EFI System Partitions: a hidden problem?

Many users have reported that their Mac’s firmware doesn’t get updated when they install a macOS or Security Update which is supposed to include a firmware update for that model. By far the most frequent problems occur with the iMac Retina 5K 27-inch Late 2015, model designation iMac17,1, but there has been no shortage of similar problems with other models. One strong association is with Macs which have had their original internal storage replaced, sometimes even with an Apple-supplied disk, although the most recent Catalina updates and their matching Security Updates have brought relief for some.

This article looks at one obscure factor which can prevent firmware updates from installing: the EFI System Partition. Could this be responsible for these problems?

When Apple introduced Macs with Intel processors (what an appropriate moment to consider this!), they brought two relevant changes: EFI, strictly the Unified Extensible Firmware Interface (UEFI) to replace Open Firmware, and the GUID Partition Scheme for disks. Although these may appear only loosely related, and the whole subject pretty murky, they are closely linked in that small partition which every GUID partitioned disk should have, named EFI.



Much of what we loosely term firmware is loaded from disk early during the boot process. In UEFI, the idea is that a partition on each bootable disk should be dedicated to the boot loaders, kernel images, device drivers and so on used by the firmware to get the computer ready to load an operating system. This partition uses its own file system which is based on the FAT format, and is normally reported as being MS-DOS FAT32. It has a Volume GUID of 0E239BC6-F960-3107-89CF-1C97F78BB46B (originally given as C12A7328-F81F-11D2-BA4B-00A0C93EC93B), and is invariably the first partition on that disk.

When your Mac is running, the EFI partitions are unmounted, and aren’t shown explicitly in Disk Utility. They are listed in different items in System Information, according to the disk type. For instance, Apple internal SSDs controlled by T2 chips are listed under NVMExpress. The best way to inspect them is with the Terminal command
diskutil info -all
which you might like to drop into a file for reference. Typically, the partition is only small, just over 200 MB. You should find one EFI partition like that on every disk which has been correctly formatted using the GUID Partition Scheme.

What’s unusual about the Mac’s implementation of UEFI is that, although the EFI partition is normally present, it isn’t used for its original purpose, much of the time being left empty. In fact, you should be able to remove the EFI partition altogether without affecting that Mac’s ability to boot from that disk.

In the early days of Intel Macs, it became apparent that the EFI partition is essential for one task: firmware updates. Unfortunately, the Wikipedia article on this subject doesn’t give a specific reference for this, but there are hints in a couple of articles from that time. Apple dropped a heavy hint in writing: ‘An Intel-based Mac can only install firmware updates on a disk with the “GUID Partition Table.”‘ Christoph Pfisterer’s article about Intel Macs reported: “There is still some uncertainty about firmware updates, though. So far no one has investigated how they work in detail, and some people believe they require the EFI System Partition to be present.”

From those, the Wikipedia article concludes that this otherwise unused partition forms a “staging area for firmware updates”.

A great deal has changed since those articles were written, and Apple doesn’t even provide separate firmware updates any more, instead they’re always bundled in the installers which come with a macOS update, or Security Update. But even Macs with a T2 chip and Catalina’s APFS Volume Group on their internal SSD still have that vestigial EFI partition, or so they should. Is it there just for the sake of posterity, or are firmware updates still staged through the EFI System Partition?

Let’s say, for a moment, that a disk using the GUID Partition Scheme became damaged, and its EFI partition was non-functional or missing as a result. If firmware updates still rely on that partition, wouldn’t that be good reason for them to fail? Unfortunately, this isn’t easy to investigate. Beyond identifying the partition using diskutil, mounting and checking it is non-trivial. But I’d be fascinated to know whether anyone whose Mac won’t update its firmware correctly has evidence that their EFI partition is sick or missing.