Apple Efi Firmware Password Removal Usb Tool

Apple Efi Firmware Password Removal Usb Tool

MrMacintosh.com - How to remove the firmware password on 2011-2020 Macs + New way for 2018-2020 T2 Macs!
How to remove the firmware password on 2011-2020 Macs + New way for 2018-2020 T2 Macs!

Yous tin can now remove the firmware password (+ erase all information) on a T2 Mac without Apple Back up if you forgot it.

In this article, I will become over the history of the firmware password on Intel Mac computers. Later that, I will show you lot a new way how to remove the firmware password (and erase your information) on a T2 Mac from 2018-2020.
(Curl to department half-dozen).

NOTE: This information is just for 2006-2020 Intel Mac computers. Apple Silicon M1 Mac Devices exercise non have a firmware countersign.

I will also become over my recommendations on how yous tin protect your data at the end of this article.

I will answer the following questions.

  1. What does setting a firmware countersign on a Mac do?
  2. What are the differences in firmware passwords from the following years – 2006-2010, 2011-2017 & 2018-2020?
  3. How to you ready the firmware password in recovery.
  4. How to Enable & Disable Firmware Password in macOS.
  5. What can yous do if you forget the firmware password?
  6. How to remove the firmware password with Apple Back up.
  7. Removing the firmware password on a T2 Mac with Apple Configurator 2.
  8. How long was this new fashion possible? Does anyone at AppleCare know about this?
  9. What does this mean for education, small & large companies, domicile users, computer recyclers, and criminals?
  10. What does Apple remember about this?
  11. How tin I protect my Data on an Intel and M1 Mac?

1. What does setting a firmware password on a Mac exercise?

The firmware countersign was designed to protect your Mac. This mode protects against someone who wants to become your data. They tin can’t kick into target disk mode or recovery to access your files.

Long story short, if your Mac lands in the incorrect hands and yous practise NOT have the following items enabled below, all your data is at gamble!.

  1. Firmware Password
  2. FileVault 2 Encryption
  3. Activation Lock / Observe My Mac

A person could access your data via Target disk mode or macOS Recovery, even if they exercise not know your user password!

When you set a firmware countersign, users who don’t have the password can’t start upwardly from any disk other than the designated startup disk.

https://support.apple.com/en-united states/HT204455

The Apple article below details different startup modes.

https://support.apple.com/en-gb/HT201255

If you enable the firmware countersign, the post-obit startup items are disabled.

  1. Target Disk Mode
    – (T)
  2. Netboot
    (N) – (Remember Netboot?)
  3. Single User Fashion
    – (Command South)
  4. Verbose Style
    – (Command 5)
  5. Eject CD-ROM or DVD
    – (Eject Cardinal)
  6. Prophylactic Mode
    – (Shift Key)
  7. Reset PRAM
    – (Option-Command-P-R)
  8. Hardware Diagnostics
    – (D)
Read:  Galaxy S7 Edge G935t U Firmware Unlock

The following startup options will work, just you will be prompted for the firmware password.

  1. Recovery Mode
    – (Control R)
  2. Internet Recovery
    – (Command Option R
    or
    Command Pick Shift R)

If yous take the firmware password enabled and you lot hear someone say “I reset the PRAM” …. NOPE!!!

2. What are the differences in firmware passwords from the following years – (2006-2010), (2011-2017) & (2018-2020)?

  1. (2006-2010) – The firmware password could be removed by removing the battery, one stick of ram, and resetting the PRAM iii times.
  2. (2011-2017) Apple changed this when they soldered the memory to the logic board. The simply manner to remove the firmware password was to contact Apple.
  3. (2018-2020) Apple tree added the T2 security chip. The chip runs an operating organisation chosen BridgeOS.
    This OS software can now be re-installed or updated using a second Mac and Apple Configurator 2.
    You now demand to exist an admin user that has a SecureToken to access the Startup Security Utility bill of fare to prepare and remove the firmware password.

3. How do y’all set the firmware password?

The firmware password tin be ready in three different ways.

https://support.apple tree.com/en-united states of america/HT204455

  1. Enable from macOS Recovery.
  1. Start up from macOS Recovery.
  2. When the utilities window appears, click Utilities in the menu bar, so choose Startup Security Utility or Firmware Password Utility.
  3. Click Turn On Firmware Password.
  4. Enter a firmware password in the fields provided, so click Prepare Password.Think this countersign.
  5. Quit the utility, then choose Apple menu > Restart.

ii.
Apply the
firmwarepasswd
binary


sudo firmwarepasswd -setpasswd

3.
Turn on “Discover My” through iCloud, which enables the firmware countersign & Activation Lock.

4. How to Enable & Disable Firmware Password in macOS?

You can enable and disable the firmware password within macOS using last.app

  • 1.
    sudo firmwarepasswd -setpasswd
    = Set up a new countersign
  • 2.
    sudo firmwarepasswd -check
    = Check whether a password is set
  • three.
    sudo firmwarepasswd -verify
    = Verify your countersign
  • 4.
    sudo firmwarepasswd -delete
    = Disable the password

5. What can y’all do if yous forget the frmware countersign?

You will need to contact Apple. Apple will verify proof of ownership and too ask to verify your identity.

