust]

I've runned linux checker and it shows Mac Pro is still vulnerable for Spectre Variant 3a and 4 so Apple needs to update microcodes again!

Even an old HP Z220 got another BIOS update in June to cover these vulnerabilities.

[root@livedvd Desktop]# ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.38+

Checking for vulnerabilities on current system
Kernel is Linux 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 x86_64
CPU is Intel(R) Xeon(R) CPU X5675 @ 3.07GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES (Intel STIBP feature bit)
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO
* CPU microcode is known to cause stability problems: NO (model 0x2c family 0x6 stepping 0x2 ucode 0x1e cpuid 0x206c2)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES
* Vulnerable to Variant 3a: YES
* Vulnerable to Variant 4: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (Mitigation: Load fences)
* Kernel has array_index_mask_nospec: NO
* Kernel has the Red Hat/Ubuntu patch: YES
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: Load fences)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full retpoline)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: NO
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel rel retpoline compilation)
* Retpoline is enabled: YES
> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vuty)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Reduced performance impact of PTI: YES (CPU supports PCID, perforact of PTI will be reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability: NO
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigaulnerability)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface: NO (Vulnerable)
* Kernel supports speculation store bypass: YES (spec_store_bypass)
> STATUS: VULNERABLE (Your CPU doesn't support SSBD)

Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --discl

 

[tsialex]

Apple changed/renamed the firmware for Mojave DP7 18A365a. Seems a new efiupdater firmware flasher too, take a look:

[doublepost=1534181373][/doublepost]I'm still downloading the InstallESDDmg.pkg, I'll check what is this new firmware flasher in 10'.
[doublepost=1534181961][/doublepost]Humm…

 

[Squuiid]

Apple changed/renamed the firmware for Mojave DP7 18A365a. Seems a new efiupdater firmware flasher too, take a look:

View attachment 775752
[doublepost=1534181373][/doublepost]I'm still downloading the InstallESDDmg.pkg, I'll check what is this new firmware flasher in 10'.
[doublepost=1534181961][/doublepost]Humm… View attachment 775760

This is awesome. It looks like Apple are addressing the firmware issue when using an RX 580 or other unflashed cards.

 

[tsialex]

This is awesome. It looks like Apple are addressing the firmware issue when using an RX 580 or other unflashed cards.

Apple is changing things, but we still have to verify it.

[doublepost=1534183509][/doublepost]

This is awesome. It looks like Apple are addressing the firmware issue when using an RX 580 or other unflashed cards.

Now the firmware flasher is just a white screen without the progress bar. @Squuiid do you have any non-EFI cards to test?
[doublepost=1534183561][/doublepost] The new BootROM: 138.0.0.0

[doublepost=1534184386][/doublepost]New microcodes too:

 

[Squuiid]

Now the firmware flasher is just a white screen without the progress bar. @Squuiid do you have any non-EFI cards to test?

Downloading the ESD now

 

[LightBulbFun]

Oh holy sh*t!

they completely changed the version string format, its like how the iMac Pro and 2018 MBPs are.

im downloading this beta now and ill investigate this new BootROM closely, currently my 7950 is set to PC BIOS mode so it will be interesting to see what happens.

(also Woo new microcodes LOL)

 

[tsialex]

Downloading the ESD now

Oh holy sh*t!

they completely changed the version string format, its like how the iMac Pro and 2018 MBPs are.

im downloading this beta now and ill investigate this new BootROM closely, currently my 7950 is set to PC BIOS mode so it will be interesting to see what happens.

(also Woo new microcodes LOL)

I opened a new thread, btw.

 

[Squuiid]

BOOM! Firmware upgrade with an RX 580.

 

[MriX]

BOOM! Firmware upgrade with an RX 580.

View attachment 775793

Have you got a Bootscreen?

 

[HaypurTiryading]

Have you got a Bootscreen?

Everybody waiting that answer.

 

[crjackson2134]

Everybody waiting that answer.

@LightBulbFun already answered that here...

https://forums.macrumors.com/thread...-0-on-mojave-dp7.2132317/page-2#post-26346617

sadly though I do not get any BootScreens

 

[TheStork]

Finally got a round to it...upgraded my 5,1 processor to a X5690, and, once I checked it out for a while, updated to MP51.0089.B00 BootROM. I'm so proud of myself, because my knowledge of Mac Pro hardware, firmware and software only goes to the power user level. Thanks, @tsialex, for this thread.

Now, a quick off topic question...someone please point me to the solution...I've got a boot SSD in an Acorn PCIe card, and it's showing on the desktop as an external drive. How do I get it to be an internal drive or is it just cosmetic? TIA.

