Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Resolved Mac Pro 5.1 with opencore boots straight to windows without boot picker

H

huguitodb

macrumors newbie
Original poster
Sep 9, 2019
7
2
Hi! I recently set up opencore on my Mac Pro 5.1 strictly for the boot picker and to eventually get into Big Sur easily.
I directly set it up on my Mojave drive since I still don’t need Catalina and installed windows 10 on another drive using the Rufus Windows to go method. Everything was working fine until today when I started to have random kernel panics and the computer was unable to shut down. It always restarted showing the kernel panic report.
So I erased opencore from my EFI partition just in case and removed the windows 10 drive since the computer started to boot to that drive and not into my Mojave drive.
After some more trial and error it turned out that my USB 3 PCIe card was the culprit. After I removed it and tested my Mac it started to work fine.
So I copied Opencore again in my EFI partition and plugged back the Windows 10 drive.
Unfortunately it still boots directly into Windows. I’m only able to get the boot picker with the windows 10 drive unplugged.
How can I get the boot picker back with my Windows 10 drive plugged?
Any suggestions to what should I do?
Thanks in advance.
 
tsialex

tsialex

Contributor
Jun 13, 2016
13,064
13,274
Remove all disks with OpenCore, keep just a totally plain vanilla install of Mojave and your Windows disk. Reset the NVRAM 3-times consecutively, only let go at the fourth chime.

If you still only boot Windows, you have a corrupted NVRAM volume inside the BootROM and you will need to re-flash your backup BootROM dump back to your Mac Pro.
 
  • Like
Reactions: streak8047
H

huguitodb

macrumors newbie
Original poster
Sep 9, 2019
7
2
tsialex said:
Remove all disks with OpenCore, keep just a totally plain vanilla install of Mojave and your Windows disk. Reset the NVRAM 3-times consecutively, only let go at the fourth chime.

If you still only boot Windows, you have a corrupted NVRAM volume inside the BootROM and you will need to re-flash your backup BootROM dump back to your Mac Pro.
Click to expand...

It worked! Thanks a lot tsialex. You are the BootROM guru ?
 
tsialex

tsialex

Contributor
Jun 13, 2016
13,064
13,274
huguitodb said:
3 times NVRAM reset. Sorry I didn't clarify. I'm really hyped. Muito Obrigado
Click to expand...
If you still don't have a BootROM dump safely stored, do it right now:

If you are running anything newer than Mavericks, you will need to disable SIP. You can boot your Recovery partition or you can boot a createinstallmedia USB installer to disable SIP. Open Terminal and then disable SIP with the command:​
Code: 
csrutil disable
Note: Yosemite SIP is not compatible with ROMTool. Don’t use Yosemite at all.​
[*]Do a BootROM dump using ROMTool, zip password is "rom". You need SIP disabled and no AV or any anti-malware running. ROMTool is usually a false-positive to every AV/anti-malware because it uses flashrom and DirectHWAccess.kext.​
If ROMTool asks you to confirm what is the model of your SPI flash, it's the 8-pin SOIC flash memory next to the PCIe AUX-B power connector, label U8700 - see the photos. The model of the SPI flash memory is usually related to the model year:​
  • with 2009 almost every backplane has SST25VF032B,
  • with 2010 usually is MXIC MX25L3205D, sometimes can be MXIC MX25L3206E, very rarely is SST25VF032B,
  • with 2012 usually is MXIC MX25L3206E, sometimes can be MXIC MX25L3205D.
  • If ROMTool don’t ask you the SPI model at all, Apple used a SST25VF032B.
 
ochristopher34

ochristopher34

macrumors newbie
Aug 11, 2020
2
0
Just experienced the exact same situation. Windows 10 UEFI install with OpenCore using ProtectSecureBoot=True, and after a few days the OpenCore boot picker stopped showing, and my MacPro5,1 would boot straight into Windows 10.

Following @tsialex's instructions here, I dumped the BootROM, ran binwalk, and found there's one x509 certificate in my BootROM.

