hoakley October 9, 2019 Macs, Technology

A gap opens in EFI firmware, leaving Sierra in doubt

In recent macOS release cycles, Apple has followed a fairly regular pattern. The last minor update to the previous major release of macOS, such as 10.13.6, has brought EFI firmware updates across all models, in preparation for the first release of the next major version. That hasn’t worked out with Catalina: if you have installed its first release, your Mac will have undergone firmware update, but Macs still running Mojave and High Sierra have, for the moment at least, been left running the previous firmware.

In the normal course of updates, we should expect Apple to release security updates for High Sierra and Mojave very soon, which will install the same firmware updates as came with Catalina. Although that may well still happen, there’s something else rather odd with these Catalina-only firmware updates: they’re mostly older than the last Supplemental Update (the third) for Mojave 10.14.6, and its parallel security update for High Sierra.

It’s not as if the Catalina firmware isn’t generally compatible with the last releases of Mojave. Many of us who’ve been beta-testing Catalina also dual-boot those same Macs from Mojave. Although a few have reported kernel panics which might result from incompatibilities between the Catalina firmware and Mojave, those don’t appear widespread. Indeed, those kernel panics seem if anything less common than those still reported in Mojave.

The most likely reason for this disparity in firmware versions is that Apple’s engineers have been focussing on shipping Catalina first and foremost. Now that has been released, they can bring High Sierra and Mojave kernels (in particular) up to full compatibility with the new set of firmware, and release those in a forthcoming security update.

If that’s the case, then one question remains open: in the normal course, Sierra security update 2019-005, released on 26 September, would be the last update to Sierra as support is withdrawn following the release of Catalina. Had these firmware updates shipped with Mojave 10.14.6, as had probably been intended, then Macs still running Sierra could have installed them. If Apple doesn’t release any further security update for Sierra, then it ends its support cycle in arrears of High Sierra and later. That means that it will already have known bugs and security vulnerabilities.

If you were planning to stay with Sierra for the time being, you’ll be watching closely for the next security update, bringing previous versions of macOS up to parity with Catalina’s new firmware. If Sierra isn’t included in that, you may wish to reconsider your decision and perhaps upgrade to High Sierra or later, which will at least continue to be supported by Apple.

It’s hard to envisage Apple leaving High Sierra and Mojave with older firmware, but I wonder how long their next security updates will take.

24Comments

Add yours

1

EcleX on October 9, 2019 at 3:11 pm

Somebody knows wen this PDF will be updated and finished?

About Apple File System
Apple File System Reference
Revision History

2019-02-07
Corrected the discussion of object identifiers in j_snap_metadata_val_t. The extentref_tree_oid and sblock_oid fields contain a physical object identifier, not a virtual object identifier.

2019-01-24
Added information about software encryption on macOS in the Encryption chapter.

2018-09-17
New document that describes the data structures used for read-only access to Apple File System on unencrypted, non-Fusion storage.

PDF: https://developer.apple.com/support/downloads/Apple-File-System-Reference.pdf
Web: https://developer.apple.com/documentation/foundation/file_system/about_apple_file_system

LikeLiked by 1 person
- 2
  
  EcleX on October 10, 2019 at 6:23 am
  
  My question above is related to the article, because it is related to this:
  
  Is Your macOS Catalina Install Stuck? Here’s How to Fix It
  Hold down the power button on your Mac until it turns off, and then power it back on.
  https://www.macrumors.com/mac
  
  Which could create serious disk directory damage or corruption that Apple Disk Utility cannot repair on APFS volumes. Other applications like DiskWarrior, TechTool Pro and Drive Genius cannot be released to rebuild directory of APFS disks (compulsory for booting disks since macOS 10.13 High Sierra, which was released by September 2017), because Apple has not yet released documentation about how to write to such disks more than two years latter, as Alsoft states:
  
  DiskWarrior 5.2 & Apple File System (APFS)
  What’s in the works
  The next major release of DiskWarrior will include the ability to rebuild APFS disks. Apple has recently released the “Read” portion of the APFS format documentation. Our developers are now waiting for the “Write” portion of documentation to update DiskWarrior to be able to safely rebuild Apple File System (APFS) disks.
  https://www.alsoft.com/diskwarrior5apfs
  
  Please, send feedback to Apple about it:
  https://www.apple.com/feedback/macos.html
  
  LikeLiked by 1 person
  - 3
    
    EcleX on October 10, 2019 at 6:25 am
    
    Oops! The full link above is
    https://www.macrumors.com/how-to/fix-macos-catalina-stuck-install
    Sorry about the truncated one!
    
    Suggestion: It would be good if this forum messages could be edited at any time. Thanks!
    
    LikeLiked by 1 person
    - 4
      
      hoakley on October 10, 2019 at 9:28 am
      
      Yes, it would be very good if comments to posts could be edited by their originator.
      Unfortunately, that is not an option which I am provided with. I can edit comments, but I have no means of allowing you to. Sorry.
      Howard.
      
      LikeLike
  - 5
    
    hoakley on October 10, 2019 at 6:30 am
    
    Thank you.
    Why should a forced shutdown produce “serious disk directory damage or corruption” on APFS?
    Do you understand how copy-on-write works? This isn’t old HFS+ which regularly trashed its directories, and relied on journalling so often.
    Howard.
    
    LikeLike
  - 6
    
    hoakley on October 10, 2019 at 9:35 am
    
    The whole purpose of APFS using copy-on-write on file system metadata is to prevent such damage from happening. Each data block used for metadata exists in one of two ‘atomic’ states when it is being updated, and those data are stored in separate locations. The file system writes out the new data to a new block, and when that has been completed successfully, the old data is retired.
    HFS+ doesn’t work like that, which is why it requires journalling. But even with journalling, it still has the propensity to leave the file system in an unstable and broken state in the event of a forced shutdown. That’s why Apple is trying to replace HFS+ with APFS.
    Although with APFS you should never force a shutdown casually, and it remains a serious option, there is no reason that it should leave the file system with “serious disk directory damage or corruption” that cannot be repaired easily by fsck_apfs.
    Howard.
    
    LikeLike
  - 7
    
    EcleX on October 10, 2019 at 3:06 pm
    
    Thanks. I guess APFS is not completely immune to directory corruption. If that can happen, I would like to have a way to fix it, just in case.
    
    I understand that rebuilding the directory of APFS disks may be necessary, among other situations, when there is a software or hardware freeze-crash-forced reboot. And even when mains fail or when people unplugs the computer from mains by accident (yes, those things happen!), or thinking that it is off, yet it is still on while shutting down.
    
    Years ago, the Mac display did not became black until the Mac was completely shut down. But now, the display goes black but the Mac is still on after selecting to shut down. When people boot from external drives, shut down the Mac and are in a hurry to unplug the external booting disk and go away, such disaster may happen, since they may unplug before the Mac is really off.
    
    LikeLiked by 1 person
    - 8
      
      hoakley on October 10, 2019 at 3:28 pm
      
      The way to diagnose and repair APFS volumes is fsck_apfs. You can recover contents from a crashed/damaged/erased APFS volume using third party tools. Unless someone does some very smart reverse engineering, we’re unlikely to see much else in the way of tools for some time to come. It may even prove that trying to rebuild APFS directory information (in the way you can with HFS+) simply isn’t effective or feasible.
      As to how likely APFS is to suffer directory damage from sudden power outage, if anyone knows they’re keeping quiet. However, as I have said repeatedly, APFS is designed to make such damage almost impossible. And it’s all about risk, as no one can ever guard totally against every type of disaster.
      If I were wondering whether to invest heavily in prolonged development of third party disk repair tools, I wouldn’t bother catering for APFS – I don’t think that sales would merit any substantial investment, unlike with HFS+ where every self-respecting user has to have such tools.
      Howard.
      
      LikeLike
  - 9
    
    EcleX on October 10, 2019 at 4:54 pm
    
    Thanks. You said:
    “The way to diagnose and repair APFS volumes is fsck_apfs”. Three questions:
    
    1. Is it automatically done by macOS after a freeze-forced shutdown and cold boot or similar scenario?
    
    2. Besides that, is it automatically done by macOS when disk corruption is generated some other way? I know you will smile on this, but sometimes computers get corrupted for not apparent reason. Imagine some mysterious corruption caused by neutrinos from space or whatever…
    
    3. Finally, can or should the user manually run such fsck_apfs when desired? How? Does Disk utility “Firsts Aid” do it? On the booting disk? Booting from other disk?
    
