PDA

View Full Version : EFI Firmware Password info regarding lockdown and removal



chscag
07-25-2016, 06:50 PM
Ran across an interesting article about setting an EFI Firmware password for your Mac and how to remove it if forgotten. The article covers the old method used by Apple to set the Firmware password and now the newer method. It's important to note that from 2011 models onward, a forgotten EFI Firmware password can only be reset by Apple.

EFI Password Locks down newer Macs (http://www.cnet.com/news/efi-firmware-protection-locks-down-newer-macs/)

From the above article, you can see how complex the process is and why an ordinary user or even someone with extended Mac knowledge is not going to be able to remove the password without Apple's help.

pigoo3
07-25-2016, 06:57 PM
Very interesting article Charlie. Like you mentioned…need to get Apple involved to reset things.

- Nick

Cr00zng
07-29-2016, 07:52 AM
Interesting article, indeed, thanks for the link...

It sort of reminds me of Dell procedure of unlocking lost/forgotten hard drive password. Doing so required:


Poof of PC ownership
Service tag number
Drive's serial number
Support would email a 27 or 33 characters code to unlock
The code was PC/HDD specific

Contrary to popular believes... The HDD password is defined as part of the ATA specifications, and it's implemented in the drive's firmware. This is a simple lock, but since it's implemented in the drive, it can't be bypassed by clearing CMOS or connecting the drive to another system. Data recovery is still possible by some data recovery service, if the password cannot be recovered, but it's not cheap.

SED, or Self Encrypting Drive, is a different story. These drives, by default encrypt anything written to the drive utilizing randomly generated encryption keys at the time the drive manufactured. Access to these encryption keys are granted to everyone by default. Setting the HDD/SSD password for SED drive is establishing control for accessing the encryption keys. Data recovery service would have hard time to recover the data from the password protected SEDs. To my knowledge, the only option is to brute force the password. It may take some time, since after entering the password three times, the drive no longer accepts password. Rebooting the system will allow entering the password again.

Sort of reminds me this link (http://www.raczylo.com/blog/recover-forgotten-efi-password-on-mac/) on the subject of how to recover your own forgotten EFI password for your Mac. Basically, you brute force your own password, without the need to reboot. Maybe after a dozen or so tries you'll remember the password. Or maybe not...:Smirk: