Chapter in this post:
After I recently made a contribution to the topic "FileVault"And had the related pros and cons of hard disk encryption on the blog, I thought the firmware password topic would be a good addition. The firmware password is also a step to consider when looking at your data and want to better protect your Mac.
Many Mac users are probably familiar with the "trick" of booting their Mac from an external hard drive or USB stick in an emergency. To do this, hold down the ALT key when restarting and go to the startup manager, which allows you to select the startup volume.
The Boot from the recovery partition Using the command CMD + R is also conceivable in order not to boot the Mac from the set startup volume. Both ways can be used to view, copy or change data on the system hard drive via detours.
Of course, the attacker would have to have access to the Mac for this, but if you lost your MacBook, this would be a very conceivable option so that the thieves can access the internal hard drive or SSD - provided it is not encrypted via FileVault.
However, if the firmware password is activated, a lock symbol and a password field appear when you try to use the startup manager or recovery mode. You can only continue with the boot process if you enter the correct password here. In this way, the above-mentioned attacks can be prevented.
The firmware and EFI are basically the same things. The abbreviation EFI stands for "Extensible Firmware Interface". PC users are probably familiar with the term "Bios" - this corresponds to the EFI on the Mac. The EFI is loaded first when the Mac starts before the boot process continues from the startup disk.
If you now want to secure the Mac with the firmware password, proceed as follows:
The EFI password is not requested every time the Mac is restarted, but only whenever you want to switch to recovery mode or the startup manager. For this reason, most users may not be as familiar with the password as the user password, which you definitely have to enter more often.
I would therefore recommend writing down the firmware password somewhere. If you forget it, you have to take the Mac to an authorized Apple provider or to an Apple store so that they can help back up the data.
No. This protection is not active for me. I only use my Mac in a very predictable environment. I rarely travel, I don't take my MacBook Pro to Starbucks, and I don't have an open-plan office. For this reason, I'm not really worried that a stranger might get hold of my Mac.
For people who travel a lot and for whom there is a real risk that the Mac is lost or that third parties can work unattended on the computer in the office, for example, activating the firmware password in addition to FileVault is a sensible thing to do.
Effectively for free: iPhone 13 Mini and iPhone 13 deals with top conditions at Otelo - Advertisement
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.