    LikeLiked by 1 person
    - 10
      
      hoakley on October 10, 2019 at 6:01 pm
      
      1. Not to the best of my knowledge. As with all such diagnostics, you’d need to start up in Recovery Mode to do the best job. However, this isn’t like replaying the journal in HFS+ – if you don’t do that in such circumstances, chances are you file system will be broken, as we all well remember before the introduction of journalling.
      2. I don’t know of any reliable way of detecting file system “corruption”, so I don’t know of any tool which would do this. Nor I think would you want it to! If you see disk errors, then that’s the time to run fsck_apfs.
      3. I have written about this here. You can just run Disk Utility in regular user mode, but best practice is still to restart in Recovery Mode, which means that you aren’t booted from the volume you’re trying to repair. Disk Utility is very good, and unmounts the volume before checking it, but it’s still better to have booted from a different volume, IMHO.
      Until a new file system is more widely understood, standard practice is to rely first and foremost on its own developer’s tools, particularly fsck, as the developer has a vast amount more insight and understanding of the file system they’ve just been developing. It’s only when a file system gets more mature that third parties, like Alsoft, can outperform the original engineers, normally.
      Howard.
      
      LikeLike
  - 11
    
    EcleX on October 10, 2019 at 8:24 pm
    
    Thanks. Then, I understand that to run fsck_apfs on Disk 1 it is equivalent to do it booting such disk in Recovery Mode than just boot from other Disk 2 (like an external SSD) and run Apple Disk Utility – First Aid from the latter on Disk 1. Is that correct, or does fsck_apfs in Recovery Mode perform more repairs?
    
    LikeLiked by 1 person
    - 12
      
      hoakley on October 10, 2019 at 8:38 pm
      
      As my article shows, running First Aid in Disk Utility and running fsck_apfs are fundamentally the same, only using the command tool directly does give access to more options, such as prompting before making any repair. For the great majority of users and circumstances, Disk Utility should be their first choice.
      Trying to perform any repair on an active file system is unwise. Ideally, it shouldn’t be the boot disk, and requires to be unmounted. Although Disk Utility will perform this for you on your boot disk, it’s generally consider wiser to boot from a different volume from the one you want to repair. That could be any bootable volume, preferably from a different disk. Recovery Mode is generally the most accessible way to do that.
      I hope that is clearer.
      Howard.
      
      LikeLike
13

David B. on October 9, 2019 at 6:00 pm

Howard ……… Have you ever seen this “Unrecoverable Error” window?

Apple iMac ‘error’ message – 7 Oct 2019

LikeLiked by 1 person
- 14
  
  hoakley on October 9, 2019 at 6:09 pm
  
  No. Have you raised it with TeamViewer support? After all, it’s their software.
  Howard.
  
  LikeLike
15

David B. on October 9, 2019 at 6:41 pm

No, I haven’t been in touch with TeamViewer. When this occurred after I had deleted everything I could find labelled TeamViewer (using ‘EasyFind’) I completely lost control of my iMac. Clicking on ‘OK’ moved my mouse-pointer to the top left hand corner of the screen – but literally nothing else would function. A restart brought up the same window. Switching off completely and then on after a short pause – the same.

I carried out this procedure https://support.apple.com/en-gb/HT201314 but was unable to reinstall my OS (macOS Catalina!). I did the same thing again and then chose to Restore from a Time Machine Back-Up.

That was successful and all appears to be working normally now. Phew!

I’d become concerned because I’d seen in my Logs that TeamViewer had been trying to connect constantly during the night whilst I’d been asleep – but I don’t currently have TeamViewer installed on this machine! It just seemed very odd to me! Here’s a look at what is now found by EasyFind …

View post on imgur.com

Kind regards
David.

