Firmware Password Protection for Intel Macs?

PPC macs can use the Open Firmware Password utility to protect the computer from someone booting of another drive to access your data http://docs.info.apple.com/article.html?artnum=106482
How can this same protection be accomplished with Intel-Macs? Intel Macs use a different fireware/boot process, so OFP above doesn't work. according to the apple article above, it can be done - but it doesn't explain how:
"Intel-based Macintosh computers can be protected by firmware passwords as well. The firmware in an Intel-based computer uses Extended Firmware Interface (EFI) technology"

Install DVD1 apparently has a Universal Binary called 'Open Firmware Password' on it that works just the way it did on PPC Mac's (not tried it personally)
According to this post it was fixed in 10.4.6

Similar Messages

  • Firmware Password Protection For Apple Mac Mini running Mac Os X Server10.6

    Did any one Know How to install
    Apple Firmware password to my Mac mini Server (1.83 ghz macmini)
    please help

    To confirm, you have booted the DVD, selected the language, then looked under the Utilities menu item up to the menu bar? (That's where it's expected to be, but I don't have a way to test that right now.)
    And FWIW, when posting, it can be very helpful to post what you've looked at or what you've tried or what's confused you. With that background, you can get an answer to your question more quickly. With that, you're not going to get (for instance) me posting a pointer to something you've already tried.

  • Open Firmware Password for Intel MAcs

    I had used this application and password protection for my G4's. Does it work for Intel Macs?
    20" iMac Core Duo 2/ 14 iBook [1 ghz]   Mac OS X (10.4.7)  

    Yes,this support article says that Intel does support open firmware password and gives the steps to set.
    -mj
    [email protected]
    Message was edited by: macjack

  • Intel iMac, Open Firmware Password Protection and booting from CD

    I have an Intel iMac I'm setting up for use in a public library. I want to prevent single user login with the Open Firmware Password Protection utility, but if I do, how do I boot from the OS disc, zap PRAM, etc? The OFPP page has instructions on removing the OF password, but it does not work on Intel Mac's. Also, is there an alternative way to prevent single user login?

    No, you were right, I just misunderstood. Technically it's called single-user mode. But, you were right.
    Anyway,
    Since it seems that there might not be an answer directly related to your topic you could maybe give this a try.
    In Simple Finder the user can not restart or shutdown. They can only sleep and log out.
    The other problem, however, is if they log out then there are those Sleep, Restart, and Shut Down buttons on the login screen. Luckily, though they can be turned off.
    So as of now, if some is logged in in a Simple Finder account they can not restart or shut down the computer in order to get into single-user mode. They can also not get into the Administer account since it is password protected.
    The only problem I can see with this is that a person could do a hard shut down, hold the power button down until it turns off, and then boot up and enter single-user mode.
    If you want to go ahead and do this, in order to get the computer up and running in the mean time, just post back and I'll be glad to help you set up a Simple Finder account.

  • Open Firmware Password Protection?

    Anyone had any luck setting this up? I don't see it on the DVD... I am hesitant to use the one from my Tiger CDs... anyone know how to setup Open Firmware Password Protection on Leopard?

    Thanks for detailing your solution Mac Campbell.
    Unfortunately I can't locate the Firmware Password Protection application in the directory you listed nor any other folder for that matter. I'm not confident its been installed on my system (clean install of Leopard btw). Could you please confirm its exact location for this Terminal newbie.
    Many thanks in advance.
    Steve

  • No security for intel macs in target disk mode?

    By putting an intel MacBook in target disk mode, all the files are accessable by another computer which can mount the disk. If my machine is stolen, apparently I have no security. I found one post that says intel macs actually have some firmware password protection, but I have not been able to find how to turn it on. The Open Firmware Password feature does not work on intel macs. This seems to be a really big loophole. Having a login password is worthless if your machine is stolen. If anyone can help, please point out where there is more information on this issue.

