How to Unlock Firmware Password on 2012 Mac

You can now remove the firmware password (+ erase all data) on a T2 Mac without Apple Support if you forgot it.

In this article, I will go over the history of the firmware password on Intel Mac computers. After that, I will show you lot a new style how to remove the firmware password (and erase your data) on a T2 Mac from 2018-2020.
(Curl to section vi).

Notation: This information is only for 2006-2020 Intel Mac computers. Apple tree Silicon M1 Mac Devices practice non accept a firmware password.

I will also get over my recommendations on how you can protect your data at the end of this commodity.

I will reply the following questions.

1. What does setting a firmware countersign on a Mac exercise?
2. What are the differences in firmware passwords from the post-obit years – 2006-2010, 2011-2017 & 2018-2020?
3. How to you set the firmware password in recovery.
4. How to Enable & Disable Firmware Password in macOS.
5. What can you do if you forget the firmware password?
6. How to remove the firmware password with Apple tree Support.
7. Removing the firmware password on a T2 Mac with Apple Configurator 2.
8. How long was this new way possible? Does anyone at AppleCare know about this?
9. What does this mean for education, pocket-size & big companies, habitation users, estimator recyclers, and criminals?
10. What does Apple call back about this?
11. How can I protect my Data on an Intel and M1 Mac?

1. What does setting a firmware password on a Mac do?

The firmware password was designed to protect your Mac. This mode protects confronting someone who wants to become your data. They can’t boot into target deejay way or recovery to admission your files.

Long story brusk, if your Mac lands in the wrong hands and you exercise Non accept the following items enabled beneath, all your data is at risk!.

1. Firmware Password
2. FileVault 2 Encryption
3. Activation Lock / Find My Mac

A person could access your information via Target disk mode or macOS Recovery, fifty-fifty if they do non know your user password!

When you set a firmware password, users who don’t have the countersign tin can’t start up from any deejay other than the designated startup deejay.

https://support.apple tree.com/en-us/HT204455

The Apple article below details dissimilar startup modes.

https://support.apple.com/en-gb/HT201255

If you enable the firmware password, the following startup items are disabled.

1. Target Deejay Way
   – (T)
2. Netboot
   (N) – (Remember Netboot?)
3. Unmarried User Mode
   – (Control S)
4. Verbose Mode
   – (Command V)
5. Squirt CD-ROM or DVD
   – (Eject Key)
6. Safe Manner
   – (Shift Key)
7. Reset PRAM
   – (Option-Command-P-R)
8. Hardware Diagnostics
   – (D)

The following startup options volition work, but yous will exist prompted for the firmware password.

1. Recovery Mode
   – (Command R)
2. Internet Recovery
   – (Command Option R
   or
   Command Option Shift R)

If you have the firmware password enabled and you hear someone say “I reset the PRAM” …. NOPE!!!

ii. What are the differences in firmware passwords from the following years – (2006-2010), (2011-2017) & (2018-2020)?

1. (2006-2010) – The firmware countersign could be removed past removing the battery, one stick of ram, and resetting the PRAM iii times.
2. (2011-2017) Apple changed this when they soldered the memory to the logic board. The just manner to remove the firmware countersign was to contact Apple.
3. (2018-2020) Apple tree added the T2 security bit. The chip runs an operating system called BridgeOS.
   This Os software can now be re-installed or updated using a 2nd Mac and Apple Configurator 2.
   Yous now need to be an admin user that has a SecureToken to admission the Startup Security Utility menu to set and remove the firmware password.

3. How do you ready the firmware password?

The firmware password can be set in three different ways.

https://support.apple tree.com/en-us/HT204455

1. Enable from macOS Recovery.

1. Start upwardly from macOS Recovery.
2. When the utilities window appears, click Utilities in the menu bar, then choose Startup Security Utility or Firmware Password Utility.
3. Click Turn On Firmware Password.
4. Enter a firmware password in the fields provided, then click Fix Password.Call up this password.
5. Quit the utility, and then choose Apple menu > Restart.

2.
Utilise the
firmwarepasswd
binary
–
sudo firmwarepasswd -setpasswd

3.
Plough on “Observe My” through iCloud, which enables the firmware countersign & Activation Lock.

iv. How to Enable & Disable Firmware Password in macOS?

