[SUCCESS] Gigabyte Designare Z390 (Thunderbolt 3) + i7-9700K + AMD RX 580

[3Dman]

HOLY C$%P!!!

The bytes we need to patch are right there in the first 0x200 bytes of what you retrieved from Linux:
View attachment 455431

Could you modify them? I really want to try it but I'm afraid it breaks and I don't have external patching tools

 

[Elias64Fr]

Unique ID is not UID in that case, it's Domain UUID. and it's not in the DROM section.
For example this is mine masked:
* domain0 c4010000-0070-7X1e-0X7a-bX12X0000X22
|- bootacl: 0/16
`- security: none

I'm sure every Designare board will be different. It seems to be required to implement Thunderbolt security features.

I currently have User Authorization and seem to work as normal. But you are right we have to see if a device has never been authorised on windows and with this Thunderbolt security mode, what happen ! By normal operating, it will rejected by macOS Driver on case we don't have the true UID

 

[CaseySJ]

Could you modify them? I really want to try it but I'm afraid it breaks and I don't have external patching tools

There's a potential issue as highlighted in red. It's possible that NVM authentication will fail, but it's still worth trying. There are other details to work out, such as the total size of the firmware to be flashed. We can't just replace individual bytes.

Maybe we can download the Thunderbolt firmware from Gigabyte, patch the 6-7 bytes, and try to flash it via Linux.

Which version/distro of Linux did you use?

---

 

[3Dman]

I currently have User Authorization and seem to work as normal. But you are right we have to see if a device has never been authorised on windows and with this Thunderbolt security mode, what happen ! By normal operating, it will rejected by macOS Driver on case we don't have the true UID

I think macOS uses IOMMU and in that case security levels are redundant. https://www.kernel.org/doc/html/latest/admin-guide/thunderbolt.html#dma-protection-utilizing-iommu

DMA protection utilizing IOMMU
------------------------------
Recent systems from 2018 and forward with Thunderbolt ports may natively
support IOMMU. This means that Thunderbolt security is handled by an IOMMU
so connected devices cannot access memory regions outside of what is
allocated for them by drivers. When Linux is running on such system it
automatically enables IOMMU if not enabled by the user already. These
systems can be identified by reading ``1`` from
``/sys/bus/thunderbolt/devices/domainX/iommu_dma_protection`` attribute.

The driver does not do anything special in this case but because DMA
protection is handled by the IOMMU, security levels (if set) are
redundant. For this reason some systems ship with security level set to
``none``. Other systems have security level set to ``user`` in order to
support downgrade to older OS, so users who want to automatically
authorize devices when IOMMU DMA protection is enabled can use the
following ``udev`` rule::...

 

[3Dman]

Which version/distro of Linux did you use?

Arch Linux live USB.

 

[CaseySJ]

Tried it sever times now, with new serial number each time. Unfortunately, I'm still prompted to contact customer support.

My fresh installation of Catalina is now complete, and Messages worked right away.

Please check System Information --> Network for the existence of en0 as shown:

 

[qthegaijin]

*** Thunderbolt DROM Micro-Guide for Gigabyte GC-Titan Ridge ***​

Here are my results using a newly created UID and CRC with the Antelope Audio device plugged in.

Only 1 port (PORT 1 on the card) seems to work. Hotswap works on that port. WHats new is that it now shoes 4 ports on Bus 1 instead of just 2 like before. I have attached my boot log readout. This is on Build 3 of my Sig.

More Observations:
When I plug in the orion without having it plugged in at boot, the drivers dont catch like if I boot with it booted, as well as the two crossed out options, AppleHPMUserClient appear when connected. They Briefly show up, then become crossed out after a few seconds.

Attached is what AppleHPMUserClient says:

 

[Elias64Fr]

@CaseySJ @Elias64Fr
Could we dump the nvmem of the Thunderbolt controller using Linux from /sys/bus/thunderbolt/devices/0-0/nvm_active0/nvmem, patch the 7 bytes if applicable, and then do host NVM upgrade using these instructions?

Here's the nvmem file I have dumped, it's 516,096 bytes, I'm not sure if it has the bytes to be changed.

@3Dman @CaseySJ @NorthAmTransAm
Yes, this methodology is correct, I had done same for my laptop. But the result need to be modified by adapting to firmware format that can be flashed (not by programmer but flashing tool). File content begin directly at 0x4000 and we don't have offset to active and inactive partition.

For resume all kind of firmware :

1. Full firmware include all partitions (we have now this for our Designare). This one is flashable only by Programmer.
2. Flashable firmware that include only one partition (might include Thunderbolt and TI PD). Normally written on inactive partition then after successfully flashing process, inactive and active would be swapped. This one is only flashable by software.
3. Extracted firmware from Linux, this not include offset and begin @ 0x4000 (you also have Thunderbolt DROM) . This one need to be modified to add all part before 0x4000. This can be more difficult if we have two partitions (need to play with different offsets for Thunderbolt part 1, Thunderbolt part 2 (the same but on another offset) and the TI PD firmware part)

If you want to patch firmware (kind 3), adapting it on kind 2 then flashing it on Linux. It normaly will not been authenticated at the end of flashing process (like on TBTFlashing tool under windows).

But but i can be wrong.


That's all

 

[jackil182]

My fresh installation of Catalina is now complete, and Messages worked right away.

Please check System Information --> Network for the existence of en0 as shown:

Thanks for bearing with me. My system information looks slightly different. I don't see Ethernet1. Do I need to change it somehow?

 

[CaseySJ]

Thanks for bearing with me. My system information looks slightly different. I don't see Ethernet1. Do I need to change it somehow?

Only the presence of en0 is important. Whether it's assigned to "Ethernet1" or "Ethernet2" or any other name does not matter.

• Is this a fresh or relatively new installation?
• Or was it working in the past, but is not working now?

As I said, I had no problems just now to activate Messages after a clean installation.