Fortunately I had saved a prior dump of my BootROM. Restored that and OpenCore is still not showing a boot picker, so I imagine soon I will have more x509 certificates since I'm guessing OpenCore is not being loaded.

Isn't ProtectSecureBoot supposed to prevent this from happening and to allow Windows 10 UEFI on a MacPro5,1? Maybe I missed something when installing, but I'm sure this is going to happen again?
 
Last edited:
startergo

startergo

macrumors 601
Sep 20, 2018
4,812
2,200
ochristopher34 said:
Just experienced the exact same situation. Windows 10 UEFI install with OpenCore using ProtectSecureBoot=True, and after a few days the OpenCore boot picker stopped showing, and my MacPro5,1 would boot straight into Windows 10.

Following @tsialex's instructions here, I dumped the BootROM, ran binwalk, and found there's one x509 certificate in my BootROM.

Fortunately I had saved a prior dump of my BootROM. Restored that and OpenCore is still not showing a boot picker, so I imagine soon I will have more x509 certificates since I'm guessing OpenCore is not being loaded.

Isn't ProtectSecureBoot supposed to prevent this from happening and to allow Windows 10 UEFI on a MacPro5,1? Maybe I missed something when installing, but I'm sure this is going to happen again?
Click to expand...
Remove BOOTx64.efi from the Windows ESP/EFI folder. OC does not need it to load Windows, whereas without it Apple loader would not find your Windows bootloader so you will be safe.
 
C

cdf

macrumors 68020
Jul 27, 2012
2,251
2,571
ochristopher34 said:
Isn't ProtectSecureBoot supposed to prevent this from happening and to allow Windows 10 UEFI on a MacPro5,1? Maybe I missed something when installing, but I'm sure this is going to happen again?
Click to expand...

ProtectSecureBoot will prevent Windows from writing those harmful certificates only if Windows has booted through OpenCore. What happened here is that a Windows update or install overwrote OpenCore's BOOTx64.efi, and when your machine rebooted, it loaded Windows instead of OC. If you set BootProtect to "Bootstrap," then OC will no longer use BOOTx64.efi, so even if Windows replaces that file with its own, OC will still load, giving you the chance to safely restore OC's file.
 
tsialex

tsialex

Contributor
Jun 13, 2016
13,064
13,274
Windows SecureBoot will always try to sign your firmware when you have an UEFI Windows 10 install. Every time you boot vanilla Windows, no OpenCore, it will insert the certificates/db/PK/etc inside the NVRAM. This usually happens when are major Windows upgrades and BOOTx64.efi is written again.

It's a must, if not a requirement, to have a clean dump and flash it from time to time. Everyone should have a BootROM dump cleaned and stored safely.
 
  • Like
Reactions: Kmilot, Dewdman42 and Macschrauber
ochristopher34

ochristopher34

macrumors newbie
Aug 11, 2020
2
0
startergo said:
Remove BOOTx64.efi from the Windows ESP/EFI folder.
Click to expand...
cdf said:
If you set BootProtect to "Bootstrap," then OC will no longer use BOOTx64.efi, so even if Windows replaces that file with its own, OC will still load, giving you the chance to safely restore OC's file.
Click to expand...

Thanks! That fixed it perfectly.

tsialex said:
Everyone should have a BootROM dump cleaned and stored safely.
Click to expand...

I'm glad I read extensively through this forum's threads regarding BootROM corruption and made a ROM dump prior to attempting anything related to Windows 10 UEFI on a Mac Pro. Sage advice, @tsialex, for anyone looking to do the same.
 
Kmilot

Kmilot

macrumors newbie
Nov 18, 2020
11
9
Hi to all you!!! I’ve been able to install UEFI windows 10 trought Opencore 0.70 Martin’s package for HA.

But, i have a concern, is it possible to windows corrupt my BootROM using OpenCore's boot Piker or is my MacPro Safe?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom