Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFI Modifications Leaves iMac Unbootable?

Posted by ScuttleMonkey on from the casualties-of-hardwar dept.

jerbare writes "In attempting to run Linux and Windows on the new iMac Core Duo, people experimenting with configuring the EFI Console/Boot loader have found they can no longer boot the machine at all. Dave Schroeder of appleintelfaq.com comments, 'We have already irreversibly lost a couple of iMacs trying to load various EFI modules'. Instructions for breaking the iMac's are presently located at the bottom of the comments."

77 of 288 comments (clear)

  1. Ugh...been there by TripMaster+Monkey · · Score: 5, Interesting


    Reminds me of a situation I faced back in the day when I was a tech at a small mom-and-pop computer repair establishment. We received a shipment of motherboards, and found out that the BIOS on every single one of them was corrupt. Since the boards wouldn't even post, the traditional remedy of flashing the BIOS via a bootable floppy was not available. Normally, we would have just boxed up the boards again and returned them for replacements, but we desperately needed those boards to fill orders.

    Well, desperate times call for desperate measures...

    I got to thinking, "you know...once you've started booting to an OS, that BIOS chip isn't even being used anymore....hmmm". With this in mind, I pulled a working BIOS from another board, swapped it out with the bad BIOS, and powered the system on, booting from the BIOS flash floppy. Once the board had booted to the flash program, I carefully pulled the good chip back out, and put in the bad chip. I then ran the flash program to overwrite the bad BIOS.

    Long story short, it worked like a charm. I managed to revive every board in the bad shipment without incident using this unorthodox technique.

    Anyway, it should be possible to rig up a similar arrangement here, although as I am unfamilliar with EFI, I'll leave the details up to someone else.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:Ugh...been there by Anonymous Coward · · Score: 2, Funny

      Unfortunately, he forgot to use a anti-static strap and all the mobos died just past the 90 day warranty perioud.

    2. Re:Ugh...been there by cioxx · · Score: 2, Insightful
      Long story short, it worked like a charm. I managed to revive every board in the bad shipment without incident using this unorthodox technique

      Did you at least notify the manufacturer of the defect? Not everyone can go all MacGyver on motherboards, and if some customers are finding ways to fix broken equipment in their own way it could prove to be bad for both the company and the customer. That is if the manufacturer isn't kept in the loop that they have produced a batch of malfanctioning devices.

      Such things tend to skew the QA data, which is never beneficial to either party.
    3. Re:Ugh...been there by GmAz · · Score: 5, Interesting

      I did the same thing on my ASUS A7N8X-Deluxe motherboard. They shipped a bunch with their 3.3v batters running about 2.9v. Apparently this would corrupt your bios chip. Well, it did do that to mine and instead of ripping my machine apart and RMAing it, I took the bios chip from my brother-in-laws machine (I built his too and we pretty much had identical machiens) and did the swap trick. Here's a little trick for any of you wanting to try this. Before you boot up your good machine, take the bios chip out and put a piece of dental floss under it and put the chip back in. That way, when the machine is booted and you need to take it out to do the swap, just tug gently on the floss. I didn't wanna stick a metal screwdriver in there to pop it out when it was running. It worked great for me and spent $2 for two 3.3v batteries for the computers.

      --
      Click Click Bloody Click PANCAKES!
    4. Re:Ugh...been there by iCEBaLM · · Score: 3, Interesting

      I did the same thing with my 486. A BIOS flash went bad and my high end 486 (yeah I know how rediculous it sounds now, but it was high end back then!) machine was a boat anchor. My server machine had a different mobo, but the BIOS EEPROM slots were the same. I booted it into DOS, popped its EEPROM out and put the toasted one in, ran the BIOS flasher for the server machine but used the image for my 486 mobo to flash it and powered it off.

      Put the right chips in the right sockets and everything was golden!

    5. Re:Ugh...been there by tigersha · · Score: 2, Interesting

      I once saved a RAID config on a Maxtor card like that. We had a broken controller and ordered a new one second hand from EBay (with hand-delivered courier delivery, pronto! pronto! I need it now! No I do not care that delivery will be 4 times the price of the bloody card, I will throw in 20% more for you too!) and since the stupid Maxtor RAID controllers did not save the RAID configon the HDD's as it should I, in a desperate move, transferred the NVRAM chip from the bad card to the newish good one. Never was I so happy to see Windows NT 4.0 boot.

      --
      The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
    6. Re:Ugh...been there by Bert64 · · Score: 2, Informative

      Because most bioses shadow themselves into ram in order to run faster...

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    7. Re:Ugh...been there by Kadin2048 · · Score: 2, Interesting

      Seems like the socket ought to be the thing that you'd prefer to destroy, rather than the chip...no?

      When I had EEPROMs stuck or glued in sockets -- really stuck -- and we needed what was on the EEPROMs, our solution was to remove the board, desolder and remove the socket from the board, and put the whole socket assembly into the reader/programmer. If you were really desperate to get at the physical chip, or the socket wouldn't fit in the reader, Dremel time. Afterwards, new socket.

      I've always found that the worst part of desoldering a part (I'm talking regular DIPs here, not surface-mount crap) was getting the board out and disconnected from everything else. Once you have it laid out on your workbench, provided you have good light, a heatsink, a good desoldering iron and a reasonably steady hand, desoldering itself was always the least of the operation. Of course it probably helped that we had a very nice workbench set up for soldering and desoldering. Doing it on your dining room table with a $15 radioshack iron might be a lot more painful.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  2. Uhh,,, by Eightyford · · Score: 4, Funny

    Instructions for breaking the iMac's are presently located at the bottom of the comments.

    Uhh, thanks.

    --
    Religion for nerds. Stuff that really matters
    1. Re:Uhh,,, by Anonymous Coward · · Score: 5, Funny

      Could be worse. If they had succeeded, they'd have an iMac running Windows.

  3. Dual Booting is not the answer by ZachPruckowski · · Score: 4, Interesting

    I have a feeling that a virtualization/emulation with hardware graphics support will be available within 6 months that'll make dual booting pointless. I have a feeling that dual-booting OS X with XP or Vista will not work because it's got EFI/BIOS issues and the hard drive formatting issue. And any number of issues that haven't come up yet.

    1. Re:Dual Booting is not the answer by Incongruity · · Score: 4, Interesting

      Moreover, running a full windows install within OS X, through some sort of emulation/virtualization is going to be fairly easy as compared to, say PPC versions of virtual pc and it will potentially allow you to sandbox windows and thereby keep it much more secure than the standard installation on commodity hardware. Furthermore, there are few reasons to dual-boot if you can simul-boot? Done right, that method could really make the Intel/OS X macs a major player (think swiss-army knife) -- I know there's been talk of a similar sort of thing w/ linux and windows via WINE but it really looks like the OS X side might come to fruition first, though this really is all conjecture on my part, so whatever.

    2. Re:Dual Booting is not the answer by chrisale · · Score: 2, Informative

      Six Months? How about right now. OpenOSX has released their "Wintel" package updated for MacOS X on Intel. It features the BOCHS 'emulator' that will run all manner of Windows, Linux, etc. MacNN has the scoop It's $25 to download.

    3. Re:Dual Booting is not the answer by ZachPruckowski · · Score: 2, Insightful

      First of all, Microsoft may well produce a version of Virtual PC for Mactels that does graphics acceleration. A version of Windows is a version of Windows to them. If they can sell VPC + Windows XP or Vista, it'll make them more profit per sale than a sale of Windows at a reduced rate to an OEM.

    4. Re:Dual Booting is not the answer by Elwood+P+Dowd · · Score: 4, Informative
      And why do you think that OSX will be able to run windows binaries better than WINE and/or Cedega considering that the people at WINE etc. have been trying to reverse engineer the windows libraries for many years now.
      Because VirtualPC & VMWare has been "able to run windows binaries better than WINE and/or Cedega" for many years now. Virtualization will work nicely here. No one expects to reverse engineer the windows libraries any better than WINE.

      Dunno why no one in this thread seems to be talking about vanderpool. Maybe y'all should just wait to hear from someone who knows what they're talking about. (Not me, for example.)
      --

      There are no trails. There are no trees out here.
    5. Re:Dual Booting is not the answer by killtherat · · Score: 4, Interesting

      And why do you think that OSX will be able to run windows binaries better than WINE and/or Cedega considering that the people at WINE etc. have been trying to reverse engineer the windows libraries for many years now.

      One word: Money.

      Apple has lots of it. They can through gobs of money at the problem, and that will always move things faster then a grass roots problem. Just imagine 150 engineers working full time on Wine. They've previously gotten MacOS9 programs to run in MacOSX, so they probably already have a pool of engineers with the needed talents.

      Given that MacOSX is based off of BSD Unix, and they've already plugged a great deal of work into the KHTML rendering engine, it's not completely insane to suggest that Apple could pick up Wine, through a large number of engineers at it, and get it to the point were it can run Office and DirectX 9 games.

    6. Re:Dual Booting is not the answer by Ford+Prefect · · Score: 3, Informative

      Six Months? How about right now. OpenOSX has released their "Wintel" package updated for MacOS X on Intel. It features the BOCHS 'emulator' that will run all manner of Windows, Linux, etc. MacNN has the scoop It's $25 to download.

      Bochs? It's great if you want a full, perfect emulation of PC hardware done completely in software, but it's horribly slow. Oh, and it's both free and open source - that $25 is solely for some crappy third-party GUI. The 'native to Intel' thing just means you're doing a full PC emulation without going through Rosetta as well...

      If you do want to emulate a PC in a slightly faster manner, try QEMU. I've no idea if it can be compiled on an Intel-powered Mac yet, but an emulated Windows 98 was just about usable for website testing on my 933MHz iBook G4.

      --
      Tedious Bloggy Stuff - hooray?
    7. Re:Dual Booting is not the answer by Incongruity · · Score: 2, Interesting
      One word: Money.
      Apple has lots of it. They can through gobs of money at the problem, and that will always move things faster then a grass roots problem. Just imagine 150 engineers working full time on Wine. They've previously gotten MacOS9 programs to run in MacOSX, so they probably already have a pool of engineers with the needed talents.

      Exactly -- and to be clear, my thought was more that Apple and the apple user base (new and old) would give the momentum and sheer technolust required (as well as the money) to get it to the point that a copy of windows works transparently within OS X sooner than WINE on OS X becomes a reality.

      I feel as though WINE has an additional or different aim than a sandboxed Windows in OS X project would (regardless of who does it), at the moment. Put simply, one of the not so subtle aims of the WINE project (as an outside observer) is clearly to shut Microsoft out of the picture and simply reverse engineer the requisite libraries, etc. to get apps written for windows to work with Linux -- there's a wholesome F/OSS ideal wrapped up in that and I philosophically support that notion.

      However, you must admit that's not the primary aim of what Apple or a majority of the OS X user-base would be after in getting a copy Windows working in OS X. At the moment, I don't care so much if I have to buy a copy of Windows to get it to run on my (hypothetical) new intel powered mac -- I just care that I can do it, and even better if I can do it w/in the safer confines of OS X, sandboxing Windows, or if nothing else, just along side OS X using processor level virtualization to run both OS's at the same time. If I cared more about the ideal of not giving money to a corporate/closed-source software vendor, I'd already be using Linux. Moreover, I want that functionality sooner rather than later, so spending a bit of cash on a copy of Windows to install on my intel mac is still cheaper than buying a PC to go along side my mac -- assuming that mac ownership is a must, this is still a win, costwise.

  4. Counterintuitively... by Anonymous Coward · · Score: 5, Funny

    Unbootable iMacs support an even wider selection of games than do bootable iMacs.