 

[Squuiid]

Finally got a round to it...upgraded my 5,1 processor to a X5690, and, once I checked it out for a while, updated to MP51.0089.B00 BootROM. I'm so proud of myself, because my knowledge of Mac Pro hardware, firmware and software only goes to the power user level. Thanks, @tsialex, for this thread.

Now, a quick off topic question...someone please point me to the solution...I've got a boot SSD in an Acorn PCIe card, and it's showing on the desktop as an external drive. How do I get it to be an internal drive or is it just cosmetic? TIA.

Just cosmetic. Safe to ignore.

 

[crjackson2134]

If mainly just want it off the desktop, just go to Finder Preferences and un-check the option that shows external HD’s on the dedktop.

 

[Matty_TypeR]

if you want the drive to look like an internal drive, go to get info on that drive, when open click the drive icon at the top so you get a halo around it. drag the icon from an internal drive over the top of the external drive icon, and it will change to look like an internal drive.

 

[flowrider]

If mainly just want it off the desktop, just go to Finder Preferences and un-check the option that shows external HD’s on the dedktop.

I know the option is there, but why would you do this?

[doublepost=1535397704][/doublepost]

if you want the drive to look like an internal drive, go to get info on that drive, when open click the drive icon at the top so you get a halo around it. drag the icon from an internal drive over the top of the external drive icon, and it will change to look like an internal drive.

Or just use copy/paste and assign any icon you want to the drive.

Lou

 

[bookemdano]

I know the option is there, but why would you do this?

To avoid permanent clutter on your desktop?

To avoid accidentally attempting to eject the drive (which if it's not your boot drive might actually occur, and then how do you plug it back in?)

To help pretend the original problem (which apparently cannot be solved) doesn't exist?

There are valid reasons for the option, which is why it exists as an option in the first place.

 

[crjackson2134]

To help pretend the original problem (which apparently cannot be solved) doesn't exist?

There is a way to do it, I just can't get to it right now as I'm in the VA medical center on my iPhone.

I don't recommend it, but OWC posted a method how to do this, I've never tried it myself.

 

[bookemdano]

There is a way to do it, I just can't get to it right now as I'm in the VA medical center on my iPhone.

I don't recommend it, but OWC posted a method how to do this, I've never tried it myself.

Maybe you're talking about this? I think it's only a solution for those specific OWC SSDs.

 

[krakman]

Now, a quick off topic question...someone please point me to the solution...I've got a boot SSD in an Acorn PCIe card, and it's showing on the desktop as an external drive. How do I get it to be an internal drive or is it just cosmetic? TIA.

https://forums.macrumors.com/threads/mac-pro-early-2008-upgrades.1701295/#post-18703027

you will need kext utility and to disable SIP

 

[crjackson2134]

Maybe you're talking about this? I think it's only a solution for those specific OWC SSDs.

I don't think that's what I read a couple of years back, but I could be mistaken, I never had a need for such. I believe it involved a kernel extension and a terminal command. I can look for it in a day or so when feeling a little more energetic if the OP still needs it.
[doublepost=1535403525][/doublepost]

https://forums.macrumors.com/threads/mac-pro-early-2008-upgrades.1701295/#post-18703027

you will need kext utility and to disable SIP

This MAY be the exact same solution I was thinking about earlier today. Thanks for the link.

 

[TheStork]

I did the drag-and-drop to change the External SSD icon. Before I changed the icon, I did a right click on the External SSD icon and did not see a "Eject this drive..." option. So, good news...it's cosmetic.

Thanks for all your suggestions and help. I didn't mean to get us too off topic. Let us please return to the discussion of bootRooms.

 

[jameslmoser]

I did the drag-and-drop to change the External SSD icon. Before I changed the icon, I did a right click on the External SSD icon and did not see a "Eject this drive..." option. So, good news...it's cosmetic.

Thanks for all your suggestions and help. I didn't mean to get us too off topic. Let us please return to the discussion of bootRooms.

Thats because it won't let you eject the system drive. If you had another one with a different install of OS X, or Windows, or whatever, it will let you "eject" it... which just un-mounts it. You can just remount it.

 

[MacsRgr8]

What's the difference between:
MP51.0089.B00
and
138.0.0.0.0
?

I read MP51.0089.B00 as my BootROM.
Mac Pro 5.1 3.33 Ghz (6 Core)

 

[tsialex]

What's the difference between:
MP51.0089.B00
and
138.0.0.0.0
?

I read MP51.0089.B00 as my BootROM.
Mac Pro 5.1 3.33 Ghz (6 Core)

Go here: MP5,1: New BootROM 138.0.0.0.0 on Mojave DP7/PB6