Contribute
Register

[Guide] Install High Sierra or Mojave on the Dell Optiplex 7010 / 9010 Desktop PC - Revision II

Status
Not open for further replies.
As promised, here's my debug.
Give this one a try, open config.plist and into Devices/Properties/ add these patches:
393204

Reboot and check if situation improves, if not try adding the DSDT/Fixes/AddIMEI=YES and give it another try.
 
Give this one a try, open config.plist and into Devices/Properties/ add these patches:
View attachment 393204
Reboot and check if situation improves, if not try adding the DSDT/Fixes/AddIMEI=YES and give it another try.
No improvement doing both solutions.
 

Attachments

  • debug_15362.zip
    2.5 MB · Views: 68
That's why it takes too long to boot, so does mine, it has no effect on Windows but on macOS i can tell that from my experience it takes too long to boot with it turned off and on HP elite disabling the AMT disables the IMEI as well for me. So that causes long boot time and no QE/CI.YMMV
That is absolutely correct, thanks. I just powered up my HP8300 with 3245 (HD4000) in it and with AMT Diasabled it takes 62 seconds to boot and with AMT enabled in BIOS it takes just 9 seconds (similar to what it takes with AMT Disabled but NV710 in it). So this is so weird that enabling something thats only used by corporations for remote admin etc fixes the HD4000 boot up time! I am gobsmacked. I've been disabling AMT thinking it should boot a touch quicker without it, yet clearly, for MacOS/HD4000 its the other way round. Thanks for the pointer. So now back on topic of Dell 7010, I guess we need a way to enable AMT for those machines (most?) that have MEBx disabled at the factory in order to get them to boot with HD4000 in a timely manner.
 
I guess we need a way to enable AMT for those machines (most?) that have MEBx disabled at the factory in order to get them to boot with HD4000 in a timely manner.
This is a case of either you have it or you don't. There's really no easy way to enable MEBx if it's already disabled at the factory, other than completely replacing the Intel ME chip on the motherboard or re-flashing the existing one. Probably not worth it. I was lucky that my 7010 USFF has it enabled. HD4000 is the only graphics option. I think that the security vulnerabilty aspect of AMT is why businesses and government offices have it completely disabled on some Dells before they even ship. Here's some info on why they do this:
AMT is Intel’s remote maintenance feature used on Intel vPro-enabled and Xeon processors. MEBx is a BIOS extension used to manually configuring the AMT service. When configured properly, MEBx is password protected.

Researchers at F-Secure, who outlined their research in blog post Friday, said typically users don’t change the MEBx password from the default password “admin”.
“The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place,” F-Secure wrote.
The attack starts with a reboot the target’s laptop/desktop into the PC’s boot menu. Typically, an adversary would not be able to bypass a BIOS password, stopping the attack in its tracks, said researchers.

“In this case, however, the attacker has a workaround: AMT. By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password ‘admin,’ as this hasn’t most likely been changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to ‘None’, a quick-fingered cyber criminal has effectively compromised the machine,” F-Secure wrote.
One minute plus boot times are hardly tolerable so everyone that has AMT should enable it. Simply change the admin password while in MEBx. I've changed my default "admin" password to something secure. Probably a good idea for anyone else that has it enabled to do so as well. It's not a high risk for home users but it's so simple to change it, why not ? Press Ctrl and P keys together at boot up, sign in with admin and then change the password to something with 8 characters including letters, numbers and one special character. MEBx won't let you change it to an insecure password. It lets you leave it at the totally insecure "admin" which is no password at all. Hard to understand that one. :think:
 
Last edited:
This is a case of either you have it or you don't. There's really no easy way to enable MEBx if it's already disabled at the factory, other than completely replacing the Intel ME chip on the motherboard or re-flashing the existing one. Probably not worth it. I was lucky that my 7010 USFF has it enabled. HD4000 is the only graphics option. I think that the security vulnerabilty aspect of AMT is why businesses and government offices have it completely disabled on the some Dells before they even ship. Here's some info on why they do this:

