Mac News

Firmware password security improved on new MacBook Air & Pro

ZDNet spotted a new Apple support document which states that only “Apple retail stores or Apple Authorized Service Providers” can unlock a new MacBook Air (late 2010) or Pro (early 2011) protected by a firmware password. If your firmware password is lost or forgotten, you’ll have to take it to the shop to get it cleared.
This is significant news, because techniques for circumventing the security features built into the Extensible Firmware interface (EFI) have circulated on the Internet for some time. Even if you set a firmware password, a skilled attacker could still access your machine and your data.
A firmware password will prevent someone from restarting the machine using Target Disk Modeor booting off a DVD/external drive. It will not prevent someone from opening your computer up, removing the hard drive, and putting the drive into a separate computer or case, but it’s an extra layer of protection. [As the security maxim goes, “physical access = full access” — however a firmware password is frequently used by schools or enterprises to raise the difficulty level for casual hacking. –Ed.]
It’s possible that as newer Macs are released, they too will have the enhanced security that Apple has provided to the current MacBook Air and Pro lines. Alternatively, Apple might leave the supercharged lockdown as a feature for the portable machines only (seeing as it would be something of a drag to haul your Mac Pro to the mall for a forgotten firmware password).
If you need to set a firmware password, boot your computer from the installation disk (either a Snow Leopard DVD or that cute little USB drive that ships with the MacBook Air which you probably lost already, didn’t you?). After selecting a language, go to the “Utilities” menu, and select “Firmware Password Utility.”
With the password enabled, you will have to enter it before booting from any method other than the internal hard drive. You can remove the password by following the same steps and choosing “Remove Password.”