LikeLiked by 1 person
- 16
  
  hoakley on October 9, 2019 at 6:50 pm
  
  That’s because you’ve not uninstalled TeamView, but most of it has been reinstalled from your backup.
  The best thing to do now is to reinstall it, then follow the instructions here to uninstall it. That should make a cleaner job of it.
  I wish you success.
  Howard.
  
  LikeLike
  - 17
    
    David B. on October 9, 2019 at 7:01 pm
    
    Thanks, Howard 😀
    
    LikeLiked by 1 person
18

A gap opens in EFI firmware, leaving Sierra in doubt – The Eclectic Light Company – Jerry's Mac Blog on October 10, 2019 at 2:27 pm

[…] Source: A gap opens in EFI firmware, leaving Sierra in doubt – The Eclectic Light Company […]

LikeLike
19

Fizniperal (@truefizniperal) on October 15, 2019 at 10:58 am

I will stick with Sierra for as long as possible, which in my experience means until browser are not supported anymore. I really hate changes to my day to day use. I used every Mac Os since 7. I still remember well how good Snow Leopard and then Mountain Lion were. Transitions were always bad but not unbearable like now.
Examples: Expose windows fixed positions (Mission Control moves them in a random way, very confusing), Spotlight sortable results through preference panel, colored labels which help my poor vision and bigger fonts system-wide, Quicklook working on every kind of video, old iWork / Disk Utility / iTunes. All this dropped features, which for me are always more important than the new ones, were not announced by Apple, nor was given opportunity to make a choice about them. Sometimes little bugs appears from nowhere like Quicktime 2x FastForward without audio anymore, and dozen of such.

LikeLike
- 20
  
  hoakley on October 15, 2019 at 11:51 am
  
  I think that you will find that Apple no longer releases Safari for Sierra any more.
  Howard.
  
  LikeLike
21

cade on December 15, 2019 at 12:31 pm

Howard: silent knight shows me:
Mac model iMac17,1
EFI version found 170.0.0.0.0; expected 174.0.0.0.0
❌ Need to update EFI firmware.

But I don’t know how to do that. Have looked around here, ran LockRattler but can’t figure out how to update OR IF it can be updated from 170 to 174?

Thank you so much!

LikeLiked by 1 person
- 22
  
  hoakley on December 15, 2019 at 12:39 pm
  
  Thank you.
  Unfortunately, the iMac17,1 is notorious for not updating its EFI firmware. Apple now only delivers firmware updaters in macOS updates and security updates.
  You don’t say which version of macOS you’re running: if it’s High Sierra or Mojave, all you can do is download the last standalone security update and try installing that again. You’ll perhaps then need to check for updates and install the pushed updates to XProtect and MRT again as well.
  If you’re running Catalina, you can try downloading and installing the standalone 10.15.2 Combo update, then install the pushed updates to XProtect and MRT again.
  Links to those are on this page.
  I suspect that your firmware will stay at its present version number despite these, in which case I recommend that you contact Apple Support. They are now aware of the problem with this model and its firmware, but I don’t think have a solution to offer yet.
  I wish you success,
  Howard.
  
  LikeLike
23

monmaonoMon on February 9, 2020 at 7:22 pm

Hi, I don’t know if my question is beyond the scope of this article.
I apologize for that.

I want to buy an iMac 21.5 “Core i5 2.3Ghz | 8GB RAM | 1TB HDD originally released with Sierra in 2017 and currently sold by Apple with Catalina?
My wish is to install High Sierra in this iMac 2017 that Apple now sells with Catalina.
To do this I will delete the APFS disk, format the new volume with HFS+ and then install High Sierra from an external USB.

I have two questions:
Is there any limitation of firmware that prevents to do this?
Is this procedure possible?

Thanks in advance

LikeLike
- 24
  
  hoakley on February 9, 2020 at 9:41 pm
  
  Thank you.
  Yes, I think this should work. The firmware for High Sierra to Catalina on that model is now exactly the same, so you shouldn’t have any problem there.
  Your plan to install from a bootable USB drive is exactly the one I would recommend: boot from that, and using its Disk Utility initialise the internal storage completely, then install High Sierra onto that.
  I wish you success,
  Howard.
  
  LikeLike

·Comments are closed.

Share this:

Related