    If your computer is stolen firmware password will not protect your data. Even if the thief can't turn off the password, the disk drive can be removed and connected to another computer. Passwords, and other information, stored in keychains are still safe, however. The only way to protect other data is to use Filevault, Be sure to have good backups, because any error can make all your data inaccessible (as would the theft of the computer, of course).

  • Firmware Password protection = slow firewire speeds

    i've been trouble-shooting a seagate freeagent fw800 external drive which is suffering from abnormally slow read speeds when connected to my macbook pro. i tested it with Drive Genius's Benchtest - around 8mb/s. the drive works fine on my imac, so the drive isn't at fault.
    after much head-scratching, i remembered that i have firmware password protection switched on, so i just turned it off with the 10.6 dvd and retested the drive, and it performs normally (around 40mb/s).
    i've not found any mention of this issue apart from one post from 2 years ago:
    http://discussions.apple.com/thread.jspa?messageID=8448187
    so now i have to choose between a safer mac, or decent read/write speeds for my audio multitracking work. great. its not exactly convenient having to turn FPW on and off via the dvd...
    anyway just thought i'd mention this for future baffled searchers.
    reported it as a possible bug to apple too.

    This should allow you to reset the root password
    1. Restart your MBP while holding down Apple/S
    You will see a bunch of scrolling text, when that stops
    2. At the Localhost% prompt type:
    */sbin/mount -uw /*
    /sbin/SystemStarter

    You will then see the services starting up. 

    3. When the Localhost% prompt reappears, type:
    *passwd root
*
    It will then ask you to type the new root password twice
    4. After entering the new password, type:
    reboot
    5. Login as root with your new password and proceed from there.

  • Disable Firmware Password Protection

    I have a G4 Digital Audio. Since i installed a 1,7GHz procesor upgrade (Sonnet Encore) and had to apply a patch to the firmware it seems that open firmware password protection is enabled. Now i'm in trouble as i can't start up from a selected disk (i didn't consider it's on a > 128 GByte partition) and as i don't know the password (i haven't enabled it) i can't use the option key, so i can't startup the computer from any disk. Reading this: http://docs.info.apple.com/article.html?artnum=106482 i realized about the password protection and that there may be a way to bypass it having fisical access to the computer. Any hint what i can try to start up my computer again?

    Hi, Olaf -
    There is a way to do that, but to help others avoid having their Mac's security breached (particularly those with laptop machines) it is not publicized. You should contact Apple Support by phone, or take your machine to an AASP.

  • Forgotten Firmware password protection  And no OS on hard drive

    I really need to know how to get it off. My hardware has been wipped and there is absolutly nothing on it. And i need to take Firmware password protection off in order to install anything onto it.

    See this link for resetting an open firmware password:
    http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&productsid=69&zenid=74f4076fb96074db45dc274f7de86bc6

  • What is the best virus protection for a Mac?

    What is the best virus protection for a Mac?

    1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
    OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
    2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
    The following caveats apply to XProtect:
    It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
    It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
    3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
    Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
    It can easily be disabled or overridden by the user.
    A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.         
    4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
    5. Beyond XProtect, Gatekeeper, and MRT, there’s no evidence of any benefit from other automated protection against malware. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
    That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
    Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
    A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
    Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
    Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
    Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
    6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
    Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
    Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it, when necessary, only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
    Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
    7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
    Why shouldn't you use commercial "anti-virus" products?
    Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
    In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
    By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
    8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
    ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
    A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
    ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
    ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
    9. The greatest harm done by security software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
    10. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

  • Windows media player for intel macs?

    im so bumbed that windows media player wont run on intel macs...does anyone know when they plan on getting it for intel macs!..i need it!...Flip4mac *****...the formats that it plays i have not come across yet..and thats even if its working properly...i think im gunna uninstall that actually....Please I need windows media player!!!...anyone know anything about it?

    No biggie. Please don't be insulted but you're downloading the MAC version, correct? At Mactopia.com?
    a dah..lol..yes...
    That being the case if it won't run I'd do the "regular drill": Repair Permissions, download & run Onyx or Cocktail, consider booting from your install DVD and running Disk Repair. If still no joy post back.
    not sure what to make of this....i might just wait for the intel version of flip4mac..because im not sure if i should do all that....i dunno im so confused...why cant it just work?....what is onyx and cocktail?.....what is Repair Permissions?....im not exactly a techy so im not to comfortable running the instal DVD..wat if i mess everything up?..isnt there and easier way to get WMP on my macbook pro?...anyone else have problems downloading and using WMP..and found a way to run it?..or am i seriously the only one that does not know what to do....im not trying to be annoying, but some please help me...

  • OS X update for intel MAC

    i have just done the update for intel mac- i can note that all windows have a steel grey finish now- i just wanted to check with others if they have the sasme finish or is it a problem with my mac
    also is this the way leopard will look like

    huh?? wad are u talking about? i don see any difference in the gui on my side. and besides all finder windows HAVE ALWAYS had the steel gray finish look, including safari..

  • PlainTextPaste for Intel Mac?

    I frequently need to copy many file names into an email. I had been using PlainTextPaste, but that does not run on the Intel Macs. Now, when I select more than one file in the Finder, copy, and paste into an email, the actual files themselves get pasted in, and not the names. Does anyone know of another product like PlainTextPaste for Intel Macs, or is there already a way to get the result I want that I don't know about?
    Thanks,
    -Tiffany

    Create a new document in TextEdit, choose Make Plain Text from the Format menu, paste the list into it, and then copy it from there.
    (42931)

  • How do you change the password protection for a file if you forget it?

    How do you change the password protection for a file if you forget it?

    Certainly not with Reader...

  • Best financial software for Intel Macs

    I see to my disgust that Intuit just released a new version of Quicken that is not universal binary. That being the case, what is the best home financial software for Intel Macs?

    Hey Todd,
    Just to be sure I am understanding you - you are saying you are miffed because Quicken missed the chance to go Universal Binary. That is understandable, but I just wanted to make sure you knew that it still runs on Intel macs.
    I am running the newest release on my Macbook and to be honest Quicken just isn't one of those apps that is going to benefit from more speed.
    My frustration has always been that Quicken dumbs down the functionality for the Mac version. Still the case with this last release.
    That said, Quicken is still the best buy for my money (sorry couldn't resist!) and runs well via on the Intel macs.
    The best solution and the one I am moving toward is to load XP on Parallels and run the PC version of Quicken that way.
    Best of all worlds I would say.
    MacBook   Mac OS X (10.4.8)  

Maybe you are looking for

  • Help can't update my software

    I can't open my updates when I open my apps store the updates remains blank now on my setting I can't update my software too when I press the update software the screen says downloading but nothing is happening the gear button just kept on turning I

  • Enter and shift keys not working. HELP!!!

    A few days ago my mouse started behaving erratically all of a sudden. It would move by itself, click apps, and switch tabs rapidly all on its own. I've had this computer for over 2 years and this has never happened before. Restarting and rebooting in

  • ICloud Mail Slow?

    Anyone else experiencing excrutiatingly slow iCloud mail sync? I'm using Apple Mail in Mountain Lion, and after starting Apple Mail iCloud takes forever to sync up. When I try to access via the webmail, some folders time out while loading. There are

  • TREX error 6809

    Hi all, i'm just facing error number 6809 "Preprocessor communication error" on 1 document to be indexed. Didn't found on sap note 450226, has anybody faced it yet? regards. Fabio Grilli

  • Hyper-V Nic Teaming (reserve a nic for host OS)

    Whilst setting up nic teaming on my host (server 2012 r2) the OS recommends leaving one nic for host management(access). IS this best practice?  Seems like a waste for a nic as the host would hardly ever be accessed after initial setup. I have 4 nics