just an FYI theres already a MR Forums EULA in place that says the only person who can do the whole "you will always refer to him as" and "Mighty" stuff is @Intell Something to do with Cheese and hats IIRC
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
- Status
just an FYI theres already a MR Forums EULA in place that says the only person who can do the whole "you will always refer to him as" and "Mighty" stuff is @Intell Something to do with Cheese and hats IIRC
Anyway, back on topic, I can't seem to insert anything into the Apple boot rom's, I'm sure I'm just being dense, but I could use a little help.
I open the bottom with UEFI tool, and search for 'DXE' but insert is always greyed out. Could someone offer a little better explanation than @gilles_polysoft did in post 13.
I'm not sure what I'm doing wrong, I also tried with DXEInject, but whatever I try to inject, I just end up with a bit for bit copy of the boot rom I'm trying to modify.
Tho I have to say, I'm limited to hacking Apple boot roms that came with OS updates. the LOCKED.fd files, so maybe that is an issue?
Also, does anyone know if any Mac ever shipped with an ICH9 chipset?
I was thinking the iMac8,1 may have, but a peek I got at the IOReg online didn't offer any clues.
I open the bottom with UEFI tool, and search for 'DXE' but insert is always greyed out. Could someone offer a little better explanation than @gilles_polysoft did in post 13.
I'm not sure what I'm doing wrong, I also tried with DXEInject, but whatever I try to inject, I just end up with a bit for bit copy of the boot rom I'm trying to modify.
Tho I have to say, I'm limited to hacking Apple boot roms that came with OS updates. the LOCKED.fd files, so maybe that is an issue?
Also, does anyone know if any Mac ever shipped with an ICH9 chipset?
I was thinking the iMac8,1 may have, but a peek I got at the IOReg online didn't offer any clues.
no Mac shipped with the ICH9 chipset
however its funny you mention the iMac8,1
I really want to try and flash an iMac8,1 BootROM to an iMac7,1
(however I dont own an iMac7,1)internally the iMac7,1 and 8,1 are almost the same, they have the same i965+ICH8 chipset,
it would give better penryn support at a minimum.
and maybe even 1066Mhz FSB support? the iMac7,1 schematics mention 1066Mhz FSB support, which makes me wonder if the iMac7,1 works with 1066Mhz FSB CPUs...
no Mac shipped with the ICH9 chipset
however its funny you mention the iMac8,1
I really want to try and flash an iMac8,1 BootROM to an iMac7,1
internally the iMac7,1 and 8,1 are almost the same, they have the same i965+ICH8 chipset,
it would give better penryn support at a minimum.
and maybe even 1066Mhz FSB support? the iMac7,1 schematics mention 1066Mhz FSB support, which makes me wonder if the iMac7,1 works with 1066Mhz FSB CPUs...
Thanks for the clarification, I'd really like to get one of the Apple EFI firmwares working in Qemu, but there is a limited number of machines and chipsets to choose from. Looks like something I'll have to add to my ever growing todo list is building a machine that emulates a chipset Apple used in an Intel Mac.
I got outbid by $3 on a MP3,1 the other day, and I just hate it that others are able to hack firmwares and I can't play along
Besides, it's much easier to be able to hack and debug in a virtual machine, with no risk of bricking it.
I did find that Apple's EFI firmwares have a Serial Terminal DXE, and it will link and load in Qemu, but I can't really find any info on the net about how Apple's firmware engineers may have used it to do low level debugging of EFI firmwares.
Thanks for the clarification, I'd really like to get one of the Apple EFI firmwares working in Qemu, but there is a limited number of machines and chipsets to choose from. Looks like something I'll have to add to my ever growing todo list is building a machine that emulates a chipset Apple used in an Intel Mac.
I got outbid by $3 on a MP3,1 the other day, and I just hate it that others are able to hack firmwares and I can't play along
Besides, it's much easier to be able to hack and debug in a virtual machine, with no risk of bricking it.
I did find that Apple's EFI firmwares have a Serial Terminal DXE, and it will link and load in Qemu, but I can't really find any info on the net about how Apple's firmware engineers may have used it to do low level debugging of EFI firmwares.
