SilentKnight and EFI firmware checks

As you may have seen, the first release of Catalina brings EFI firmware updates for all models. This means that the same Mac would report different firmware versions when it is running up-to-date versions of macOS 10.12-10.14, compared with that Mac when updated to 10.15.

This is a problem for checking EFI firmware versions, as performed by SilentKnight, as the latest version depends on the version of macOS installed on it. Although I know this is also true for older versions such as El Capitan, for the time being at least a lot of Macs won’t be upgraded to Catalina, although many will.

As I have written elsewhere, I expect that Apple will release the same EFI firmware updates in future security updates for High Sierra and Mojave. If that happens reasonably soon, I intend updating my database of firmware versions when that happens, and all recent Mac models should be on consistent firmware releases.

That means that, until those security updates are released, Macs which have had Catalina installed will be running more recent firmware than SilentKnight expects. This is handled properly in SilentKnight, which reports both the version found and the version expected. For example, my MacBook Pro has just been upgraded to Catalina, and SilentKnight reports that its firmware is “up to date”, but in its detailed text report it notes the difference:
EFI version found; expected
Version is that installed currently in identical models which haven’t been updated to Catalina.

SilentKnight will only report a firmware problem when the version found is older than that expected.

If, despite my expectations of security updates in the near future, Apple has decided to leave Mojave and older systems with their existing firmware versions, I will modify my database and the SilentKnight app so that they cope with that. For the time being, Catalina users please bear with me.


If you’ve upgraded your Mac to Catalina, SilentKnight will give your firmware a green, as being up to date, but will also inform you that it’s firmware is newer than expected.

If you’ve not upgraded to Catalina, SilentKnight will behave as expected.

I won’t change this until Apple (most probably) pushes security updates to Mojave and earlier which bring their firmware up to the same versions that ship with Catalina.