Read:  Samsung Galaxy Tab E 9.6 Wi-fi (Sm-t560nu) Firmware

Let’southward say a person sold you a Mac with a firmware password on craigslist. One-time later on y’all demand to enter macOS recovery, just to find the firmware lock. You are out of luck if you accept 2011-2017 Mac. You lot will not be able to observe the previous owner and you exercise non take proof of buying.

6. How to remove the firmware countersign with Apple tree Back up.

If y’all have proof of ownership, Apple tree tin can remove the firmware password and retain your data for Mac Devices from 2011-2020. They will walk you through a process (Shift-Control-Choice-Command-S) that will bear witness you a lawmaking that you lot can give the Apple tree support agent. The agent will use that lawmaking to send you lot a file so you can create a USB boot deejay that volition remove the firmware countersign.

You lot can take a wait at this not bad commodity for a super deep swoop into the firmware countersign setup. >
https://reverse.put.as/2016/06/25/apple tree-efi-firmware-passwords-and-the-scbo-myth/

7. Removing the firmware password on a T2 Mac with Apple Configurator 2.

Sad that y’all had to scroll this far to become to the point of this article. With all the talk near how the firmware password pick was removed from M1 Mac Devices, I wanted to explore a little history first.

If you demand to remove the Firmware password from a T2 Mac, all you demand to do is Restore BridgeOS with a 2d Mac and Apple tree Configurator two.

What does an Apple Configurator 2 “Restore” do on a T2 Mac?

  1. Erase the unabridged SSD (Macintosh HD & macOS Recovery)
  2. Articulate Saved NVRAM Settings i.e stored WIFI
  3. Reset any previous Secure Boot Settings back to default
  4. Reinstall BridgeOS with the latest version bachelor from Apple.
  5. Remove the Firmware Password, if it was previously prepare.

NOTE!!!! This only works with a “RESTORE FULL ERASE” non a “Revive”. A revive will retain your data and only reinstall BridgeOS. The selection will not remove your firmware countersign.

You tin can follow my instructions here >
https://mrmacintosh.com/how-to-restore-bridgeos-on-a-t2-mac-how-to-put-a-mac-into-dfu-manner/

This process is very close to the new M1 Apple Silicon Mac “Erase Mac Process” The difference is that macOS Recovery is still available after the process so you tin can easily reinstall macOS.

eight. How long was this new way possible? Does AppleCare even know well-nigh this?

I am always testing new ways to break and fix macOS. When I first confirmed that this new way worked, I was pretty surprised to say the to the lowest degree.

Read:  Vvirtualbox Not Recognizing Usb Device for Firmware Update

To discover out, I tested with Apple Configurator 2 version 2.7.1 from 2019.

Yup, worked

It is very possible that AC2 was removing the firmware countersign during the BridgeOS restore since the very showtime.

Afterward all this time, did AppleCare fifty-fifty know about this option? Apple tree’south own instructions only refer to the steps to contact CSS support to remove the countersign via firmware hash / USB drive.

9. What does this mean for education, small & large companies, home users, figurer recyclers, and criminals?

Let’s go over a few situations.

This new process does NOT disable or remove Activation Lock.

If y’all employ the firmware countersign to protect your data?
– Technically you are fine considering the AC2 Restore process will remove the firmware password & erase all of your data.

If y’all are a small business or didactics establishment that is
relying on the firmware password

but does not have Activation Lock enabled. – You are most likely trying to prevent students or employees from stealing the Mac and and so erasing your configuration and reinstalling macOS. The other trouble (unlike iOS) a person can bypass the Mobile device management screen. In this case, the Mac is long gone.

If you are a computer reseller or recycler.
This is Swell news for you. You can now wipe the firmware password and reinstall macOS.

10. What does Apple tree think almost this?

I reached out to Apple and asked them. The response was that this is expected.

Apple recommends enabling Activation Lock on Macs with the T2 security chip (2018-2020)

11. How can I protect my Information on an Intel and M1 Mac?

I agree with Apple tree’due south recommendation, enable Activation Lock.

Additionally, you should likewise enable FileVault 2.

Enabling FileVault on a T2 Mac with macOS Catalina or newer will prevent an unwanted user from accessing your data in recovery.

If you lot didn’t plough on a firmware password and did not enable FileVault Encryption, your data is WIDE open in macOS recovery. One interesting annotation, if FV2 is not enabled you will nevertheless exist prompted for a countersign in Target Disk Mode.

Apple Efi Firmware Password Removal Usb Tool

You May Also Like