Updating T2-equipped Intel MacBook Pro EFI Firmware (BootROM)

[tinygoblin]

Hello,

Is there some way to update EFI firmware (BootROM & iBridge) without updating macOS Big Sur or macOS Monterey on an Intel Mac with T2 chip? Mac is capable of running macOS Catalina.

I have already tried installing FirmwareUpdate.pkg using a well-known method by Pepijn Bruienne. That PKG should've contained firmware update for this Mac: the one that can be found in latest macOS Catalina Security Update 2022-001 and 2022-002 and which bumps firmware to match Big Sur 11.6.4 and Monterey 12.2 (according to this article). This didn't work, no T2 Mac updates found in the package, here's log of my struggle.

I'm afraid to try installing fresh copy of macOS to external SSD on this computer so the firmware gets updated during installation because users report installing recent macOS releases to expternal USB-C drives destroys or damages all Recovery partitions (including located on internal SSD). So this is not an option.

More questions that may give me some options:

1. Maybe there's some tool or article that describes how to fetch standalone Combo Update for specific macOS of particular Mac model?
2. Maybe someone knows how to set different destination for softwareupdate -d & softwareupdate -i methods?
3. Maybe someone knows a way to trigger firmware update of T2 Mac similar to method by Pepijn Bruienne?

Machine board ID is Mac-A61BADE1FDAD7B05.

Kind regards,

tinygoblin

 

[startergo]

Try this method:

Extract Firmware from OS X installer

Extract Firmware from OS X installer. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

 

[tinygoblin]

Thanks, it's essentially what I already did try. This doesn't work for T2 Intel Macs. Also eficheck Terminal tool does not support them (just like efiupdater tool) as well as there're no files for T2 Intel Macs in "FirmwareUpdate.pkg/Scripts/Tools/EFIPayloads/" or any other folder in SharedSupport.dmg of the full macOS installer. The only T2-related string I found is iBridge 19.16.10744.0.0 version name in file "SharedSupport.dmg\com_apple_MobileAsset_MacSoftwareUpdate\9a71c5fc091fc9270135473b183da69b12b853d9.zip\AssetData\boot\BridgeVersion.plist".

The author of the article Which firmware should your Mac be using? states:

<T2 Intel Macs> use a different mechanism for firmware updates, managed by their T2 chips. They’re also unable to run eficheck.

But he never explains what exactly this mechanism is or where to look for prompts.

 

[startergo]

Thanks, it's essentially what I already did try. This doesn't work for T2 Intel Macs. Also eficheck Terminal tool does not support them (just like efiupdater tool) as well as there're no files for T2 Intel Macs in "FirmwareUpdate.pkg/Scripts/Tools/EFIPayloads/" or any other folder in SharedSupport.dmg of the full macOS installer. The only T2-related string I found is iBridge 19.16.10744.0.0 version name in file "SharedSupport.dmg\com_apple_MobileAsset_MacSoftwareUpdate\9a71c5fc091fc9270135473b183da69b12b853d9.zip\AssetData\boot\BridgeVersion.plist".

The author of the article Which firmware should your Mac be using? states:

But he never explains what exactly this mechanism is or where to look for prompts.

Maybe someone who own T2 Intel Mac (preferably MacBookPro16,1 or MacBookPro16,4) and who recently has updated macOS to 11.6.4 or to 12.2 / 12.2.1 can post entire contents of "var/log/install.log"? This might be helpful to research how firmware update is triggered and what source it uses.

This seller sells connectors for firmware flashing. CC @tsialex Is it possible to flash the T2 chip?

 

[tinygoblin]

This seller sells connectors for firmware flashing

Thanks, I'll certainly drop him a line since he also sell programmable and pre-programmed chips. However I'm quite sure he just dumps existing firmware from chip as a BIN file, modifies it and flashes back directly from Windows PC without any macOS tools.

 

[tsialex]

CC @tsialex Is it possible to flash the T2 chip?

Nope, it's basically like an iOS device and updates exactly like it. No keys, no flash or anything. T2 Macs don't have a SPI flash with the BootROM like older Macs and it's inside the T2 storage, only T1 Macs (usually 2016 models) still have a SPI flash.

I known that a security researcher got it done a year ago using a private iBoot exploit, if I remember correctly, but, AFAIK, this is way outside our reach.

T2 firmware upgrades from the current macOS release trick down with Security Updates to the past two previous releases. Apple does it when it needs to be done, no one knows the schedule for that.

 

[tinygoblin]

Nope, it's basically like an iOS device and updates exactly like it. No keys, no flash or anything. T2 Macs don't have a SPI flash with the BootROM like older Macs and it's inside the T2 storage, only T1 Macs (usually 2016 models) still have a SPI flash.

I known that a security researcher got it done a year ago using a private iBoot exploit, if I remember correctly, but, AFAIK, this is way outside our reach.

T2 firmware upgrades from the current macOS release trick down with Security Updates to the past two previous releases. Apple does it when it needs to be done, no one knows the schedule for that.

Thank you for insightful explanation! Would you kindly elaborate when T2 that contains BootROM gets updated during macOS installation? If I execute full macOS 11.6.4 installation from bootable USB flash drive will it first update EFI and ask for a reboot to continue?

@startergo, thanks for summoning @tsialex to this thread!

 

[tsialex]

Thank you for insightful explanation! Would you kindly elaborate when T2 that contains BootROM gets updated during macOS installation? If I execute full macOS 11.6.4 installation from bootable USB flash drive will it first update EFI and ask for a reboot to continue?

@startergo, thanks for summoning @tsialex to this thread!

You are thinking like it's before late-2013 Mac Pro firmware updates, forget that, no parallel and the updates are done without you even knowing it. If I remember correctly, the iBridge firmware update is done after the basic macOS install is already done and the several reboots started. A security researcher documented this in detail, I don't remember who did it right now (4AM here and I'm half sleeping).

If I was looking at something like this, I'd try a T2 revive via Configurator2. The restore is done with the current iBridge version.

Revive or restore an Intel-based Mac using Apple Configurator 2

In rare circumstances, Apple computers may become unresponsive and the chip’s firmware must be revived.

support.apple.com

 

[startergo]

I'm afraid to try installing fresh copy of macOS to external SSD on this computer so the firmware gets updated during installation because users report installing recent macOS releases to expternal USB-C drives destroys or damages all Recovery partitions (including located on internal SSD).

There is nothing to worry about here. I have MBP15,1 which had a broken screen before Apple fixed it. I wanted to clear the operating system, but wiped the entire internal drive. Now the problem is that the drivers for the external screen only load after recovery boots and it was gone. I restored the recovery through the Internet Recovery with an ethernet cable connected to the Mac during boot. Or you can always create a time machine and restore it back as I normally do.

 

[tinygoblin]

You are thinking like it's before late-2013 Mac Pro firmware updates, forget that, no parallel and the updates are done without you even knowing it. If I remember correctly, the iBridge firmware update is done after the basic macOS install is already done and the several reboots started. A security researcher documented this in detail, I don't remember who did it right now (4AM here and I'm half sleeping).

If I was looking at something like this, I'd try a T2 revive via Configurator2. The restore is done with the current iBridge version.

Revive or restore an Intel-based Mac using Apple Configurator 2

In rare circumstances, Apple computers may become unresponsive and the chip’s firmware must be revived.

support.apple.com

You're correct I'm a bit out of the flow since I've updated from very first Intel Mid-2012 rMBP to very last Intel Mid-2020 rMBP which happened to have T2 chip. I heavily appreciate your input since I've been struggling with this for the last 5 days straight and that's not something I'm asking out of curiosity (it's a long story).

I thought about reviving as an option but I only found article that stated this procedure is meant for 2018 Mac mini (got me curious but not curious enough no find article you linked). So thank you for the link. Sadly my Mid-2012 MacBook10,1 is limited to 10.14 (without a hack) so it looks like Apple Configurator 2 is not currently an option (it's a long story). I will be getting 2019-2020 Intel iMac so I might be able to try Apple Configurator 2 method eventually.

There is nothing to worry about here. I have MBP15,1 which had a broken screen before Apple fixed it. I wanted to clear the operating system, but wiped the entire internal drive. Now the problem is that the drivers for the external screen only load after recovery boots and it was gone. I restored the recovery through the Internet Recovery with an ethernet cable connected to the Mac during boot. Or you can always create a time machine and restore it back as I normally do.

Well I don't argue it can be fixed eventually once it's broken. But it's a bit much for an EFI update what is like 10 MB itself at most. So I'd love to minimize risks here, that's all!

 

[tsialex]

MacBookPro10,1 runs Catalina officially and Configurator 2 required minimum macOS release is 10.15.6.

 

[tinygoblin]

MacBookPro10,1 runs Catalina officially and Configurator 2 required minimum macOS release is 10.15.6.

You're correct, double-checked it's me who misremembered compatibility, thank you!

 

[chrfr]

Hello,

Is there some way to update EFI firmware (BootROM & iBridge) without updating macOS Big Sur or macOS Monterey on an Intel Mac with T2 chip? Mac is capable of running macOS Catalina.

I don’t understand the problem you’re having here. I have T2 Macs running macOS 12.2.1 and I have T2 Macs running Catalina 10.15.7, which have never had Big Sur or Monterey installed. Both are on the same firmware versions:
1715.81.2.0.0 with iBridge version 19.16.10744.0.0.0.
The Catalina security updates update the T2 firmware same as the Big Sur and Monterey updates do.

 

[chrfr]

Maybe someone who owns T2 Intel Mac (preferably MacBookPro16,1 or MacBookPro16,4) and who recently has updated macOS to 11.6.4 or to 12.2 / 12.2.1 can post entire contents of "var/log/install.log"? This might be helpful on research how EFI firmware update is triggered and what EFI firmware source it uses.

Also, this may have been covered elsewhere in the thread but T2 Macs don’t have separate EFI firmware updates or installations, even within the OS installer bundles. The T2 is the only exposed firmware update, but that’s not EFI.

 

[tinygoblin]

I don’t understand the problem you’re having here. I have T2 Macs running macOS 12.2.1 and I have T2 Macs running Catalina 10.15.7, which have never had Big Sur or Monterey installed. Both are on the same firmware versions:
1715.81.2.0.0 with iBridge version 19.16.10744.0.0.0.
The Catalina security updates update the T2 firmware same as the Big Sur and Monterey updates do.

My macOS Big Sur 11.3.1 partition is 33.72 GB in size (as reported in Finder) and is used only to manage security of the computer (otherwise I don't need macOS, I cannot resize or temporary move my other OS partitions since they're already set up to tasks). Currently 4.93 GB is available on my Macintosh HD. I can squeeze another 1.89 GB at most out of it (6.8 GB free total). I'm afraid this free space is insufficient to install macOS Big Sur 11.6.4 update since download size is around 2.5 GB. I need to update firmware since the one introduced in 11.3 has a lot of issues and 1715.81.2.0.0 (iBridge 19.16.10744.0.0,0) is generally OK and includes security improvements. Do you happen to know how much free space is required for update installation process once it's downloaded? Since the jump from 11.3.1 to 11.6.4 is sufficient, I don't want to brick Mac due to insufficient space while installing an update, 11.6+ have similar surprises, and 11.6.4 being most recent has little reports on anything like that.

Also, this may have been covered elsewhere in the thread but T2 Macs don’t have separate EFI firmware updates or installations, even within the OS installer bundles. The T2 is the only exposed firmware update, but that’s not EFI.

Thanks for clarification, this confirms my observations and corresponds to answers provided by @tsialex.

 

[chrfr]

My macOS Big Sur 11.3.1 partition is 33.72 GB in size (as reported in Finder) and is used only to manage security of the computer (otherwise I don't need macOS, I cannot resize or temporary move my other OS partitions since they're already set up to tasks). Currently 4.93 GB is available on my Macintosh HD. I can squeeze another 1.89 GB at most out of it (6.8 GB free total). I'm afraid this free space is insufficient to install macOS Big Sur 11.6.4 update since download size is around 2.5 GB. I need to update firmware since the one introduced in 11.3 has a lot of issues and 1715.81.2.0.0 (iBridge 19.16.10744.0.0,0) is generally OK and includes security improvements. Do you happen to know how much free space is required for update installation process once it's downloaded? Since the jump from 11.3.1 to 11.6.4 is sufficient, I don't want to brick Mac due to insufficient space while installing an update, 11.6+ have similar surprises, and 11.6.4 being most recent has little reports on anything like that.