    1. Re:Counterintuitively... by happyemoticon · · Score: 4, Funny

      Like:

      • MacketBall
      • HackyMac
      • Hot Mactatoe
      • Mactch (like catch, but with a mac!)
      • PattyMac
      • HopMac (somewhat detrimental to the screen)
      • Pin the FireWire-800 on the MacBook

        • And the one those people who were foolish enough to screw with their computer's firmware are now playing: Doctor.

  5. Unofficial Moderation by Crash+Culligan · · Score: 2, Insightful

    +1, damn clever hardware hackery.

    --
    You cannot truly appreciate Dilbert until you read it in the original Klingon.
    1. Re:Unofficial Moderation by John+Napkintosh · · Score: 5, Funny

      One time I swapped sim cards with a friend's mobile phone. Are you saying I'm not a h4x0r?

      --

      Long signatures suck.
    2. Re:Unofficial Moderation by rjstanford · · Score: 4, Funny

      h4x0r yes.

      hacker no.

      And that makes all the difference.

      --
      You're special forces then? That's great! I just love your olympics!
    3. Re:Unofficial Moderation by cd_serek · · Score: 2

      I take it that you've never...

      1. umount a hard-disk & partition(s),
      2. backed up the hard-disk to an image file stored on a remote samba server,
      3. hdparm to power down the hard-disk,
      4. swap out the hard-disk with a new one,
      5. power up the new disk drive and image the disk with the backed up copy, and then
      6. mount the new hdx & partition(s)

      All via a remote SSH console while the system is running. No harm to the up-time records.

      I have to say that hearing the new disk-drive spin-up and seeing it mounting successfully has been the most THRILLING experience I've experienced in the course of my consulting works.

      It's an experience I'd recommend everyone to try out at least once in their entire career life. The worst thing you can do is end up is either stuff the hard-disks and/or fry the system. A small price to pay for such a thrill (in my belief anyways).

    4. Re:Unofficial Moderation by Shanep · · Score: 2, Insightful

      You do know it's typically a Bad Idea to swap cards, chips, memory, etc. while a computer* is running, right? That's what makes his success noteworthy.

      This is not all that uncommon a procedure though. I've done this with some old boards. I tend to use the machines I find on the street for swapping live EEPROMS though.

      Once I accidentally put an EEPROM back in the wrong way around (unforgivable with my electronics background) and the little plastic sticker which normally would cover the window (which was not actually there on this chip) blistered from the heat almost instantly. I switched it off real quick, the chip was unbearably hot to touch, but once it cooled down and I placed it the correct way around, it worked fine to my complete astonishment!

      I wasn't too worried because I have a tendency to take the EEPROM chips off dead mobos, to have spares for a rainy day.

      I thought it was pretty cool when I first performed a live EEPROM swap and burn and have it actually work to resurrect a board. It also meant that I was able to feel a lot more confident modifying AWARD modular BIOS with driver removals and additions.

      At the moment my BIOS woes include trying to get a replacement BIOS for my expensive Sony VAIO VGN-A49GP, because it has very few options and seemingly ACPI issues which I would like to just remedy or disable with a BIOS upgrade. I'm being a lot more cautious with this one though. ; ) AMI supposedly sell BIOS upgrades but they have not returned my emails. Flashing a $5,000 AU Sony laptop with a non-Sony firmware is a little scarey to say the least.

      --
      War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
    5. Re:Unofficial Moderation by Pollardito · · Score: 4, Funny
      Once I accidentally put an EEPROM back in the wrong way around (unforgivable with my electronics background) and the little plastic sticker which normally would cover the window (which was not actually there on this chip) blistered from the heat almost instantly. I switched it off real quick, the chip was unbearably hot to touch, but once it cooled down and I placed it the correct way around, it worked fine to my complete astonishment!
      anyone with an electronics background should know that a chip will work just fine after an overheat as long as the magic smoke hasn't been allowed to escape from it. once the magic smoke comes out of a chip, it's never quite the same
  6. Sometimes fix by Anonymous Coward · · Score: 4, Interesting

    If you can get it to boot at all, try reinstalling from the 10.4.4 media. That's supposed to fix some changes in the EFI.

  7. its a matter of time by loserhead · · Score: 4, Funny

    i am confident that a workaround will eventually be developed. if it takes destroying a few macs, so be it...

  8. An Omen by bedouin · · Score: 3, Funny

    Isn't this kind of like trying to open the mummy's tomb? Nothing good can come out of it.

    This is an early warning!

    Wait for virtualization so all of Microsoft's inherent evil can be sandboxed into a self-destructing disk image of darkness and peril.

  9. Malware by msbsod · · Score: 2, Interesting

    Great. How about attacks on EFI by malware? An iMac costs just a few hundred bucks. Bad enough. But, what about those shiny new Itanium systems with EFI for 10 grants per box?

    1. Re:Malware by chrismcdirty · · Score: 2, Funny

      Those Itanium boxes must be huge!

      --
      It's like sex, except I'm having it!
  10. Denial Of Service - Putting people at threat by NZheretic · · Score: 4, Interesting
    Hackers discover vulnerabilities and someone creates malware ( Worm, Trojan, Attack kit or Virus ) that screws with the BIOS settings effectively turning your DRM restricted system into a useless brick.

    Just substitute Apple for Microsoft, Mac for Xbox and Internet for Xbox Live in the following...
    Denial Of Service - Putting people at threat:

    Want to guess how long it will take?

    It is inevitable that someone mucking around trying to get their XBox360 to do something will trip the hardwired Trusted Platform Modules lock down. Effectively turning the trusted black box into a useless dead heap.

    It is inevitable that this and other methods discovered will be publicly known, since the discoverer will want to warn others.

    It is also inevitable this and other methods will become the basis for a widespread denial of service attack. Firstly through a fake Email campaign ( "Microsoft alert - follow these instructions to secure your XBox" or "Get Free games/porn - do this to your XBox" ) and later through viruses and networked worms embedded in Microsoft's mediaplayer formats.

    Soon a worm that locks users out of their Xbox will be spread via Microsoft's Xbox live service.

    Then it will be inevitable that criminals adapt the malware to display a message instructing the hapless victim how to make a payment to fix the problem. The messages would soon contain threats that their Xbox now contains contraband installed by the malware that would get the user in legal peril if they choose to take the Xbox back for repair or to the authorities. The potential rewards to the offshore cyber-criminals would far outweigh the risks.

    http://itheresies.blogspot.com/2005_08_01_itheresi es_archive.html
    Hollywood and the recording industry hold an effective monopoly on a large section of popular content. Both Microsoft and Apple are now offering the ability to content providers to demand that users must use unmodified systems to view said content. It locks you out of parts of your system that will inevitably be abused by third parties wanting to abuse you.

    Posted by: David Mohring Posted on: 11/29/05

    1. Re:Denial Of Service - Putting people at threat by krbvroc1 · · Score: 5, Funny

      On a related note, my neighbor asked me to perform the normal 'cleanup / devirus / windows update' on his laptop. He owns an HP laptop and has a 'Boot up BIOS password set'. So I didnt have to enter a password each time, the first thing I did was go into the BIOS. I entered the current password and when asked for a new password, I simply hit 'Enter' and 'Enter' to confirm. When I rebooted, it still asked for a password and 'Enter' does not work. The laptop is now completely useless. I have no idea how it will be fixed. From some internet searches, supposedely I can provide HP with a magic 'system hash code' and they can tell me a password, but I have no clue if I can get through to the right person, what happens if it is outside of warranty, etc.

    2. Re:Denial Of Service - Putting people at threat by happyemoticon · · Score: 2, Funny

      That ain't funny. I'd hate to have to furnish my neighbor with a replacement laptop.

    3. Re:Denial Of Service - Putting people at threat by Chuckstar · · Score: 4, Informative

      As recently as the G4 towers, a firmware update required the user to physically depress the Programmer's button (the hardware interrupt button) on the computer itself. This may be different now, although I doubt it. The whole point was to make software-only firmware updates impossible in order to avoid this very threat. The hardware simply will not re-flash the firmware without that button being pressed. So at least some social engineering is required to get users to press that button.

      I always assumed all computers worked that way. Otherwise, it would be trivial to get people to ruin their firmware -- just trojan horse the thing.

    4. Re:Denial Of Service - Putting people at threat by TheRaven64 · · Score: 5, Interesting

      When the first flash BIOSes came out in the PC world there were a few viruses that would re-flash the BIOS with junk, turning the machine into a doorstop. These days most virus writers want to add your machine to a botnet, rather than destroy it, so it's probably less likely. More likely is hiding a copy of the virus in the EFI code so that it is automatically reinstated if removed when the system invokes an EFI call (resume from sleep would be my choice).

      --
      I am TheRaven on Soylent News
    5. Re:Denial Of Service - Putting people at threat by evilviper · · Score: 4, Informative
      IBM insisted there was no way to flash/unlock or otherwise repair the problem.

      IBM are lying assholes. Anybody, with $20 worth of equipment can wire up a simple adapter for a thinkpad and read the EEPROM, where the password is stored in the clear. I was one of the people who helped figure out the requisite information that made it's way onto this site: http://www.ja.axxs.net/unlock/

      What can I say? Read it and weep. I wouldn't be surprised if IBM was selling new systems to customers, then turning around and clearing the passwords on the old ones and reselling them as "refurbished".

      Seems like a poor design, but certainly nobody ever saw her locked documents.

      That's ridiculous. First of all, the power-on password has nothing to do with the hard drive password, except that most notebooks typically tie them together. IBM could easily have the hard drive passworded, but make the notebook perfectly usable once the drive has been swapped.

      Additionally, it's trivially easy to read files off of a passworded hard drive. The password is stored in an EEPROM on the board, so all you have to do is buy an nearly identical drive and swap the circuit board to read all the documents.

      If they were smart, they would store the password in sector 0 on the platters. Then, swaping the board wouldn't work. Also, running a strong magnet over the hard drive would erase the password as it erased the files, keeping the files safe, but also allowing you to erase the whole drive, and use it again without knowing the password.
      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    6. Re:Denial Of Service - Putting people at threat by __aajfby9338 · · Score: 2, Informative
      Also, running a strong magnet over the hard drive would erase the password as it erased the files, keeping the files safe, but also allowing you to erase the whole drive, and use it again without knowing the password.

      No, that would also erase the servo patterns, leaving the hard drive completely dead.

      Unlike floppy disk drives, which position the read/write heads with a stepper motor and are capable of reformatting blank media in the field, hard drives use special patterns encoded onto the platters to locate tracks and position the read/write heads over them. These servo patterns are written in the factory using very specialized and expensive equipment (not like a PROM burner that can be built cheaply; servo writers cost hundreds of thousands of dollars IIRC), and they can't be rewritten in the field.

    7. Re:Denial Of Service - Putting people at threat by adrianmonk · · Score: 3, Informative
      As recently as the G4 towers, a firmware update required the user to physically depress the Programmer's button (the hardware interrupt button) on the computer itself.

      Strictly speaking, using the Programmer's button wasn't required to update the firmware. You can instead use option-apple-O-F to boot to the OpenFirmware prompt, then use the boot command and the path of the OpenFirmware updater (having used devalias, dev device , cd dir , and ls to browse around and find that image); when you do this, the system boots from the standalone OpenFirmware update image instead of loading the regular bootloader, and when that code runs, it updates the firmware. I'm 90% sure it doesn't require you to hit the Programmer's button either, and instead the Programmer's button thing just triggers the system to load the same executable that you can load manually with the boot command.

      So, the point is, on a G4 tower at least, although the Programmer's button is involved in the process, it isn't actually required and doesn't provide any security, as far as I can tell.

      If you're wondering how I figured this out, let's just say I was trying to get a Mac working that failed to autoboot, dumping me at the OpenFirmware prompt every time. I thought it was a problem with OpenFirmware settings, so I aimed to find a way to upgrade the OpenFirmware on the assumption that doing this would force the system to also reset every setting related to it (more thoroughly than just "zap the PRAM"). I couldn't use the normal method because the failure to autoboot prevented that method from working.

      On a side note, I succeeded in updating the OpenFirmware to a newer version, and it didn't help at all. I eventually discovered that the machine was a Frankstein computer that had the wrong Front Panel Board in it, and THAT was why the OpenFirmware wouldn't boot -- it knew something was wrong with its hardware. I finally traded this Front Panel Board with someone else for the right one, and now my friend who bought the G4 tower for half price because of the fact that it wouldn't autoboot is happily using it.

      On another side note, isn't the flash chip on the iMac Core Duo socketed, and can't they get an identical chip and make a copy of its contents BEFORE they go messing with it, thus allowing them to monkey with the copy and revert to the original if needed?

  11. The real question here should be... by BigZaphod · · Score: 4, Funny

    When you screw this up, do you still get the sad mac?

    --
    Hexy - a strategy game for iPhone/iPod Touch
    1. Re:The real question here should be... by Anonymous Coward · · Score: 5, Funny

      You'll have to settle for a sad owner instead.

  12. In case of Slashdotting... by Anonymous Coward · · Score: 3, Interesting

    **WARNING** The following instructions will render the iMac Core Duo (Intel) TOTALLY USELESS. There is NO KNOWN METHOD OF RESTORING the iMac Core Duo to a previous functioning state. **WARNING**

    I AM NOT KIDDING. THE FOLLOWING METHODS WILL PUT THE IMAC IN A STATE OF DISREPAIR BY AN END USER, EVEN WITH ACCESS TO THE INTERNAL HARDWARE.

    With that said, here is how I killed the iMac Core Duo:

    1. Downloaded EFI sample implementation and unzipped
    2. Moved the 'Binary' folder to the hidden EFI partition (sudo mkdir /Volumes/EFI; sudo mount_msdos /dev/disk0s1 /Volumes/EFI)

    *NOTE: this partition appeared EMPTY*

    3. 'blessed' /Volumes/EFI/BIOS32/Bin/GraphicsConsole.efi
    4. Rebooted in to GraphicsConsole
    5. Attempted to load an EFI 'Driver' via GraphicsConsole (I forget the process, but it was a submenu. The drivers I attempted were AtapiPassThru.efi and Partition.efi)
    6. Reboot and stare at your new broken iMac Core Duo. It's dead, Jim...

    Just as Dave mentioned, unplugging the Hard Drive, removing the battery and leaving the iMac without power WILL NOT RESET IT TO ITS FACTORY DEFAULTS.

    Because settings are stored in NVRAM, POWER IS NOT REQUIRED TO KEEP THE SETTINGS INTACT.

    http://en.wikipedia.org/wiki/Flash_memory

    BECAUSE THE APPLE EFI SOFTWARE DOES NOT LOAD THERE IS NO WAY TO 'ZAP' or 'FLASH' THE NVRAM TO DEFAULTS.

    The caps are really necessary, folks. Apples implementation of EFI allows software to modify the computers ability to boot - or NOT.

    I am unsure if modifying Apple boot software voids the warranty. I was fortunate to get a replacement iMac, but I did not explain what I did to render it unable to boot. Because of that, I'm staying anonymous...

  13. Re:What about Linux? by ZachPruckowski · · Score: 2, Insightful

    Well, OS X runs X11, which lets it do some Linux apps. Aside from that, you're looking at the same situation Windows is, unless there is a specially designed Linux that does EFI and the GPT (or whatever the Hard Drive issue is). I'd say dual-booted Linux would beat XP to the Mactels because of the fact that a version of Linux can be engineered to work on the Mactels.

  14. Works on other platforms also. by Jerk+City+Troll · · Score: 2, Informative

    I’ve done the exact same thing to bypass security features on SPARCstations. Try it sometime—it’s fun!

    Tangent: you don’t need to understand Chinese to understand the instructions on that page. ;)

    --
    Join Tor today!
  15. Except in this case the user : s/user/malware/ by NZheretic · · Score: 3, Informative
    Except in this case the user has to do a bunch of things - download the EFI software from Intel, a sudo command and a reboot. While some of this can be automated, OS X won't just allow all this to be run without the user helping it along.

    Substitute "user" with Malware.

    Download the EFI software from Intel: Or include an copy in the malware.
    a sudo command: Or use an escalation of privilege vulnerability
    and reboot : Err, not that difficult to achive in software.

    1. Re:Except in this case the user : s/user/malware/ by Phroggy · · Score: 3, Insightful

      Instead of using sudo...

      Make an Installer package (using /Developer/Applications/Utilities/PackageMaker) that requires root access (under the Configuration tab, select Root from the Authentication menu). Set it to require a restart after installation (select Required Restart from the Post-Install Action menu). It doesn't have to actually install anything, just go through the motions. Put the malware in a script called InstallationCheck, put it in the Resources folder, and make it executable.

      Build your package, make a disk image from it (open Disk Copy, select File/New/Disk Image from Folder, select your package), set the internet-enable bit (open Terminal, type hdiutil internet-enable -yes /path/to/image.dmg), throw it on a web server and trick users into downloading it by telling them it's a pornographic screen saver or something.

      Upon downloading the .dmg file, your package will automatically be opened. The user will be prompted to enter an Administrator password, and they will be told the installer needs to run a script to see whether the software can be installed. If they enter their password and click OK to the security prompt, the script will run with root privileges even if the user changes their mind and cancels the installation. If they proceed with the installation, they'll be asked to restart the computer.

      Anyone who says Mac OS X isn't susceptible to malware doesn't know what they're talking about. Yes, this method requires the user to enter their password and confirm a security warning, but these are perfectly normal things to do when installing software, so most users are accustomed to it. As long as you make them think what they're installing is something they want to have, most users won't even blink.

      To be honest, I'm surprised this hasn't been done on a wide scale already.

      Btw, please don't do this, kthx.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  16. Re:What about Linux? by Millenniumman · · Score: 4, Informative

    There are Linux distros that work with EFI and making a properly formatted partition isn't hard.

