EFI Modifications Leaves iMac Unbootable? 288
jerbare writes "In attempting to run Linux and Windows on the new iMac Core Duo, people experimenting with configuring the EFI Console/Boot loader have found they can no longer boot the machine at all. Dave Schroeder of appleintelfaq.com comments, 'We have already irreversibly lost a couple of iMacs trying to load various EFI modules'. Instructions for breaking the iMac's are presently located at the bottom of the comments."
Ugh...been there (Score:5, Interesting)
Reminds me of a situation I faced back in the day when I was a tech at a small mom-and-pop computer repair establishment. We received a shipment of motherboards, and found out that the BIOS on every single one of them was corrupt. Since the boards wouldn't even post, the traditional remedy of flashing the BIOS via a bootable floppy was not available. Normally, we would have just boxed up the boards again and returned them for replacements, but we desperately needed those boards to fill orders.
Well, desperate times call for desperate measures...
I got to thinking, "you know...once you've started booting to an OS, that BIOS chip isn't even being used anymore....hmmm". With this in mind, I pulled a working BIOS from another board, swapped it out with the bad BIOS, and powered the system on, booting from the BIOS flash floppy. Once the board had booted to the flash program, I carefully pulled the good chip back out, and put in the bad chip. I then ran the flash program to overwrite the bad BIOS.
Long story short, it worked like a charm. I managed to revive every board in the bad shipment without incident using this unorthodox technique.
Anyway, it should be possible to rig up a similar arrangement here, although as I am unfamilliar with EFI, I'll leave the details up to someone else.
Re:Ugh...been there (Score:2, Funny)
Unofficial Moderation (Score:3, Insightful)
Re:Unofficial Moderation (Score:2, Troll)
Re:Unofficial Moderation (Score:5, Funny)
Re:Unofficial Moderation (Score:5, Funny)
hacker no.
And that makes all the difference.
Re:Unofficial Moderation (Score:3, Insightful)
This is not all that uncommon a procedure though. I've done this with some old boards. I tend to use the machines I find on the street for swapping live EEPROMS though.
Once I accidentally put an EEPROM back in the wrong way around (unforgivable with my electronics background) and the little plastic sticker which normally would cover the window (which was not
Re:Unofficial Moderation (Score:5, Funny)
Re:Ugh...been there (Score:2)
Re:Ugh...been there (Score:3, Interesting)
When I had EEPROMs stuck or glued in sockets -- really stuck -- and we needed what was on the EEPROMs, our solution was to remove the board, desolder and remove the socket from the board, and put the whole socket assembly into the reader/programmer. If you were really desperate to get at the physical chip, or the socket wouldn't fit in the reader, Dremel time. Afterwards, new socket.
I've always found that the
Works on other platforms also. (Score:3, Informative)
I’ve done the exact same thing to bypass security features on SPARCstations [cclien.net]. Try it sometime—it’s fun!
Tangent: you don’t need to understand Chinese to understand the instructions on that page. ;)
Re:Ugh...been there (Score:2)
Re:Ugh...been there (Score:3, Insightful)
Did you at least notify the manufacturer of the defect? Not everyone can go all MacGyver on motherboards, and if some customers are finding ways to fix broken equipment in their own way it could prove to be bad for both the company and the customer. That is if the manufacturer isn't kept in the loop that they have produced a batch of malfanctioning devices.
Such thing
Re:Ugh...been there (Score:5, Interesting)
BIOS Hot Swapping (Score:5, Informative)
http://www.google.com/search?q=bios+hot+swapping [google.com]
Re:Ugh...been there (Score:4, Interesting)
Put the right chips in the right sockets and everything was golden!
Re:Ugh...been there (Score:2)
Re:Ugh...been there (Score:3, Interesting)
Re:Ugh...been there (Score:3, Informative)
Uhh,,, (Score:5, Funny)
Uhh, thanks.
Re:Uhh,,, (Score:5, Funny)
$FOO or Death - OB Eddie Izzard Quote: (Score:2)
In case of Slashdotting... (Score:3, Interesting)
I AM NOT KIDDING. THE FOLLOWING METHODS WILL PUT THE IMAC IN A STATE OF DISREPAIR BY AN END USER, EVEN WITH ACCESS TO THE INTERNAL HARDWARE.