Thanks for clarification, this confirms my observations and corresponds to answers provided by @tsialex.

Ultimately, you really need a larger macOS partition. I’d make sure that you have the Startup Security app configured to allow external booting in case something goes wrong, but perhaps a clean install using a USB installer would allow you to get a current OS on the computer. I’d go to Monterey for these purposes.
You’re never going to get an update to install on a partition that’s so small, but the issue with the installer not properly checking for free space has been long resolved.
A Catalina installation would require less space and the updates will be smaller, but you also will only be getting a few more security/firmware updates for Catalina since support will end this fall.

 

[tinygoblin]

Ultimately, you really need a larger macOS partition.

Correct, however I tried my best. This makes 12.72 GB free on 32.72 GB macOS partition (another 1.1 can be added by wiping useless desktop pictures):

rm -rf “/Volumes/Macintosh HD - Data/Applications/GarageBand.app”
rm -rf “/Volumes/Macintosh HD - Data/Applications/iMovie.app”
rm -rf “/Volumes/Macintosh HD - Data/Applications/Keynote.app”
rm -rf “/Volumes/Macintosh HD - Data/Applications/Numbers.app”
rm -rf “/Volumes/Macintosh HD - Data/Applications/Pages.app”
rm -rf “/Volumes/Macintosh HD/Library/Audio/Apple Loops”
rm -rf “/Volumes/Macintosh HD/Library/Application Support/GarageBand”
rm -rf “/Volumes/Macintosh HD/Library/Application Support/Logic”
sudo pmset hibernatemode 0

The story is as follows. The softwareupdate tool refused even to download the update which is 3 GB with 11 GB of free space at first. Tool reported another 1.56 GB was required. So after removing bloatware I downloaded 11.6.4 via softwareupdate, but softwareupdate tool wasn't able to install it using -i option (it just returned "Downloaded macOS BS 11.6.4-20G417") and I had to go to System Preferences > Updates > Install. After seemingly successful installation the firmware got updated! However I noticed "macOS Installer" appeared in boot menu (Option-boot) and macOS version didn't get updated to 11.6.4 from 11.3.1 and there was only 1.97 GB free on internal Macintosh HD! FFS this is such a joke. So I found and wiped all traces of failed update (I never found explanation, only "MCU 1130 Failed to seal system volume" error in "/Volumes/Macintosh HD/Volumes/Update/last_update_result.plist"). Directories used by softwareupdate and that never get purged are:

/Volumes/Macintosh HD/System/Volumes/Update/mnt1
/Volumes/Macintosh HD/System/Volumes/Update/software.update*
/Volumes/Macintosh HD/System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate/
/Volumes/Recovery/<Random-ID>.staged
/Volumes/Preboot/<Random-ID>.staging
/Volumes/Preboot/<Random-ID>/boot/System/Library/KernelCollections.staged
/Volumes/Preboot/<Random-ID>/staged-overlay
/Volumes/Preboot/<Random-ID>/com.apple.installer

I tried again this time using System Preferences > Software Update. It got downloaded but in the very end of installation (30 sec left) it reported: Not enough free space, another 2.89 GB is required! It makes it 15.61 GB total to install 3 GB update. This is i-n-s-a-n-e. This got me VERY upset because I'm almost sure there's nowhere to get this space without breaking "/Volumes/Macintosh HD". I'll probably try moving "/Volumes/Macintosh HD - Data" contents (4.4 GB) somewhere and run another iteration. But for now it looks like it's impossible to get both firmware and software updates. Well at least I got the firmware. However because update didn't succeed it didn't replace EFIs in Preboot, Recovery. So it's half-baked result. I'm so done with this low quality half-a$$ed software product, people call it gayOS for a reason (no offence, fellow LGBT people). I guess ultimately I'll have to install complete 11.6.4 from an external drive with wiping existing installation to get where I want.