    --
    Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
  17. BIOS Hot Swapping by Otto · · Score: 4, Informative

    It's a fairly well known trick, although you're correct that it's a little bit dangerous. But when you fiddle around with BIOS mods, it comes in handy to have a removable BIOS chip for just that reason.

    http://www.google.com/search?q=bios+hot+swapping

    --
    - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  18. Not quite by daveschroeder · · Score: 5, Informative

    When the iMac is in this broken state, it doesn't boot, chime, show anything on the screen, or read from media.

    Can't exactly "reinstall from the 10.4.4 media". ;-)

    Zapping NVRAM (still supported with cmd-opt-P-R), removing the motherboard battery and letting it sit with AC for an extended period, and disconnecting the hard drive all do not revive the machine.

    1. Re:Not quite by pilgrim23 · · Score: 2, Funny

      In this circumstance, the Boot chime is replaced with a special "Steve Jobs snickers" sound, and the ring of yet another cash register at an Apple store...

      --
      - Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.
  19. Security Research by mfifer · · Score: 2, Funny
    they can no longer boot the machine at all.

    with research like this they could be onto a MAJOR Windows security breakthrough...

    ;-)

  20. Update by daveschroeder · · Score: 5, Informative

    Hello. Just to give a bit of an update on this issue...

    The iMacs in question were rendered unbootable by trying to load additional modules from Intel's EFI Sample Implementation. It is not known which module is at fault currently.

    Once the iMac is unbootable, it doesn't chime, boot, attempt to access media, or display an image on the screen. Attempts to zap NVRAM (cmd-opt-P-R is still supported for this task on Intel-based Macs), remove the motherboard battery and leave the AC power disconnected for an extended period of time, and disconnecting the hard disk do not resolve the issue.

    At present, we seem to have a number of difficult situations that prevent the installation of Windows directly on Intel-based Macs:

    1. Apple did not include its own EFI shell or other tools to access the EFI with the Intel-based Macs, so the tools used have consisted of Intel's EFI Sample Implementation, and Tianocore's EFI Developer Kit.

    2. Apple's EFI implementation does not include CSM (Compatibility Support Module), the BIOS backward compatibility layer necessary for booting 32-bit versions of Windows (pre-Vista), such as Windows XP.

    3. 32-bit versions of Windows do not currently support booting an EFI machine. (And the Gateway Media Center machine with EFI people keep talking about boots Windows XP Media Center Edition 2005 in BIOS compatibility mode, not with EFI.)

    4. Windows XP 64-bit and Windows Server 2003 64-bit support EFI, but the Intel Core Duo is a 32-bit architecture.

    5. Windows Vista does support EFI, but the EFI booter (cdboot.efi) currently does not appear to be functioning, and/or it is looking for, and not finding, information that it is looking for on the installation DVD. It does display the typical Windows "Please press any key to boot from the CD..." message. However, the DVD does not appear to contain the necessary EFI boot partition, and EFI does not support UDF volumes and El Torito booting. (Yes, this is a DVD obtained via official channels.)

    6. Mac OS X's startup disk control panel presents a Windows Vista installation on a FAT/FAT32 volume as a valid bootable volume, but Windows Vista does not support booting from a FAT/FAT32 partition, only NTFS. Mac OS X can read NTFS volumes, but not write to them. This is currently the stage we're at now. No, I haven't tried "just hooking up a drive with Vista installed" (as many have asked elsewhere) or forcibly creating an NTFS partition whose contents are an already-installed instance of Vista.

    7. grub, elilo, etc., all do not work on the Intel-based Macs at this time.

    Eventually, whatever method boots Windows natively will have to have a nice wrapper put around it to make it easy for a normal person to do so, and easily dual boot in addition.

    To regurgitate what I've said a bit elsewhere, the real benefit to most people will come from running Windows alongside Mac OS X in a "virtual machine" environment, in a window or even full screen, with, for example, a hotkey to switch back and forth between Mac OS X and Windows. To many users who prefer Mac OS X, particularly in enterprise, academic, and research environments, but who also have the occasional applications (usually administrative) that require Windows, this configuration would be a holy grail of sorts. And in this configuration, Windows wouldn't be running in emulation, but it would be running at essentially the native speed of the underlying hardware (with the exception of graphics and disk I/O performance). It will be *much* faster than any emulation ever has been, and there will no doubt be several open source (qemu, xen, wine) and commercial (vmware, Virtual PC) that will allow running Windows (or Windows software) in various capacities. Intel's Virtualization Technology (VT), allowing multiple operating systems to run in separate hardware "partitions" on one

    1. Re:Update by daveschroeder · · Score: 4, Informative

      I should note that a colleague is also tracking these issues on his site, the same one noted in the submission. Sooner or later, and with a bounty now offered for anyone who gets Windows XP booting on a Mac, I've no doubt something interesting will be accomplished.

    2. Re:Update by Drakino · · Score: 2, Interesting

      Windows XP 64-bit and Windows Server 2003 64-bit support EFI, but the Intel Core Duo is a 32-bit architecture.

      I haven't seen anyone who has tried booting to the XP 64 bit CD yet, thus I am recommending someone try. Sure, the Core Duo is 32 bit, but the 64 bit (at least the X64 versions) will boot on a 32 bit machine and eventually say installation is not supported on the machine. If someone can get these CDs past the "Press any key" prompt on an Intel Mac, it might expose something that can be used elsewhere.

      Having a final production OS bootloader to play with might work out better then tinkering with the Vista betas.

    3. Re:Update by gnasher719 · · Score: 2, Insightful

      No matter how difficult it is for someone outside Apple to make Windows XP boot, I would say the following to Apple:

      1. If Apple were to sell Macintosh hardware with Windows XP preinstalled instead of MacOS X, then a considerable number of people would buy these machines. Not "considerable" as in "Dell goes out of business" but "considerable" as in a few percent of Apple revenues.

      2. If Apple were to sell Macintosh hardware that can dual boot into MacOS X and Windows XP without any problems, a much greater number would buy those machines. Dual boot = run one, reboot, run the other, reboot...

      3. If Apple were to sell Macintosh hardware that can run MacOS X and Windows XP simultaneously, they could sell tons of those. Even if "simultaneously" means that one of the OSes is in sleep mode while the other is running, with some form of communication so that cut&paste works.

  21. Ugly reality from the article (no joke)... by Orrin+Bloquy · · Score: 4, Interesting

    "Apples implementation of EFI allows software to modify the computers ability to boot - or NOT. "

    Enough of this firmware is flash-based that software can trash it to the point that it no longer boots from optical media. Key-mashers need to understand that EFI *precedes* the Apple Option-key tricks, so if EFI is hung you are crap out of luck. Unless there's some jumper inside the case which resets EFI to a factory state, that EFI will have to be pulled and reflashed.

    We're going to pretend Apple doesn't really release mistakes like this and that there's a failsafe for restoring the EFI. Otherwise, you potentially have the mother of all DRM traps in front of you.

    --
    "Made up/misattributed quote that makes me look smart. I am on /. and I must look smart."
    1. Re:Ugly reality from the article (no joke)... by Budenny · · Score: 3, Insightful

      "Otherwise, you potentially have the mother of all DRM traps in front of you."

      Yes. This, if it turns out to be the way it looks at first glance, is truly evil. Very important to realise what you may be looking at. The first commercial example of a company which has totally taken away control of your hardware.

      Lets hope it turns out not to be true. Because if it is true, its war.

    2. Re:Ugly reality from the article (no joke)... by Anonymous Coward · · Score: 2, Insightful

      "Lets hope it turns out not to be true. Because if it is true, its war."

      How melodramatic.

      Apple never said that they would support Windows on any Mac, and as such has not built the functionality to run it. Why would they? It runs OS X just fine, and any OS X user would have zero reason to screw with the firmware using non-Apple software. It's not a conspiracy, it's not DRM. It's like complaining you can install OS X on your thinkpad but it doesn't have all the drivers, oh no! Apple is trying to screw me...!

    3. Re:Ugly reality from the article (no joke)... by Budenny · · Score: 4, Interesting

      The inability to reflash the EFI has all the marks of being deliberate. The issue is not whether other OSs are supported. There is no reason why any company has to support them. The issue is not like trying to run BSD on your Thinkpad, where you just reboot when you don't have the drivers and restart, and reinstall XP. Not having the drivers does not reduce your machine to junk.

      The issue is, or rather, one should be cautious, the issue may be, that this could be the first instance of a company having deliberately implemented something that reduces your computer to a doorstop if you just take reasonable steps to run something they don't like on it.

      They are under no obligation to support Windows, Linux or Plan 9. What they are under an obligation to do is give you a way of reflashing your EFL.

      If they do not. If it does turn out that the aim is and always was to sell hardware that you can only run what they choose on it, then it is indeed the first shot in a war. It will be the first of many such attempts by a lot of people. The OP in this thread, and some others, is right: it will be the first of many efforts to stop you altering your machine in any way from its purchased state, because someone feels it is less profitable for them if you do, and it will be the first of many measures taken to reduce your machine to junk as a sanction.

      Its one of those test cases the community has to win. If it turns out to be what it looks like, there's no melodrama at all in looking at it like this.

    4. Re:Ugly reality from the article (no joke)... by Weedlekin · · Score: 2

      If that's what Apple are really doing, then they can stick their Intel Macs where the sun
      doesn't shine. I have a Rev 1 iMac G5 that was my first Apple purchase, and I've been
      very pleased with it, so I previously wouldn't have hesitated to buy another Apple offering
      in the future. This will however change in an instant if they start pulling DRM crap that
      prevents me from using a computer _I buy and own_ in any way I want.

      Because nobody has had any Intel Macs to play around with for very long, I'll heed the
      old adage and assume that this is incompetence rather than malice for the moment. I
      will however be watching these and other porting efforts with interest over the coming
      weeks. If it eventually turns out to be DRM, and there's no workaround for it, then it's
      likely that Apple will lose a lot more customer than just me.

      --
      I'm not going to change your sheets again, Mr. Hastings.
    5. Re:Ugly reality from the article (no joke)... by The+Wicked+Priest · · Score: 2, Interesting

      I don't buy this for a minute. Apple has repeatedly said "We won't do anything to prevent you from running Windows on it." And they'd accomplish nothing except alienating customers.

      Apple is a hardware company. They're perfectly happy to sell you a Mac to run Windows or Linux, or to use as a shotput. They get the same money regardless.

      It has all the earmarks of being an oversight, not deliberate.

      --
      Share and Enjoy: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  22. RTFC by kuwan · · Score: 3, Informative
    Instructions for breaking the iMac's are presently located at the bottom of the comments

    Actually, if you RTFC (RTF Comments) which are at the end of the article (as it says in the story) you'll find that you can completely screw your new Intel Mac into not booting. Not even running the OS X install CD will fix it. Here's one of the comments describing the problem:
    From Dave Schroeder posted 01/23/06

    We have already irreversibly lost a couple of iMacs trying to load various EFI modules. They will no longer boot, even with "zapping the PRAM" (firmware reset), or with disconnecting the motherboard battery and removing power for an extended period of time. Further, the tianocore EFI shell *only allows features already present in the manufacturer's EFI implementation to be accessed* (see the documentation for details).

    --
    infested with jello like fishes no melotron wishes
  23. EFI? by StikyPad · · Score: 2, Interesting

    Is the EFI cachable? And if so, wouldn't it be possible to create a custom boot which cached custom EFIs so you could experiement without overwriting the nvram/eeprom/whatever? Alternatively, if everything else is the same between intelMacs and typical PCs, wouldn't you be able to cache an EFI to boot MacOS?

    --
    https://www.eff.org/https-everywhere
  24. Of course by SuperKendall · · Score: 2, Funny

    Because the nature of the effort was to boot XP, they are no longer booting Windows instead of no longer booting OS X.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  25. and... by nuckin+futs · · Score: 4, Informative

    somewhere in this thread are various instructions on how to fix it.

  26. Try This by nbritton · · Score: 2, Interesting

    Try This:
    1. Remove the primary battery on the notebook
    2. Open up the notebook and remove it's internal battery.
    3. Power on the notebook (without it's batteries installed).
    4. With the notebook on, turn it off by removing the power cord.
    5. Leave notebook sit for at least 1 hour, the longer the better.

    Now plug the notebook back in and turn it on, if it starts up and displays an error message saying it's lost it's CMOS settings or something like that then your good to go.

  27. One word... by andy55 · · Score: 3, Funny

    iPaperweight.

    --
    G-Force music visualization
  28. Update: iMacs restored to working state by daveschroeder · · Score: 4, Interesting

    By following these steps, the iMacs that had difficulty with certain EFI modules appear to have been restored to a functioning state:

    1. Disconnect the internal hard disk

    2. Disconnect the iMac from AC power

    3. Plug in AC while holding the power button

    4. Power up the iMac and zap NVRAM (cmd-opt-P-R)

    The hard disk can be reformatted and the operating system restored.

  29. Well, don't do that, then! by jcr · · Score: 3, Funny

    Until and unless Apple publishes a spec for how to modify the EFI, this is in the "you broke it, tough shit" category.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  30. Solution to broken intel iMacs by jaymurray · · Score: 3, Informative
    It seems that Dave Schroeder has posted the following instructions over at Nakfull Propaganda to fix those broken intel iMacs;
    By following these steps, the iMacs that had difficulty with certain EFI modules appear to have been restored to a functioning state:

    1. Disconnect the internal hard disk

    2. Disconnect the iMac from AC power

    3. Plug in AC while holding the power button

    4. Power up the iMac and zap NVRAM (cmd-opt-P-R)

    The hard disk can be reformatted and the operating system restored.
  31. Has the TPM module been ruled out? by cyberbian · · Score: 3

    Could it be that the TPM module is being used to verify the state of the EFI?

    It would make sense to me, that one of the most fundamental aspects of a Trusted Platform Module would be to ensure that the platform is booting in a state you can trust, and not booting on some hacked EFI pointing to (and enabling) devices that the user has no idea are installed. As this is Apple's (or any major vendor to my knowledge) first foray into the TPM arena, perhaps this is part of that whole security featureset that you paid for but can't work with, I'm in the same boat, and would like to feel free to try Darwin in other incarnations as well as use the equipment for Windows and prove to my friends outright why Apple is such the superior gear.

    Is there any way we can map the calls made on the system bus during the complete post? Do we have ANY information on how TPM is being used here?

    There's a glaring hole in the documentation imho a long way from the 1984 ad...http://www.uriah.com/apple-qt/1984.html but there always seems to be someone's visage up on that screen no matter how you slice it.

    cyberbian
    --
    if I claimed I was emperor just because some watery tart lobbed a scimitar at me they'd put me away!
  32. Get rid of EFI completely! by dfjunior · · Score: 5, Funny

    I got tired of mucking around with all the electronic gobbldeygook connected to EFI, so I just tore all that shit out and bolted on a good old-fashioned Holley 4bbl carburetor...

    Next step is a hood scoop and a bigger hard drive...

  33. Re:What about Linux? by Bert64 · · Score: 3, Informative

    Support for EFI is a standard linux kernel option, and i doubt it would be hard to support apple's partitioning scheme... They already used their own partitioning scheme on PPC machines, and linux supports that just fine.

    I also believe EFI is the standard firmware used on Itanium systems too, so linux already must support it to run on such systems.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  34. Re:RTFC - can restore brick macs by rkww · · Score: 5, Informative
    ...but it you read to the end now, you'll find:

    From Dave Schroeder posted 01/23/06

    By following these steps, the iMacs that had difficulty with certain EFI modules appear to have been restored to a functioning state:

    1. Disconnect the internal hard disk
    2. Disconnect the iMac from AC power
    3. Plug in AC while holding the power button
    4. Power up the iMac and zap NVRAM (cmd-opt-P-R)
    The hard disk can be reformatted and the operating system restored.
  35. Re:Hey, Is this possible ? by blueio69 · · Score: 4, Interesting

    I think the best way to go about this would be to do something that was done to enable Linux to boot on old world Macs. On a PowerMac 8600 (for example) the best way to boot into PPC Linux, was to use a special boot loader called BootX http://penguinppc.org/bootloaders/bootx/. Basically, it was an OS 9 program that immediately ran as OS 9 had a basic initialization startup. It gave you a choice to ether to continue to boot into OS 9 or boot into Linux. It is unique from other boot loaders in that it bypasses a computer's firmware and lets Mac OS handle it. I think this is the way to go....let OS X handle the boot process that deals with the firmware, then give users a choice to boot into Windows or finish with the OS X boot process.

  36. Re:What am I missing? by Isca · · Score: 2, Insightful
    One reason is may be for the stylish looks of the Imac, another is the option of knowing that the hardware doesn't change constantly, unlike some in the PC world.

    Granted, this second argument might not pan out -- now that Apple is on the intel bandwagon, They may speed up the upgrade cycle for different models. Since it's not very different from any of the millions of other intel based systems out there, It will be easier to port new hardware to the new machine. The Physical hardware is/nearly is identical with the exception of how the form factor might be when the non-imac models come out, and the software drivers will be easier to port since the underligning hardware calls to the CPU and system buses are going to be the same/nearly the same.

  37. Restoring from "Bricked" condition by Kadin2048 · · Score: 2, Insightful

    Mod parent up.

    This basically is the answer to the question behind the first ~100 or so posts (mine included).

    So it's not an irrecoverable "bricking" problem, but it does get close.

    I wonder if it's possible, rather than reformatting the HD, to put it into another machine and just wipe the partition with the bad NVRAM image on it. Not that it really matters in a test environment (which I hope is the only place anyone would ever try this), where you'd probably want to reformat and reinstall anyway, but I just wonder if it's possible.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."