I've read quite some posts reg. eficheck; in itself it doesn't seem too "worrying" (for security reasons it's probably quite useful, but that's a bit off-topic here)
I found this very interesting document here, which I unfortunately only understand partly (I suppose I could grasp it to 99%, but it'd take me 2 days – and maybe some others here already read this): https://duo.com/assets/ebooks/Duo-Labs-The-Apple-of-Your-EFI.pdf
In there it says: "[…] there appears to be another level of checking that takes place within Apple’s pre-boot EFI environment that prevents rollback to an older version of EFI. "
After I update to High Sierra, will I be able to roll back, incl. the older firmware – just in case the newer firmware reveals some disadvantages later on?
Best Answer
In general, no. Apple doesn’t release tools to reverse an EFI update publicly. In general, these aren’t needed since the drivers for GPU and other functional aspects of running the system exist at the OS level which you can revert to freely. Also, EFI updates now arrive with normal OS updates, so most people get these updates when you apply normal updates and not needing to run a separate EFI update.
Technically, Apple service providers can get access to tools to revert firmware but that is more geared to when an update hangs as opposed to there being a known regression.
Known regresssions generally are resolved with a newer patch on top, always advancing EFI versions as opposed to reverting.
Now - hardware like the Mac Pro (Early 2009) may have other worries due to being classified Vintage and Obsolete products as defined by Apple: https://support.apple.com/en-us/HT201624
Also - there is a nice paper by some long time Mac administrators that work for a security firm now with research on EFI updates and what happens without a check and users being shown when they are down level:
It's getting a fair bit of mainstream coverage - but the headlines there are a bit click bait / overblown in my experience so far. The risk to home users is very low and EFI is generally only needed to exploit systems when they are already running 10.12.6 and have all updates applied and you can grant local physical access by a skilled technician of the hardware that's being attacked.
In specific, the Mac Pro 5,1 is listed as never having an update in the DuoSec research paper - so all this might be a moot point if all you care about is Mac Pro 5,1.