Autumn firmware updates

Last month’s batch of macOS security updates and the upgrade to Sonoma have brought some firmware updates. This article explains what has changed and what hasn’t.

Normally, firmware versions of Macs that are running currently supported versions of macOS remain in sync, as their two security updates and one full update contain the same firmware versions. We should thus expect macOS 14.1, 13.6.1 and 12.7.1 to have consistent firmware versions. However, release of a new major version of macOS often brings a short period in which the same models run different firmware depending on which version of macOS they have installed: that’s what has just happened.

If you’re one of the lucky few to have an iMac19,1 (Retina 5K, 27-inch, 2019) that is the only Intel model without a T2 chip to be supported by Sonoma, then if you upgraded to macOS 14.0, your Mac should have firmware version 2019.0.0.0.0. But if you’re still running Ventura or Monterey, or earlier, its firmware will have remained at 1968.140.7.0.0, as it has been since Ventura 13.5.

This gets more confusing when you look at T2 and Apple silicon Macs.

Intel models with T2 chips upgraded to Sonoma should have firmware version 2020.0.1.0.0 (iBridge: 21.16.365.0.0,0), but as far as I’m aware, if they’re still running Ventura or Monterey, they’re likely still to be on 1968.140.7.0.0 (iBridge: 20.16.6072.0.0,0). Unfortunately, I don’t have a direct method of confirming this, as I can’t inspect their firmware in the same way that I do for Intel Macs without a T2.

Apple silicon models upgraded to Sonoma should now be running with an iBoot version of 10151.1.1. If you check that in System Information, it should also report an OS Loader Version of 10151.1.1. I believe, though, that those running Ventura or Monterey are likely to report that same iBoot version, but their previous OS Loader Version of 8422.141.2, as I see here on a Ventura 13.6 VM.

I have updated the version numbers in the reference pages here:

for Sonoma (new),
for Ventura,
for Monterey,
for Big Sur.

Most notably, for the time being at least, the only Intel model without a T2 chip that has received a firmware update since the release of macOS 13.5 is the iMac19,1, the only one that is supported by Sonoma. Whether the next round of security updates later this year will bring any further firmware updates for other Intel models without T2 chips is an open question.

This all poses problems for SilentKnight, which automatically checks which firmware your Mac should be running. For the time being, the only firmware version that I have updated is that for iBoot in Apple silicon Macs. This spares those with T2 models that haven’t yet been upgraded to Sonoma from being warned all the time that their Mac isn’t running the latest version of firmware. Please bear with me as order is restored to firmware versions in the coming months.

One final point for those who have used eficheck on their Macs in the past: that command tool, introduced in High Sierra, no longer exists in Sonoma. It continues to work in Ventura and earlier, but only on Intel Macs without T2 chips. Macs with T2 or Apple silicon chips routinely check the integrity of their firmware when they start up, and with just the single model of iMac able to run eficheck, it has been abandoned in macOS 14. Farewell, old friend.

Tomorrow I’ll post a detailed reference to the security data files in Sonoma.