With that said, here is how I killed the iMac Core Duo:
1. Downloaded EFI sample implementation and unzipped
2. Moved the 'Binary' folder to the hidden EFI partition (sudo mkdir
And by playing with OpenFirmware ... (Score:2)
RTFC (Score:4, Informative)
Actually, if you RTFC (RTF Comments) which are at the end of the article (as it says in the story) you'll find that you can completely screw your new Intel Mac into not booting. Not even running the OS X install CD will fix it. Here's one of the comments describing the problem:
Re:RTFC - can restore brick macs (Score:5, Informative)
From Dave Schroeder posted 01/23/06
By following these steps, the iMacs that had difficulty with certain EFI modules appear to have been restored to a functioning state:
- Disconnect the internal hard disk
- Disconnect the iMac from AC power
- Plug in AC while holding the power button
- Power up the iMac and zap NVRAM (cmd-opt-P-R)
The hard disk can be reformatted and the operating system restored.Restoring from "Bricked" condition (Score:3, Insightful)
This basically is the answer to the question behind the first ~100 or so posts (mine included).
So it's not an irrecoverable "bricking" problem, but it does get close.
I wonder if it's possible, rather than reformatting the HD, to put it into another machine and just wipe the partition with the bad NVRAM image on it. Not that it really matters in a test environment (which I hope is the only place anyone would ever try this), where you'd probably want to reformat and reinstall anyway, but I just
Dual Booting is not the answer (Score:5, Interesting)
What about Linux? (Score:2, Informative)
Re:What about Linux? (Score:3, Insightful)
Re:What about Linux? (Score:4, Informative)
Re:What about Linux? (Score:4, Informative)
I also believe EFI is the standard firmware used on Itanium systems too, so linux already must support it to run on such systems.
Re:Dual Booting is not the answer (Score:2)
Re:Dual Booting is not the answer (Score:2)
Re:Dual Booting is not the answer (Score:5, Interesting)
Re:Dual Booting is not the answer (Score:2)
Unless Microsoft releases versions of their libraries for OSX (highly unlikely seeing as how Apple is supposed to be competing with them) Apple is pretty much in the same position as WINE, trying to reverse engineer the libraries. But they will have much less experience with this than WINE.
IMO
Re:Dual Booting is not the answer (Score:3, Insightful)
Re:Dual Booting is not the answer (Score:5, Informative)
Dunno why no one in this thread seems to be talking about vanderpool. Maybe y'all should just wait to hear from someone who knows what they're talking about. (Not me, for example.)
Re:Dual Booting is not the answer (Score:2)
On a second read it seems that the original post refers to running the actual windows OS on top of OSX, like Vmware does. If you do that you do not need to reverse engineer the windows binaries, because you are actually running the windows binaries out of a copy of windows.
But I think this approach is not very elegant. You need a copy of windows, you need to w
Re:Dual Booting is not the answer (Score:2)
Re:Dual Booting is not the answer (Score:2)
Of course then you have the problem i mentioned above -- i.e. that reverse engineering the windows libraries is a hard slow process and you are unlikely to get full compatibility.
Re:Dual Booting is not the answer (Score:2)
Though it is becoming less and less inelegant, particularly with the inclusion [macworld.com] of [appleintelfaq.com] Vanderpool technology [wikipedia.org] in the chips that the new macs are based on, you'll be better able to virtualize each OS into its own little world and not have to worry about some of the traditional costs o
Re:Dual Booting is not the answer (Score:2)
Re:Dual Booting is not the answer (Score:5, Interesting)
One word: Money.
Apple has lots of it. They can through gobs of money at the problem, and that will always move things faster then a grass roots problem. Just imagine 150 engineers working full time on Wine. They've previously gotten MacOS9 programs to run in MacOSX, so they probably already have a pool of engineers with the needed talents.
Given that MacOSX is based off of BSD Unix, and they've already plugged a great deal of work into the KHTML rendering engine, it's not completely insane to suggest that Apple could pick up Wine, through a large number of engineers at it, and get it to the point were it can run Office and DirectX 9 games.
Re:Dual Booting is not the answer (Score:3, Interesting)
Apple has lots of it. They can through gobs of money at the problem, and that will always move things faster then a grass roots problem. Just imagine 150 engineers working full time on Wine. They've previously gotten MacOS9 programs to run in MacOSX, so they probably already have a pool of engineers with the needed talents.
Exactly -- and to be clear, my thought was more that Apple and the apple user base (new and old) would give the momentum and sheer technolust required (as well as the
Re:Dual Booting is not the answer (Score:2, Informative)
Re:Dual Booting is not the answer (Score:4, Informative)
Bochs? It's great if you want a full, perfect emulation of PC hardware done completely in software, but it's horribly slow. Oh, and it's both free and open source [sourceforge.net] - that $25 is solely for some crappy third-party GUI. The 'native to Intel' thing just means you're doing a full PC emulation without going through Rosetta as well...
If you do want to emulate a PC in a slightly faster manner, try QEMU [bellard.free.fr]. I've no idea if it can be compiled on an Intel-powered Mac yet, but an emulated Windows 98 was just about usable for website testing on my 933MHz iBook G4.
Counterintuitively... (Score:5, Funny)
Re:Counterintuitively... (Score:5, Funny)
Like:
And the one those people who were foolish enough to screw with their computer's firmware are now playing: Doctor.
Re:Counterintuitively... (Score:2)
Of course (Score:3, Funny)
Sometimes fix (Score:4, Interesting)
Not quite (Score:5, Informative)
Can't exactly "reinstall from the 10.4.4 media".
Zapping NVRAM (still supported with cmd-opt-P-R), removing the motherboard battery and letting it sit with AC for an extended period, and disconnecting the hard drive all do not revive the machine.
Re:Not quite (Score:3, Funny)
its a matter of time (Score:4, Funny)
An Omen (Score:3, Funny)
This is an early warning!
Wait for virtualization so all of Microsoft's inherent evil can be sandboxed into a self-destructing disk image of darkness and peril.
Malware (Score:3, Interesting)
Re:Malware (Score:3, Funny)
Denial Of Service - Putting people at threat (Score:5, Interesting)
Just substitute Apple for Microsoft, Mac for Xbox and Internet for Xbox Live in the following...
Denial Of Service - Putting people at threat [zdnet.com]:
Re:Denial Of Service - Putting people at threat (Score:2)
I don't see that the parallel you're trying to draw is valid.
Re:Denial Of Service - Putting people at threat (Score:2)
You underestimate the power of creative social engineering.
Except in this case the user : s/user/malware/ (Score:4, Informative)
Substitute "user" with Malware.
Download the EFI software from Intel: Or include an copy in the malware.
a sudo command: Or use an escalation of privilege vulnerability [google.com]
and reboot : Err, not that difficult to achive in software.
Re:Except in this case the user : s/user/malware/ (Score:2)
That's pretty much what you'd have to do. You would have to get somebody to download, install, and run your program in order to do anything.
The scariest malware is the kind which makes your browser or email client a vector for infection. Forgive me if I'm getting rhetorical here for a sec, but exploiting Safari to execute arbitrary code is going to be as hard as exploiting Firefox. Since it's just a normal userspace program that's
Re:Except in this case the user : s/user/malware/ (Score:2)
If we simply substitute my wording of "user" with "brain damaged bozo who cheerfully installs programmes they just downloaded from the Internet without any care when the system warns them, and on top of that they always run as the admin user and say 'yes' to any dialogue boxes" then you're spot on.
I'm going to have to say that until you can show something occurs, you can't use supposition as proof. You can't easily show the chain of events that would result in malware being able to completely d
Ohh, scary (Score:2)
At least there is the wall of trying to find an escallation attack that will work, which is one step ahead of other systems.
Re:Except in this case the user : s/user/malware/ (Score:4, Insightful)
Make an Installer package (using
Build your package, make a disk image from it (open Disk Copy, select File/New/Disk Image from Folder, select your package), set the internet-enable bit (open Terminal, type hdiutil internet-enable -yes
Upon downloading the
Anyone who says Mac OS X isn't susceptible to malware doesn't know what they're talking about. Yes, this method requires the user to enter their password and confirm a security warning, but these are perfectly normal things to do when installing software, so most users are accustomed to it. As long as you make them think what they're installing is something they want to have, most users won't even blink.
To be honest, I'm surprised this hasn't been done on a wide scale already.
Btw, please don't do this, kthx.
Re:Denial Of Service - Putting people at threat (Score:2)
It's already happened. Bricking is commonplace in the PSP homebrew scene and at least one trojan [theregister.co.uk] has done it on purpose.
Re:Denial Of Service - Putting people at threat (Score:5, Interesting)
Re:Denial Of Service - Putting people at threat (Score:5, Funny)
Re:Denial Of Service - Putting people at threat (Score:3, Funny)
That ain't funny. I'd hate to have to furnish my neighbor with a replacement laptop.
Re:Denial Of Service - Putting people at threat (Score:2)
IBM insisted there was no way to flash/unlock or otherwise repair the problem. They required us to send the laptop in and have the entire logic board replaced.
Seems like a poor design, but certainly nobody ever saw her locked documents.
Re:Denial Of Service - Putting people at threat (Score:2)
Re:Denial Of Service - Putting people at threat (Score:5, Informative)
IBM are lying assholes. Anybody, with $20 worth of equipment can wire up a simple adapter for a thinkpad and read the EEPROM, where the password is stored in the clear. I was one of the people who helped figure out the requisite information that made it's way onto this site: http://www.ja.axxs.net/unlock/ [axxs.net]
What can I say? Read it and weep. I wouldn't be surprised if IBM was selling new systems to customers, then turning around and clearing the passwords on the old ones and reselling them as "refurbished".
That's ridiculous. First of all, the power-on password has nothing to do with the hard drive password, except that most notebooks typically tie them together. IBM could easily have the hard drive passworded, but make the notebook perfectly usable once the drive has been swapped.
Additionally, it's trivially easy to read files off of a passworded hard drive. The password is stored in an EEPROM on the board, so all you have to do is buy an nearly identical drive and swap the circuit board to read all the documents.
If they were smart, they would store the password in sector 0 on the platters. Then, swaping the board wouldn't work. Also, running a strong magnet over the hard drive would erase the password as it erased the files, keeping the files safe, but also allowing you to erase the whole drive, and use it again without knowing the password.
Re:Denial Of Service - Putting people at threat (Score:2)
Re:Denial Of Service - Putting people at threat (Score:2)
Re:Denial Of Service - Putting people at threat (Score:5, Informative)
I always assumed all computers worked that way. Otherwise, it would be trivial to get people to ruin their firmware -- just trojan horse the thing.
Re:Denial Of Service - Putting people at threat (Score:4, Informative)
Strictly speaking, using the Programmer's button wasn't required to update the firmware. You can instead use option-apple-O-F to boot to the OpenFirmware prompt, then use the boot command and the path of the OpenFirmware updater (having used devalias, dev device , cd dir , and ls to browse around and find that image); when you do this, the system boots from the standalone OpenFirmware update image instead of loading the regular bootloader, and when that code runs, it updates the firmware. I'm 90% sure it doesn't require you to hit the Programmer's button either, and instead the Programmer's button thing just triggers the system to load the same executable that you can load manually with the boot command.
So, the point is, on a G4 tower at least, although the Programmer's button is involved in the process, it isn't actually required and doesn't provide any security, as far as I can tell.
If you're wondering how I figured this out, let's just say I was trying to get a Mac working that failed to autoboot, dumping me at the OpenFirmware prompt every time. I thought it was a problem with OpenFirmware settings, so I aimed to find a way to upgrade the OpenFirmware on the assumption that doing this would force the system to also reset every setting related to it (more thoroughly than just "zap the PRAM"). I couldn't use the normal method because the failure to autoboot prevented that method from working.
On a side note, I succeeded in updating the OpenFirmware to a newer version, and it didn't help at all. I eventually discovered that the machine was a Frankstein computer that had the wrong Front Panel Board in it, and THAT was why the OpenFirmware wouldn't boot -- it knew something was wrong with its hardware. I finally traded this Front Panel Board with someone else for the right one, and now my friend who bought the G4 tower for half price because of the fact that it wouldn't autoboot is happily using it.
On another side note, isn't the flash chip on the iMac Core Duo socketed, and can't they get an identical chip and make a copy of its contents BEFORE they go messing with it, thus allowing them to monkey with the copy and revert to the original if needed?
The real question here should be... (Score:5, Funny)
Re:The real question here should be... (Score:5, Funny)
Re:The real question here should be... (Score:2)
Coming soon... (Score:2)
Coming soon to your local theater.
Re:The real question here should be... (Score:2)
Security Research (Score:3, Funny)
with research like this they could be onto a MAJOR Windows security breakthrough...
Update (Score:5, Informative)
The iMacs in question were rendered unbootable by trying to load additional modules from Intel's EFI Sample Implementation [intel.com]. It is not known which module is at fault currently.
Once the iMac is unbootable, it doesn't chime, boot, attempt to access media, or display an image on the screen. Attempts to zap NVRAM (cmd-opt-P-R is still supported for this task on Intel-based Macs), remove the motherboard battery and leave the AC power disconnected for an extended period of time, and disconnecting the hard disk do not resolve the issue.
At present, we seem to have a number of difficult situations that prevent the installation of Windows directly on Intel-based Macs:
1. Apple did not include its own EFI shell or other tools to access the EFI with the Intel-based Macs, so the tools used have consisted of Intel's EFI Sample Implementation [intel.com], and Tianocore's EFI Developer Kit [tianocore.org].
2. Apple's EFI implementation does not include CSM (Compatibility Support Module), the BIOS backward compatibility layer necessary for booting 32-bit versions of Windows (pre-Vista), such as Windows XP.
3. 32-bit versions of Windows do not currently support booting an EFI machine. (And the Gateway Media Center machine with EFI people keep talking about boots Windows XP Media Center Edition 2005 in BIOS compatibility mode, not with EFI.)
4. Windows XP 64-bit and Windows Server 2003 64-bit support EFI, but the Intel Core Duo is a 32-bit architecture.
5. Windows Vista does support EFI, but the EFI booter (cdboot.efi) currently does not appear to be functioning, and/or it is looking for, and not finding, information that it is looking for on the installation DVD. It does display the typical Windows "Please press any key to boot from the CD..." message. However, the DVD does not appear to contain the necessary EFI boot partition, and EFI does not support UDF volumes and El Torito booting. (Yes, this is a DVD obtained via official channels.)
6. Mac OS X's startup disk control panel presents a Windows Vista installation on a FAT/FAT32 volume as a valid bootable volume, but Windows Vista does not support booting from a FAT/FAT32 partition, only NTFS. Mac OS X can read NTFS volumes, but not write to them. This is currently the stage we're at now. No, I haven't tried "just hooking up a drive with Vista installed" (as many have asked elsewhere) or forcibly creating an NTFS partition whose contents are an already-installed instance of Vista.
7. grub, elilo, etc., all do not work on the Intel-based Macs at this time.
Eventually, whatever method boots Windows natively will have to have a nice wrapper put around it to make it easy for a normal person to do so, and easily dual boot in addition.
To regurgitate what I've said a bit elsewhere, the real benefit to most people will come from running Windows alongside Mac OS X in a "virtual machine" environment, in a window or even full screen, with, for example, a hotkey to switch back and forth between Mac OS X and Windows. To many users who prefer Mac OS X, particularly in enterprise, academic, and research environments, but who also have the occasional applications (usually administrative) that require Windows, this configuration would be a holy grail of sorts. And in this configuration, Windows wouldn't be running in emulation, but it would be running at essentially the native speed of the underlying hardware (with the exception of graphics and disk I/O performance). It will be *much* faster than any emulation ever has been, and there will no doubt be several open source (qemu, xen, wine) and commercial (vmware, Virtual PC) that will allow running Windows (or Windows software) in various capacities. Intel's Virtualization Technology (VT), allowing multiple operating systems to run in separate hardware "partitions" on one
Re:Update (Score:5, Informative)
Re:Update (Score:3, Interesting)
I haven't seen anyone who has tried booting to the XP 64 bit CD yet, thus I am recommending someone try. Sure, the Core Duo is 32 bit, but the 64 bit (at least the X64 versions) will boot on a 32 bit machine and eventually say installation is not supported on the machine. If someone can get these CDs past the "Press any key" prompt on an Intel Mac, it might expose something that can be used elsewh
Update: iMacs restored to working state (Score:5, Interesting)
1. Disconnect the internal hard disk
2. Disconnect the iMac from AC power
3. Plug in AC while holding the power button
4. Power up the iMac and zap NVRAM (cmd-opt-P-R)
The hard disk can be reformatted and the operating system restored.
Has the TPM module been ruled out? (Score:3)
Could it be that the TPM module is being used to verify the state of the EFI?
It would make sense to me, that one of the most fundamental aspects of a Trusted Platform Module would be to ensure that the platform is booting in a state you can trust, and not booting on some hacked EFI pointing to (and enabling) devices that the user has no idea are installed. As this is Apple's (or any major vendor to my knowledge) first foray into the TPM arena, perhaps this is part of that whole security featureset that yo
Re:Update (Score:3, Insightful)
1. If Apple were to sell Macintosh hardware with Windows XP preinstalled instead of MacOS X, then a considerable number of people would buy these machines. Not "considerable" as in "Dell goes out of business" but "considerable" as in a few percent of Apple revenues.
2. If Apple were to sell Macintosh hardware that can dual boot into MacOS X and Windows XP without any problems, a much greater nu
Ugly reality from the article (no joke)... (Score:4, Interesting)
Enough of this firmware is flash-based that software can trash it to the point that it no longer boots from optical media. Key-mashers need to understand that EFI *precedes* the Apple Option-key tricks, so if EFI is hung you are crap out of luck. Unless there's some jumper inside the case which resets EFI to a factory state, that EFI will have to be pulled and reflashed.
We're going to pretend Apple doesn't really release mistakes like this and that there's a failsafe for restoring the EFI. Otherwise, you potentially have the mother of all DRM traps in front of you.
Re:Ugly reality from the article (no joke)... (Score:4, Insightful)
Yes. This, if it turns out to be the way it looks at first glance, is truly evil. Very important to realise what you may be looking at. The first commercial example of a company which has totally taken away control of your hardware.
Lets hope it turns out not to be true. Because if it is true, its war.
Re:Ugly reality from the article (no joke)... (Score:5, Interesting)
The issue is, or rather, one should be cautious, the issue may be, that this could be the first instance of a company having deliberately implemented something that reduces your computer to a doorstop if you just take reasonable steps to run something they don't like on it.
They are under no obligation to support Windows, Linux or Plan 9. What they are under an obligation to do is give you a way of reflashing your EFL.
If they do not. If it does turn out that the aim is and always was to sell hardware that you can only run what they choose on it, then it is indeed the first shot in a war. It will be the first of many such attempts by a lot of people. The OP in this thread, and some others, is right: it will be the first of many efforts to stop you altering your machine in any way from its purchased state, because someone feels it is less profitable for them if you do, and it will be the first of many measures taken to reduce your machine to junk as a sanction.
Its one of those test cases the community has to win. If it turns out to be what it looks like, there's no melodrama at all in looking at it like this.
Re:Ugly reality from the article (no joke)... (Score:3, Interesting)
Apple is a hardware company. They're perfectly happy to sell you a Mac to run Windows or Linux, or to use as a shotput. They get the same money regardless.
It has all the earmarks of being an oversight, not deliberate.
EFI? (Score:3, Interesting)
and... (Score:4, Informative)
One word... (Score:4, Funny)
Comment removed (Score:4, Funny)
Solution to broken intel iMacs (Score:3, Informative)
Get rid of EFI completely! (Score:5, Funny)
Next step is a hood scoop and a bigger hard drive...
Re:Hey, Is this possible ? (Score:4, Interesting)