Thanks for the info. I'm looking on a forum now where folks have had success writing the specific ROM area with that from an enabled-ROM. Here's the instructions, although looks a little risky, I'm not sure I want to risk a motherboard. "
1. Flash BIOS to A25
2. Reboot
3. Reset BIOS to defaults
4. Reboot
5. Adjust BIOS settings to your liking
6. Shutdown
7. Set jumper to Service mode
8. Flash me_fix.bin via "fpt -rewrite -me -f me_fix.bin"
9. Shutdown
10. Set jumper back to normal mode
11. Perform ME reset via "fpt -greset"
12. Reboot
13. AMT should be operational"
 
Thanks for the info. I'm looking on a forum now where folks have had success writing the specific ROM area with that from an enabled-ROM. Here's the instructions, although looks a little risky, I'm not sure I want to risk a motherboard. "
1. Flash BIOS to A25
2. Reboot
3. Reset BIOS to defaults
4. Reboot
5. Adjust BIOS settings to your liking
6. Shutdown
7. Set jumper to Service mode
8. Flash me_fix.bin via "fpt -rewrite -me -f me_fix.bin"
9. Shutdown
10. Set jumper back to normal mode
11. Perform ME reset via "fpt -greset"
12. Reboot
13. AMT should be operational"
If you want to be the guinea pig and try it out you could help out the community. I wouldn't try this if my Dell had AMT disabled. I guess the replacement motherboards are less than 20 dollars but it's still a hassle to completely replace one.
 
f you want to be the guinea pig and try it out you could help out the community. I wouldn't try this if my Dell had AMT disabled. I guess the replacement motherboards are less than 20 dollars but it's still a hassle to completely replace one.

Indeed. Should I decide to give it a go I will surely post back my results. Else maybe try to buy an already enabled one from the usual places and then re-sell the disabled one to a Windows user, for which this is no consequence.
 
On a different topic with the 7010 has anyone gotten WakeOnLAN to work? Its all set up properly in the BIOS and even works plugging the PC in from scratch but after Mojave (installed as per this guide) has booted, an S5 WOL/Magic Packet fails to wake the machine. As I said BIOS all set up ok, including WOL being enabled and Deep Sleep disabled.
 
On a different topic with the 7010 has anyone gotten WakeOnLAN to work? Its all set up properly in the BIOS and even works plugging the PC in from scratch but after Mojave (installed as per this guide) has booted, an S5 WOL/Magic Packet fails to wake the machine. As I said BIOS all set up ok, including WOL being enabled and Deep Sleep disabled.
We all need to remember, even though these are so compatible, we still only have UEFI designed for PCs and not Macs. That being said, I never really need to remote in to this Optiplex because it's not a work machine, just a hobby. I've never seriously tried this. If anyone could figure that out it would probably be Sniki. Don't know if he currently has the time to make an SSDT for that or help with the troubleshooting.
 
Last edited:
Optiplex 7010 SFF Motherboard
This is the lowest price I've ever seen for a fully macOS compatible Ivy Bridge motherboard. $12.99 for the SFF 7010.
If anyone with an SFF model needs a backup board or someone just wants to try one of these out with very little expense involved, an amazing deal. You could even put one on a test bench, connect a standard PSU and use some DDR3 1600 ram, an IB CPU and you've got an ultra low budget CustoMac. You could even put an AMD RX580 on this board when it's on a test bench. There would be no graphics card length restriction as there is in the MT Optiplex. Here's the exact same board on Ebay.co.uk Price is the same too.
Don't forget the CPU cooler for about 11 dollars more.
If you install a Core i3-3225 or 3245 you could easily even run it fanless with just the copper heatsink installed and some high quality thermal paste applied to the CPU.

As a disclaimer, I have no affiliation with the seller. Just spotted this amazing deal and thought I'd share it. If you look at used Z77 mATX boards on Ebay they start at 100 dollars and go up to 200 dollars or more. Many sell for more than they did when brand new from the manufacturer.
 
Last edited:
Status
Not open for further replies.
Back
Top