Crizz
Member
Here I will explain the way I fixed some boards by rewriting the Apple EFI SPI ROM.
You should try this if your machine has the following symptoms:
What you need:
First localize your SPI ROM on your board. I recommend to desolder it before flashing it. On the left side normal SO-8 package. On the right sight MacBook Air has a different package but in most cases the same PIN-out.
I managed to use the clamp to flash the right chip as well and it worked like a charm: Check if your chip is supported by the free software Flashrom:
https://www.flashrom.org/Supported_hardware
Hook up the SPI: This is my version: Download and install Raspbian on your Raspberry PI:
https://www.raspberrypi.org/downloads/
After the first boot go to: Menu -> Preferences -> Raspberry Pi Configuration -> Expand Filesystem Then go to “Interfaces” Tab and Enable SPI: Reboot!!
After that we can download Flashrom and configure it.
First install a few libraries that Flashrom relies on:
Open a Terminal and type:
sudo apt-get install pciutils
sudo apt-get install libftdi-dev
sudo apt-get install libusb-dev
sudo apt-get install libusb-1.0
sudo apt-get install libpci-dev
Then you need to download the latest flashrom version:
sudo git clone https://github.com/stefanct/flashrom.git
It will be downloaded into a folder called "flashrom" so change directory into the folder:
cd flashrom
sudo make
sudo make install
sudo modprobe spi_bcm2835
sudo modprobe spidev
Now comes the start of the Flashrom process:
Get to the help page:
sudo flashrom –help
List the supported chips:
sudo flashrom -L
Read the flash chip by using the below command three times:
sudo flashrom -r oldefi1.bin -V -p linux_spi:dev=/dev/spidev0.0
If the SPI ROM wouldn’t be recognized type the SPI ROM number manually:
sudo flashrom -r oldefi1.bin -c "MX25L1605" -V -p linux_spi:dev=/dev/spidev0.0
Now make sure the three dumps are absolutely identical!!
I compared the files with a hexeditor HxD: https://mh-nexus.de/en/hxd/
Erase the chip after you have verified all three reads have no differences:
sudo flashrom -E -V -p linux_spi:dev=/dev/spidev0.0
After modifying the donor-file write it back:
sudo flashrom -w newEFI.bin -V -p linux_spi:dev=/dev/spidev0.0
(Optional) Verify the chips contents with the file that you just wrote to ensure its integrity:
sudo flashrom -v newEFI.bin -V -p linux_spi:dev=/dev/spidev0.0
If you haven’t run into any problems you will have a freshly flashed chip
How to modify/ repair the dump- / donor-file:
Explanation: The MacBook will not run properly or not run at all without a proper management engine. When a new MacBook is turned on for the first time the Bios and the CPU perform a "handshake" allowing them to work together. So in turn, if your management engine gets corrupted, and you try to copy the EFI from another MacBook of the same model, it will still not work because the CPU knows it’s not the original EFI-BIOS. In best case the MacBook will run but veeeery slow.
In my case I found a complete clean EFI-dump for my machine in the web. There are a lot of places where you can download EFI-dumps (clean or not) for free.
You can check your EFI version by analyzing your machine´s EFI-dump with ME-Analyzer:
http://www.mediafire.com/download/mn...zer+v1.5.1.rar
Once you extract the folder, just drag and drop your EFI-file onto the MEA.bat file, a cmd window will open and give you the info. You will see your ME-version and that it is locked.
If you find a EFI-dump for your machine in the web check it if it is unlocked. If you cannot find a clean EFI-file you have to build a working EFI-file by yourself.
Follow this: https://www.ghostlyhaks.com/blog/app...lean-me-region
Now open your dump- and donor-file with a hex-editor:
In my case you can clearly see the corruption in my dump since it looks kind of weird.
In a normal case the EFI-file should look like the right side!
Next check and compare the length of your dump- and donor-file.
Select all by pressing CTRL+A and compare the lengths of your files: It is important that the two files have the same length!!!
Now you will need to replace the serial of the donated dump with your own serial in order to not register over a foreign Mac. You can do this by simply searching for "override-version" and on that same line there will be an 11 to 12 digit serial number that you will replace with your own: Next search for “$SVS” in the dump and you should find 2 instances. The first instance is what you will need to clear out making sure to keep the file length the same. It is safe to replace it with an empty value such as “F”. The string including the $SVS should be replaced! Keep in mind not to delete anything rather to overwrite it. The file size has to be exactly the same size as the chip or it will return an error: Finally save your newEFI.bin and flash it back to your chip like described above.
NOTE: Here are a few things worth mentioning...
When everything went well your machine will boot and chime normally.
If not … you have to look for another solution for your problem.
Enjoy
Sources:
http://www.win-raid.com/t58f16-Guide...pberry-PI.html
https://www.flashrom.org/RaspberryPi
https://github.com/bibanon/Coreboot-...h-Raspberry-Pi
https://www.ghostlyhaks.com/blog/app...lean-me-region
https://ghostlyhaks.com/blog/apple-e...ck-apple-efi-2
https://www.raspberrypi.org/forums/v...?f=28&t=105360
https://www.raspberrypi.org/document...aspi-config.md
https://github.com/nfd/spi-flash-programmer
https://translate.google.de/?hl=de
You should try this if your machine has the following symptoms:
- stuck in a start-stop loop without posting
- it will boot, chime, load the OS, but the WiFi, and/or the graphics will behave irregular.
- it will boot, chime, but will not load an OS and gets stuck on the loading bar. (This can also be an SMC issue)
- it will boot, chime, but stays on a black or white screen and doesn't even reach a loading bar
What you need:
- Raspberry PI
- min. 4GB microSD
- 4x 150Ω
- 1x 47µF Cap
- optional a SOP8 SOP Clip Cable
First localize your SPI ROM on your board. I recommend to desolder it before flashing it. On the left side normal SO-8 package. On the right sight MacBook Air has a different package but in most cases the same PIN-out.
I managed to use the clamp to flash the right chip as well and it worked like a charm: Check if your chip is supported by the free software Flashrom:
https://www.flashrom.org/Supported_hardware
Hook up the SPI: This is my version: Download and install Raspbian on your Raspberry PI:
https://www.raspberrypi.org/downloads/
After the first boot go to: Menu -> Preferences -> Raspberry Pi Configuration -> Expand Filesystem Then go to “Interfaces” Tab and Enable SPI: Reboot!!
After that we can download Flashrom and configure it.
First install a few libraries that Flashrom relies on:
Open a Terminal and type:
sudo apt-get install pciutils
sudo apt-get install libftdi-dev
sudo apt-get install libusb-dev
sudo apt-get install libusb-1.0
sudo apt-get install libpci-dev
Then you need to download the latest flashrom version:
sudo git clone https://github.com/stefanct/flashrom.git
It will be downloaded into a folder called "flashrom" so change directory into the folder:
cd flashrom
sudo make
sudo make install
sudo modprobe spi_bcm2835
sudo modprobe spidev
Now comes the start of the Flashrom process:
Get to the help page:
sudo flashrom –help
List the supported chips:
sudo flashrom -L
Read the flash chip by using the below command three times:
sudo flashrom -r oldefi1.bin -V -p linux_spi:dev=/dev/spidev0.0
If the SPI ROM wouldn’t be recognized type the SPI ROM number manually:
sudo flashrom -r oldefi1.bin -c "MX25L1605" -V -p linux_spi:dev=/dev/spidev0.0
Now make sure the three dumps are absolutely identical!!
I compared the files with a hexeditor HxD: https://mh-nexus.de/en/hxd/
Erase the chip after you have verified all three reads have no differences:
sudo flashrom -E -V -p linux_spi:dev=/dev/spidev0.0
After modifying the donor-file write it back:
sudo flashrom -w newEFI.bin -V -p linux_spi:dev=/dev/spidev0.0
(Optional) Verify the chips contents with the file that you just wrote to ensure its integrity:
sudo flashrom -v newEFI.bin -V -p linux_spi:dev=/dev/spidev0.0
If you haven’t run into any problems you will have a freshly flashed chip
How to modify/ repair the dump- / donor-file:
Explanation: The MacBook will not run properly or not run at all without a proper management engine. When a new MacBook is turned on for the first time the Bios and the CPU perform a "handshake" allowing them to work together. So in turn, if your management engine gets corrupted, and you try to copy the EFI from another MacBook of the same model, it will still not work because the CPU knows it’s not the original EFI-BIOS. In best case the MacBook will run but veeeery slow.
In my case I found a complete clean EFI-dump for my machine in the web. There are a lot of places where you can download EFI-dumps (clean or not) for free.
You can check your EFI version by analyzing your machine´s EFI-dump with ME-Analyzer:
http://www.mediafire.com/download/mn...zer+v1.5.1.rar
Once you extract the folder, just drag and drop your EFI-file onto the MEA.bat file, a cmd window will open and give you the info. You will see your ME-version and that it is locked.
If you find a EFI-dump for your machine in the web check it if it is unlocked. If you cannot find a clean EFI-file you have to build a working EFI-file by yourself.
Follow this: https://www.ghostlyhaks.com/blog/app...lean-me-region
Now open your dump- and donor-file with a hex-editor:
In my case you can clearly see the corruption in my dump since it looks kind of weird.
In a normal case the EFI-file should look like the right side!
Next check and compare the length of your dump- and donor-file.
Select all by pressing CTRL+A and compare the lengths of your files: It is important that the two files have the same length!!!
Now you will need to replace the serial of the donated dump with your own serial in order to not register over a foreign Mac. You can do this by simply searching for "override-version" and on that same line there will be an 11 to 12 digit serial number that you will replace with your own: Next search for “$SVS” in the dump and you should find 2 instances. The first instance is what you will need to clear out making sure to keep the file length the same. It is safe to replace it with an empty value such as “F”. The string including the $SVS should be replaced! Keep in mind not to delete anything rather to overwrite it. The file size has to be exactly the same size as the chip or it will return an error: Finally save your newEFI.bin and flash it back to your chip like described above.
NOTE: Here are a few things worth mentioning...
- Make sure your chip is supported in Flashrom which is the program you will be using to talk to the chip.
- You need to make sure the clip makes a solid connection to avoid misreads.
- You need to verify your chips datasheet to correctly identify the pin-out to the SPI programmer.
- The wires connecting the clip to the SPI programmer need not be any longer than 8 cm.
- Always make sure to back up your original dump and verify the write.
When everything went well your machine will boot and chime normally.
If not … you have to look for another solution for your problem.
Enjoy
Sources:
http://www.win-raid.com/t58f16-Guide...pberry-PI.html
https://www.flashrom.org/RaspberryPi
https://github.com/bibanon/Coreboot-...h-Raspberry-Pi
https://www.ghostlyhaks.com/blog/app...lean-me-region
https://ghostlyhaks.com/blog/apple-e...ck-apple-efi-2
https://www.raspberrypi.org/forums/v...?f=28&t=105360
https://www.raspberrypi.org/document...aspi-config.md
https://github.com/nfd/spi-flash-programmer
https://translate.google.de/?hl=de
Last edited: