hoakley November 3, 2018 Macs, Technology

LockRattler 4.13 now checks your EFI firmware

A year ago it all seemed too good to be true: Apple’s team of firmware engineers wanted to bring order to the chaotic state of EFI firmware. In High Sierra, they introduced a new tool, eficheck, which ran every week and quietly ensured that your firmware wasn’t being nobbled by malware, and was reasonably up to date.

Then this week, a couple of security updates and Mojave 10.14.1 put all that good work at risk. Without any warning, every model of Mac underwent firmware update which not only changed the version number, but the system used to express its versions. Except that eficheck continues to give version numbers using the old system.

This new version of LockRattler tries to help you untangle this mess, by revealing the current EFI firmware version using both numbering systems. For the new system, I keep track of the latest versions on this page. The old system, returned still by eficheck and also shown in this new version of LockRattler, gives the date of that version in its last group of digits, e.g. 1809251200 means [20]18/09/25 12:00.

Another problem which Mojave brought was failure in Apple’s macOS installation information. Prior to 10.14, each time that you upgraded or updated macOS, the official name of that version and its version number were logged in the installation records. The first full release of Mojave broke that: it gave its name as SU_UPDATE, without any version number, and has even confused Apple’s own System Information as a result. Mojave 10.14.1 also breaks previous rules, as it too fails to give a version number.

These issues mean that previous versions of LockRattler don’t recognise the Mojave 10.14.1 update, just as SystHist didn’t before I updated it yesterday. This new version accommodates these errors, and does record it properly.

I have updated the documentation and Help book to explain the EFI version checks.

Macs with T2 chips

This new version of LockRattler should be treated as a beta when run on Macs with a T2 chip. This is because they don’t support the eficheck command. At present, this should be handled gracefully and write an appropriate error to the scrolling text view. However, I am unable for the moment to test on a T2-equipped Mac, so I would greatly appreciate reports on their behaviour.

The worst case is that the new LockRattler doesn’t handle the T2’s quirks gracefully, and crashes when starting up. If so, please let me know, and revert to the previous version 4.12 for the time being.

LockRattler 4.13 is available from here: lockrattler413
and from Downloads above.

16Comments

Add yours

1

Joss on November 3, 2018 at 10:56 am

I’m getting “Failed” errors for the software update tool when clicking i.a. “Refresh”. (Mojave 10.14.1 on 2018 MBP T2)

LikeLiked by 1 person
- 2
  
  hoakley on November 3, 2018 at 11:02 am
  
  Thanks.
  The failed errors aren’t from the software update, but from the refresh: when you click on Refresh, it repeats all the checks which are run when you open the window in order to refresh all the contents.
  The failed error is from trying to run the eficheck command again, which is the correct result when your Mac has a T2 chip.
  I need to put some newline characters in to make that clearer, as well as giving a little more detail on the error.
  I’d like to find a way to detect the T2 so that it can then avoid trying to run eficheck altogether if that is present, but haven’t discovered that secret yet.
  Howard.
  
  LikeLike
  - 3
    
    Joss on November 3, 2018 at 11:05 am
    
    Wouldn’t the T2 check be relatively easy based on the existence of iBridge in the EFI output? Or does the T1 also produce iBridge output?
    
    LikeLiked by 1 person
    - 4
      
      hoakley on November 3, 2018 at 11:11 am
      
      I don’t know, but I’ve worked out for to do this robustly (and obviously): check whether eficheck is present. That will eliminate both Sierra systems and, I think, those with a T2 chip.
      I’ll see if I can get this ready for Monday.
      Thank you for your help.
      Howard.
      
      LikeLike
- 5
  
  Philip Noguchi on November 5, 2018 at 10:20 pm
  
  Joss,
  
  How were you able to paste a screenshot in WordPress? Inquiring minds would like to know…
  
  -Phil
  
  LikeLiked by 1 person
  - 6
    
    hoakley on November 5, 2018 at 10:22 pm
    
    He posted it to his own site, then linked to that.
    Howard
    
    LikeLike
- 7
  
  Joss on November 6, 2018 at 12:42 am
  
  @Phil: I always upload to imgur (public API without an account), and the upload software returns the direct link to the image, which wordpress seems to embed automatically. For screenshot uploads like above I use Snappy (MAS freeware), for image uploads from Preview etc. via the Share menu I use the abandonware ImageShareUr (still available via the Internet Archive), which also works in Safari, and for uploads in the browser of my choice (Firefox) I use the add-on Imgur-Uploader. All of these return direct links ready for embedding.
  
  LikeLike
  - 8
    
    Joss on November 6, 2018 at 12:52 am
    
    Snappy: http://snappy-app.com/
    
    ImageShareUr: https://web.archive.org/web/20151122030602/http://www.simplicate.info/wp-content/plugins/download-attachments/includes/download.php?id=1357
    
    Imgur-Uploader: https://github.com/st900278/Imgur-Uploader-Firefox
    
    LikeLiked by 1 person
  - 9
    
    Philip Noguchi on November 6, 2018 at 2:14 am
    
    Joss, thanks for the clarification and explanation. Not sure I would be so diligent for a paste, but I will try it. Maybe!
    
    LikeLike
  - 10
    
    Philip Noguchi on November 6, 2018 at 3:33 am
    
    Joss, Thank you very much for the tips. Snappy->Imgur was perfect for the snapshot as shown below
    
    This is a screenshot of LockRattler 4.14 on a 2018 MacBook Pro with T2 chip:
    
    LikeLiked by 1 person
11

Phil Noguchi on November 3, 2018 at 2:31 pm

Howard,

Two observations with the 4.1.3 LR.

First, on MacBook Pro 2018 I get the same error message as Joss.
Second On MacBook Pro 13 inch 2012 model Mojave 10.14.2 beta 1, TCC version is now 15.0 rather than 14.0.

LikeLiked by 1 person
- 12
  
  hoakley on November 3, 2018 at 2:35 pm
  
  Thanks. Yes, that error is because the T2 models don’t support eficheck. Interesting that TCC has been updated in 10.14.2.
  Howard
  
  LikeLike
13

John Lockwood on November 3, 2018 at 5:44 pm

Thank you for updating your tool to provide a means of checking EFI versions.

Would it be possible for you to do the following –

1. Indicate if an EFI version is out-of-date, correct, or newer than expected like EFIgy did/does
2. Provide a means of using LockRattler via the command line to query for information like EFI versions.

As you may or may not be aware EFIgy seems to have been broken due to the same Mojave caused changes but at least your tool works for non-T2 models. See https://github.com/duo-labs/EFIgy

LikeLike
- 14
  
  hoakley on November 3, 2018 at 5:54 pm
  
  Thank you.
  As Apple doesn’t provide a list of current EFI firmware versions for any models, and doesn’t even announce when they change with updates, the only list that I could produce would be similar to the article which I try to maintain here. If you open LockRattler’s Help book, I now include a link to that page for those who wish to look that info up. In the next version, I will probably also put that link into the Help menu.
  Unfortunately, I haven’t worked out a way of creating a static-linked page of (e.g. XML) parsable content here in WordPress which I can keep up to date. So while I can readily link to an article or regular page, I don’t know how I could look that info up in LockRattler, or in a command tool.
  I’m sorry to hear that EFIgy has broken, but hope that they manage to get it working again. Unfortunately, Apple seems to take delight in trying to stop us from knowing whether our EFI firmware really is current.
  Howard.
  
  LikeLike
15

Ian Weir on November 4, 2018 at 5:09 pm

Running an iMac Boot ROM version same as EFI

Model Name: iMac
Model Identifier: iMac16,2
Processor Name: Intel Core i7
Processor Speed: 3.3 GHz
Number of Processors: 1
Total Number of Cores: 4
L2 Cache (per Core): 256 KB
L3 Cache: 6 MB
Memory: 16 GB
Boot ROM Version: 223.0.0.0.0
SMC Version (system): 2.32f20

LikeLike
- 16
  
  hoakley on November 4, 2018 at 5:16 pm
  
  Yes – that is correct under the new numbering system. However, the old system should return 0221.B00.1809171530 for your model.
  Howard.
  
  LikeLike