Firmware password exceptions?

Joined
Jul 19, 2009
Messages
6
Reaction score
0
Points
1
Firstly, apologies if this is in the wrong place.. it's neither hardware or software related so I was a little torn about where to post ;)

I work in a school and we're about to implement a laptop program across a few year levels.

Naturally we've been research hacks and security risks and ways to prevent students from exploiting them & I've been mucking around with a firmware password on a macbook, and it seems to be pretty handy at blocking access to the startup manager.

However - we'd really like to be able to use certain features (in particular netboot) while the password is in place. Is there any way to implement an exception to the firmware protection, allowing the use of netboot?

Alternatively, is there a way to allow use of any startup commands while the password is in place? (for example after entering the firmware password, [holding option key while booting] then holding N)

As far as I've read, we'd need to remove the firmware password, but I've been surprised by the cleverness of people here before, any insights you have would be appreciated.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
I would advise against setting firmware passwords on those machines. If you've read the Apple KB articles concerning setting up a firmware password and the protection it offers, you should know that losing or forgetting a password pretty much renders the machine useless.

Yes, there are "ways" to get around a firmware password; somewhat easier on older machines and more difficult on the newer ones. But, as far as I know there is no way around other than entering the password to implement a net boot, or booting from an external device.

Regards.
 
OP
G
Joined
Jul 19, 2009
Messages
6
Reaction score
0
Points
1
Thanks for your answer
But, as far as I know there is no way around other than entering the password to implement a net boot,

That's exactly what I'm after... How is that achieved?

When holding down the option key and prompted for firmware password, the only options then are to boot normally (to the HDD) or to boot from CD (because i have the OSX install CD in the machine)
And holding down "N" while booting doesn't prompt me for the password, it just boots normally
 
OP
G
Joined
Jul 19, 2009
Messages
6
Reaction score
0
Points
1
Solved.
posting for anyone with a similar problem in the future, because I know there's been others asking.

After entering the firmware password (by holding down the option key) hold down any key combination like you normally would, (n for net boot, t for target mode, c for booting from optical media, etc.) and it will bring up another icon enabling that option.
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Make sure you keep the password secure for when the Macs are to be upgraded or sold. With Firmware Password locked in and no password available, the machine will be useless to the new owner as you cannot even boot from an OS install disc.
 
OP
G
Joined
Jul 19, 2009
Messages
6
Reaction score
0
Points
1
yeah, will do. it'll be a very secure password we've had in use for a while, which is due to expire by the time the laptops are to be sold - so it won't be an issue passing it onto the new owner. - That is if we don't go through and remove them ourselves.
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
May well be if you are not there at that time. Folk do change jobs.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top