I know very well what its like to lack the hardware to do certain things with, sometimes you have to improvise a bit
you own a MacBook3,1 right? that is an EFI64 machine
get a Mini PCIe to full size PCIe adapter, remove the airport card and install the adapter and bam your MacBook3,1 now has a PCIe slot you can do stuff with
Sadly my MacBook3,1 stoped powering on, it's done it to me a few times, but leaving it unpowered for a few days always seemed to bring it back, just not this time.I know very well what its like to lack the hardware to do certain things with, sometimes you have to improvise a bit
you own a MacBook3,1 right? that is an EFI64 machine
get a Mini PCIe to full size PCIe adapter, remove the airport card and install the adapter and bam your MacBook3,1 now has a PCIe slot you can do stuff with
I upgraded the ram, and it just quit powering up at all, pulling the ram and reinstalling the OEM ram, resetting the SMC, just no luck, it just does nothing when I press the power button.
[doublepost=1528894470][/doublepost]@LightBulbFun Any insight as to what I'm doing wrong not being able to inject into the boot rom?
What version of EFI tool has been successful, and where maybe I should click after I search for the DXE?
Last edited:
no Mac shipped with the ICH9 chipset
however its funny you mention the iMac8,1
I really want to try and flash an iMac8,1 BootROM to an iMac7,1
internally the iMac7,1 and 8,1 are almost the same, they have the same i965+ICH8 chipset,
it would give better penryn support at a minimum.
and maybe even 1066Mhz FSB support? the iMac7,1 schematics mention 1066Mhz FSB support, which makes me wonder if the iMac7,1 works with 1066Mhz FSB CPUs...
I actually have an 24" iMac7,1 collecting dust, I need to swap the harddrive.
thanks for pointing to flashrom. Works way better than ch341prog
for sip roms I use just a regular soldering iron and of course loads of flux. Clean it after soldering with isoprop.
As my eyes are lame I use a cheap USB Microscope on mac with quicktime player as monitoring app - and very strong reading glasses.
Pix ahead, first is with flux, second cleaned (not the same chip)
If you can't get it sorted you may bring it to a service guy. Good cell phone repair shops can solder a rom chip with ease.
Thanks for showing me pics, so.... you don't think I have over heated the board or the chip with removing and installing the rom using heat gun method? Think it could be possible I just don't have enough solder on the chip connecting the board and that's why I am having power issues?
You can also use my GUI tool (based on flashrom) to flash and dump your system ROM from OS X.
For those interested in editing the microcode of their Mac Pro's system ROM, I have just finished writing a fully interactive GUI-based utility that can add/extract/replace microcodes in your system ROM dump! This is how it works:
- Open the program, and select a dumped ROM.
- From here, you can simply right-click in the table to perform actions, or use the Menu Bar items.
- To extract a microcode from your ROM, simply right-click on the microcode you wish to extract, and select "Extract Microcode". Save it to a file.
- To add a new microcode, simply right-click anywhere in the table, and select "Add Microcode". If the microcode for the same CPUID and platform ID in the microcode you're trying to add already exists in the ROM, it will replace it with the selected file. If not, it will add it.
- Microcode files can also be dragged and dropped onto the table to add them.
- Once the modifications you desire have been made, simply save the file, or do "Save as" to save it as a different file, keeping your original unmodified.
Download the application here. Source code is available on my GitHub. Microcode files can be obtained here.
Enjoy!
- Open the program, and select a dumped ROM.
- From here, you can simply right-click in the table to perform actions, or use the Menu Bar items.
- To extract a microcode from your ROM, simply right-click on the microcode you wish to extract, and select "Extract Microcode". Save it to a file.
- To add a new microcode, simply right-click anywhere in the table, and select "Add Microcode". If the microcode for the same CPUID and platform ID in the microcode you're trying to add already exists in the ROM, it will replace it with the selected file. If not, it will add it.
- Microcode files can also be dragged and dropped onto the table to add them.
- Once the modifications you desire have been made, simply save the file, or do "Save as" to save it as a different file, keeping your original unmodified.
Download the application here. Source code is available on my GitHub. Microcode files can be obtained here.
Enjoy!
Amazing as usual, dosdude1. Thank you so much for everything you do for your fellow Mac users.
THANKS!!! Once I’m outta the hospital, I’ll write up a detailed doc. It’s the least I can do to help. By chance, did you use obj-c?
Yes, it's written with a combination of Objective-C and C.
Thanks for providing this tool. It's very handy!
For others info. This tool will allow you to choose a specific CPU model's microcode to inject.
e.g. The 0087.B00 BootROM has no microcode at all. And after I inject the microcode for Westmere, it will looks like this.
If I add both Nehalem and Westmere microcode. It will looks like this.
And it looks identical to the microcode mod provided by LightBulbFun with the copy and paste method.
Two different way, give out the exact same result. So, it should be safe to use either method.
If you want to use UEFI Tool to insert into Apple's EFI Roms, it seems you need version 0.24.0.
7.15 MB UEFITool_0.24.0_mac.zip
7.15 MB UEFITool_0.24.0_mac.zip
Has anyone been successful to boot NVMe SSDs with the new bootrom MP_0087 from the full 10.13.5 installation package besides Gilles? Sorry after reading his #325 post, I did not see any confirmation.
I am also a little confuse on which NVMe DXE driver to use, extract from MBP, nMP 2013 or iMacPro. Seems like erer use the latest one but I am not sure. Could you please point me to the right direction? Thanks
I am also a little confuse on which NVMe DXE driver to use, extract from MBP, nMP 2013 or iMacPro. Seems like erer use the latest one but I am not sure. Could you please point me to the right direction? Thanks
I use it not for the Mac firmware. But very interesting Flashrom can handle the Mac firmware. Would you mind telling what parameter Flashrom needs to touch the Mac firmware ?
[doublepost=1528997009][/doublepost]
Only you can inspect your work. You can use a ohm meter to check the connections for o/c or shortcuts.
Or give it a pro...
m
mp 6,1 has drivers for xhci and fl1100 search bootrom for those fırst.method one @gilles_polysoft posted should work fine on 0084.B00/0085.B00 firmware (and you dont even need an external EEPROM programmer you should be able to use flashrom as @DearthnVader says)
I actually gave it a dry run and i was able to do all the steps properly
I do have a FL1100 USB 3 card installed that I would like to try get bootable on my MP5,1, i had look in my MBP9,1s EFI but I could not find any USB3 XHCI/FL1100 drivers, I need to have a look at a MP6,1s BootROM for those I guess, (a dump of the MP6,1 bootrom and a picture of what the command: drivers says when run at an EFI shell is what i want)
It's really better to test these drivers in an EFI Shell before inserting them into your boot rom, if you download the rEFInd cd it has a shell you can enter.
You'll need to put the drivers on a Fat32 partition, the EFI partition of one of your GUID formatted drives should be good. If you search around the inter webs you can find info on how to mount your EFI partition, then just copy the drivers you want to test to it.
Burn the rEFInd cd and boot from it, open the shell and find the EFI partition you saved the drivers to. it's sort of a mix of dos and unix commands, and its not always intuitive.
Code:
fs0:That will give you the file system of the first mapped drive.
Code:
fs1:This gives the second mapped file system.
Code:
lsList files and directories of the current mapped file system.
Once you find the correct file system, the one you saved the EFI drivers to, then you need to load them.
Code:
load XHCI.efi
Code:
load FL1100.efiOnce you load the drivers, you'll need to connect them.
Code:
reconnect -rNow check if your driver are linked and loaded to a device.
Code:
driversThat will give you a list of all the loaded drivers with the path on the left, then - - - -, or - - - 1 or - -0 1 1, basically if you see a number after the driver path instead of all dashes, then your drivers have linked and loaded to a device, and they should only load for you XHCI PCI card and link to it.
Then I suppose you want to test if the card is working correct, and can take part in the boot process, so you'l want to connect a USB drive to it, preferably before you load the drivers and reconnect them. Then, I think, you need to map the file system of you USB drive into the system. For this reason it's best to have a Fat32 formatted USB drive.
Tho, your Mac has an HFS+ driver and a APFS driver, and they should be loaded and those partitions should get mapped at boot time, we're just using Fat32 because it's the least complicated and best supported filesystem for EFI/UEFI firmwares.
Code:
map fsThat command may not be correct, I'll have to check.
Then:
Code:
map -rSee of you can see the file system of you USB drive connected to the XHCI PCI card.
I know the efi shell, for example to update smc firmware on 1.1 / 2.1 - but great to have an overview and teach (me) old dog new tricks
Great info.
Can this be scripted or automated into a menu based app?
Could it be used this to configure the speed of pcie slots?
On the netkas forum someone had posted a way to force PCIE 2.0 by entering an efi shell and typing a few commands. I tried it and it did not work for me. In the post the guy used refit wheras I used refind because refit is no longer supported. Maybe someone can try and tell me if it works for them http://forum.netkas.org/index.php?topic=13541.0
Last edited:
- Status