Apple EFI firmware passwords and the SCBO myth Posted on June 25, 2016 @ Mac Reversing # EFI My original goal when I started poking around Apple’s EFI implementation was to find a way to reset a MacBook’s firmware password. Follow these steps to reset your Mac password from another account: STEP 1 Click on the Apple logo on the menu bar and choose Log Out. STEP 2 Select the account that you know the password to, then enter the password. STEP 3 Go to System Preferences > Users & Groups. Remember, this is bypassing the boot-level firmware password. Most Macs have the software based password protection enabled only in the form of a user login and password. If this is the case, you can use methods to reset a forgotten Mac password to get around the user login completely (instructions for OS X Lion are slightly different).
Editor's Note: This is an excerpt from, a new book for Mac users who want to travel beyond the basics. To learn more about the book! Firmware password protection can help safeguard your Mac and the data stored on it.
With this feature enabled, users are prevented from booting from another startup disk or entering single-user mode — a command-line interface that can be accessed at startup. Firmware password protection is especially effective in enterprise or educational environments where administrators can secure the physical hardware but cannot be present to prevent tampering by employees or students.
For example, unauthorized users can’t start the computer from a USB emergency drive when firmware password protection is enabled. This feature isn’t a substitute for encryption or physical controls. If your Mac is stolen, a criminal could replace the RAM to reset the firmware password or remove the hard drive to extract your data. But when firmware password protection is used in conjunction with physical controls and account passwords, it can be an effective deterrent to would-be criminals. Understanding Firmware Password Protection To understand how firmware password protection works, you need to know a little about your Mac’s hardware. Older Apple computers with PowerPC processors used Open Firmware as an interface between the operating system and the firmware; newer Macs with Intel processors use an Extensible Firmware Interface (EFI), as shown below. Setting a password in Open Firmware or EFI provides low-level protection at the hardware level.
The firmware password is disabled by default. When you enable it, your Mac’s firmware is protected from unauthorized changes. Your Mac will continue to function as before, with no need to enter the firmware password during normal operation. Users are only prompted for a password when they try to change the firmware’s state by entering single-user mode or booting from a different startup disk. If you forget your firmware password, you’ll need to remove the RAM modules to reset it.
(Some MacBook owners will need to schedule an appointment at their local Apple Store.) You should use the same precaution with the firmware password as you would with any password—commit it to memory. Enabling the Firmware Password To enable the firmware password, you’ll need to boot from a different startup disk. Users running Mac OS 10.7 or later can boot from the Recovery HD partition.
How To Create Firmware
Users with Mac OS 10.6 or 10.5 will need to boot from the Mac OS X Install DVD. Here’s how to enable the firmware password:. If your Mac is running OS 10.7 or later, restart your computer, hold down the Option key, and then select the Recovery HD, as shown below. If your Mac is running OS 10.5 or 10.6, insert your Install DVD, hold down the Option key, and then select the Install DVD. Wait for the operating system to load and then select Utilities, and Firmware Password Utility.
The window shown in Figure 30-3 appears. Enter a password and then verify it. This is the firmware password for your Mac. Click Set Password. Restart your computer and hold down the OPTION key. The password prompt shown below appears. Enter the firmware password and then click the right arrow button.
You can now select a startup disk. To disable your Mac’s firmware password, follow these instructions and deselect the Require password to start this computer from another source checkbox in the Firmware Password Utility.
Additional Ideas for Protecting Your Mac at the Hardware Level For greater protection, use physical controls in conjunction with firmware password protection and encryption. Mobile users can invest in to secure their portable computers to immovable surfaces while working in public. Enterprise administrators should invest in case locks to prevent users from gaining access to internal computer components, like the hard drive and RAM. Ultra paranoid?
You could even go all out and bolt your Mac Pro to the floor! Related Articles. Meet Your Macinstructor, the author of, has been a Mac user for over 20 years. A former ghost writer for some of Apple's most notable instructors, Cone founded Macinstruct in 1999, a site with OS X tutorials that boasts hundreds of thousands of unique visitors per month. You can email him at:.
Mac is well-known for the security of the OS X system. Among many other things, there is an authentication password request for some actions related to the system using the. Without authentication or entering the correct password, some things like installation, date and time setting and so on, cannot be done. This point of this is to prevent access toward things related to the system, security system and security by ineligible person or a program with a virus code that can duplicate themselves. It can happen if the computer’s operating system doesn’t have an authentication system like Mac. Read also- The admin password on Mac is playing the important role as a part of your operating system security. But this admin password is only useful inside the operating system itself and couldn’t protect your Mac from start up activity which usually related to Mac installation, format a Mac, reset Mac password, restore Mac, etc.
Read also For security associated to start up activity, we have to add one more password which is different than the admin password. Is it possible to set password on hardware level where this password can be a part of your Mac security before entering operating system? Yes, it is possible with a feature called firmware password. It’s a password which is planted on hardware level that can make start up activity on Mac must go through an authentication stage by entering that firmware password. How to create firmware for your Mac?
That’s exactly what I am about to explain. Steps to to create firmware password for your mac The following steps are for Mac with OS X 10.7 or later.
Restart Mac. Once it’s ON press and hold the option button for a few seconds until start up disk shows up, and then choose recovery HD. You can also access recovery HD by pressing combination button, command+R once Mac is ON.
You will enter to Recovery HD. On the menu bar, click Utilities Firmware Password Utility. Click Turn on Firmware Password, and then create a password for your firmware password. When you are doing a start-up activity, by pressing and holding option button, you will see the padlock icon and you need to enter the firmware password that you have made, and no one will be able to start up the disk activity and put your data in danger. If your Mac is 2011 version or later, or if you have a MacBook Air then only apple Authorized Service Provider can reset that firmware password.