Mac Startup Security Utility - Function and Use Explained

If you are using an Apple Mac, an iMac or a MacBook with a T2 security chip, you will find this when you start up in recovery mode Startup security utility. The same in the English version of macOS Startups called Security Utility Program helps you to set security settings for computer startup. So you can z. B. set whether macOS can only be started from the internal hard drive or also from an external removable medium. Furthermore, system versions (only current OS, only verified OS versions or no restriction) can be specified. Last but not least, you set up the firmware password in the Mac Startup Security Utility.

In the recovery mode of an Apple Mac with a T2 security chip, you can access the boot security utility to set the firmware password, set security prompts when starting macOS or Windows, and specify allowed boot media. You can find details in this guide.
In the recovery mode of an Apple Mac with a T2 security chip, you can access the boot security utility to set the firmware password, set security prompts when starting macOS or Windows, and specify allowed boot media. You can find details in this guide.

Preview: Which Mac models have a T2 Security Chip?

The T2 chip is a coprocessor in current Intel Macs. The nickname "Security" already indicates the importance of data security on Apple computers. So he regulates z. B. the encryption of the memory, the functions for a secure start, some processes of the digital image processing as well as the protection of the data for the Touch ID. According to Apple's official support document (here) the following Mac computers have the T2 chip:

  • Apple iMac (Retina 5K, 27″, 2020)
  • Apple iMac Pro
  • Apple Mac Pro (2019)
  • Apple Mac Pro (Rack, 2019)
  • Apple Mac mini (2018)
  • Apple MacBook Air (Retina, 13″, 2020)
  • Apple MacBook Air (Retina, 13″, 2019)
  • Apple MacBook Air (Retina, 13″, 2018)
  • Apple MacBook Pro (13”, 2020, two Thunderbolt 3 ports)
  • Apple MacBook Pro (13”, 2020, four Thunderbolt 3 ports)
  • Apple MacBook Pro (16″, 2019)
  • Apple MacBook Pro (13″, 2019, two Thunderbolt 3 ports)
  • Apple MacBook Pro (15″, 2019)
  • Apple MacBook Pro (13″, 2019, four Thunderbolt 3 ports)
  • Apple MacBook Pro (15″, 2018)
  • Apple MacBook Pro (13″, 2018, four Thunderbolt 3 ports)

Counselor: Apple Configurator 2 - Revive a "dead" Intel Mac with a T2 chip

Accessing the Boot Security Utility: Here's how!

So, if you have one of the Macs listed above and want to set up startup security for that computer, then there are specific steps to get you there. Conveniently, this is followed directly by the step-by-step guide on how to enter the startup security utility:

  1. Turn on the Mac when the Apple logo appears, immediately hold down Command + R (⌘R).
  2. Now when the recovery mode (Recovery Mode) has started, you can let go of the buttons
  3. If a password prompt comes up, choose an administrator account and enter the associated password
  4. If the "macOS Utilities" window is active, you can select "Startup Security Utility" under "Utilities" in the menu bar and thus open it
  5. If authentication is required, select "Enter macOS Password" to select an admin account again and enter its password

Enable and Set Mac Firmware Password

In the window that opens, the options already mentioned are now available to you. Below that is enabling and setting one firmware password. This is queried when a system is to be started from a volume / storage medium that you have not set as the default. So if you start from the "Macintosh HD" by default, but someone wants e.g. B. with a boot stick via a USB connection to your computer, then this password will be requested. If you don't know it, you won't get access.

Secure Boot as a Mac boot option

The Boot Security Utility in macOS Recovery Mode also presents you with safe boot choices. You can choose from three options, which are also briefly explained again within the program. Here are a few longer explanations for a more comprehensive explanation:

  • Volle Sicherheit / Full Security: Security level known from iOS devices, at which the integrity of the operating system is checked during startup. If the system is unknown, outdated or insecure, the Mac loads the integrity data from the Apple server (if FileVault is activated, the password is requested). If the system does not pass the check, a software update can be loaded or a different start volume can be selected. If in doubt, the security level can also be lowered.
  • Medium security: When starting, the operating system is checked for the correct signature, i.e. the corresponding data from Apple (macOS) or Microsoft (Windows) is checked. However, in comparison to “full security”, there is no need for an internet connection. So you are not prevented from using outdated or insecure versions of the system. An update notice may still appear.
  • Without security / No Security: No security requirements are checked and enforced.

Set Allowed Boot Media

The last section in the Mac Startup Security Utility offers two more options. These are quickly explained: either you prohibit starting an operating system from removable storage (PCIe or SATA hard drive) or an external medium (USB stick, external hard drive, etc.) or you allow it. If you allow the system to boot from media that is not the default boot media, then it might be worth setting up a firmware password as a hurdle for others. It's practical that this can also be done in the settings shown here... Have fun trying it out! Please leave a comment with your experiences.

Source: Support document

My tips & tricks about technology & Apple

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.

Specials
Shopping
  •  
  •