You can enable and disable the firmware password inside macOS using terminal.app

• 1.
  sudo firmwarepasswd -setpasswd
  = Prepare a new password
• 2.
  sudo firmwarepasswd -check
  = Bank check whether a password is ready
• 3.
  sudo firmwarepasswd -verify
  = Verify your password
• 4.
  sudo firmwarepasswd -delete
  = Disable the countersign

5. What can you exercise if you forget the frmware password?

Yous volition need to contact Apple. Apple will verify proof of ownership and also ask to verify your identity.

Let’s say a person sold yous a Mac with a firmware countersign on craigslist. Sometime later you need to enter macOS recovery, but to observe the firmware lock. Y’all are out of luck if yous have 2011-2017 Mac. You will non be able to observe the previous owner and y’all practise not take proof of buying.

6. How to remove the firmware countersign with Apple tree Support.

If y’all have proof of ownership, Apple tin remove the firmware password and retain your information for Mac Devices from 2011-2020. They will walk you through a process (Shift-Control-Pick-Command-South) that will show you a lawmaking that you tin give the Apple tree support agent. The agent volition apply that code to transport you lot a file so you tin can create a USB boot disk that will remove the firmware countersign.

You can take a look at this slap-up commodity for a super deep dive into the firmware password setup. >
https://opposite.put.as/2016/06/25/apple-efi-firmware-passwords-and-the-scbo-myth/

7. Removing the firmware password on a T2 Mac with Apple Configurator 2.

Sorry that you had to curl this far to get to the point of this commodity. With all the talk about how the firmware countersign option was removed from M1 Mac Devices, I wanted to explore a piddling history offset.

If you lot need to remove the Firmware password from a T2 Mac, all you need to do is Restore BridgeOS with a 2nd Mac and Apple Configurator 2.

What does an Apple tree Configurator 2 “Restore” do on a T2 Mac?

1. Erase the entire SSD (Macintosh HD & macOS Recovery)
2. Clear Saved NVRAM Settings i.eastward stored WIFI
3. Reset whatever previous Secure Boot Settings dorsum to default
4. Reinstall BridgeOS with the latest version bachelor from Apple tree.
5. Remove the Firmware Countersign, if information technology was previously ready.

NOTE!!!! This only works with a “RESTORE Total ERASE” not a “Revive”. A revive volition retain your data and but reinstall BridgeOS. The option will not remove your firmware password.

Yous can follow my instructions here >
https://mrmacintosh.com/how-to-restore-bridgeos-on-a-t2-mac-how-to-put-a-mac-into-dfu-mode/

This process is very close to the new M1 Apple tree Silicon Mac “Erase Mac Process” The difference is that macOS Recovery is however available after the process so you lot can easily reinstall macOS.

viii. How long was this new way possible? Does AppleCare even know most this?

I am always testing new ways to pause and fix macOS. When I offset confirmed that this new way worked, I was pretty surprised to say the to the lowest degree.

To discover out, I tested with Apple Configurator ii version 2.7.1 from 2019.

Yup, worked

It is very possible that AC2 was removing the firmware password during the BridgeOS restore since the very beginning.

After all this fourth dimension, did AppleCare even know about this selection? Apple tree’s ain instructions only refer to the steps to contact CSS support to remove the password via firmware hash / USB bulldoze.

9. What does this mean for teaching, small & large companies, home users, computer recyclers, and criminals?

Let’s go over a few situations.

This new process does NOT disable or remove Activation Lock.

If you utilize the firmware password to protect your data?
– Technically you lot are fine because the AC2 Restore process will remove the firmware password & erase all of your information.

If yous are a small business or education institution that is
relying on the firmware password

only does not have Activation Lock enabled. – You lot are almost likely trying to prevent students or employees from stealing the Mac and then erasing your configuration and reinstalling macOS. The other problem (unlike iOS) a person can bypass the Mobile device management screen. In this example, the Mac is long gone.

If y’all are a computer reseller or recycler.
This is Dandy news for you. You tin now wipe the firmware password and reinstall macOS.

ten. What does Apple recall near this?

I reached out to Apple and asked them. The response was that this is expected.

Apple recommends enabling Activation Lock on Macs with the T2 security chip (2018-2020)

xi. How can I protect my Data on an Intel and M1 Mac?

I agree with Apple tree’southward recommendation, enable Activation Lock.

Additionally, you should besides enable FileVault 2.

Enabling FileVault on a T2 Mac with macOS Catalina or newer volition prevent an unwanted user from accessing your information in recovery.

If you didn’t turn on a firmware password and did non enable FileVault Encryption, your data is Wide open up in macOS recovery. Ane interesting note, if FV2 is not enabled you will still be prompted for a countersign in Target Disk Mode.