An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
EFICHECK
#63880 05/14/23 04:14 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
Yesterday a window appeared saying eficheck dump which I don't understand. I duck ducked it and it suggested that an OS reinstall would fix it. There was something else about having a firmware password which I did. Booting into recovery mode a padlock appeared, something
I wasn't expecting but eventually realized that I had to enter my firmware password to proceed to reinstalling my OS. After that everything was back to normal.

Question, what are the pros and cons of having/not having a firmware password and do I need one?

jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: EFICHECK
jaybass #63882 05/15/23 06:14 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted by jaybass
Question, what are the pros and cons of having/not having a firmware password and do I need one?
I'm glad you asked the question, and I hope someone has a good answer, as I was wondering the same thing.

I always thought a firmware password provided a level of additional security if your machine was stolen because booting from an external drive it would allow the thief to access the data without an Administrator password. Now I'm not sure. I recently had to boot my iMac from an external drive but couldn't access my machine without entering an Administrator password.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: EFICHECK
ryck #63883 05/15/23 08:01 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
Hi Ryck,
Additional security, yes you would think so but from what I read, if you have file vault "on" that should be good enough. I could be wrong though.

I thought someone would have responded before now...hopefully someone will.

jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: EFICHECK
jaybass #63884 05/15/23 08:28 PM
Joined: Aug 2009
Likes: 14
Online

Joined: Aug 2009
Likes: 14
I'm sure that joemike will respond sooner or later with a far more "educational" contribution, but I'll contribute what I can.

A firmware password is more or less "ultimate security..." no one can access a Mac with a firmware password in any way shape or form other than by entering that password, so it's particularly useful if you Mac is vulnerable to theft or access by others.

A firmware password is so secure, that if you forget yours, you've got to bring your Mac to a genius bar together with your purchase receipt to gain access to it. (I.e., a stolen Mac with a firmware password is essentially a brick.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EFICHECK
artie505 #63885 05/15/23 09:37 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
From what I have read the firmware password is a usefull tool for computer lab admins and corporate IT departments for preventing user's from installing alternate OS versions, or booting from external disk drives. Apple documents how to set, reset firmware passwords here and is unique in that you can take your computer, the purchase receipt, and a legal photo ID to Apple and they can reset it using a back door. As I see it, the existence of a back door reset makes the security of a firmware password as possibly the weakest link in Apple's security chain. Fortunately there are much stronger protections further down the chain.

That said, if I were the administrator of a computer lab or head of a corporate IT department I would definitely set the firmware password on all my computers to reduce the opportunity or data loss or corruption. As a software design engineer in the same type of environment, I would probably reset the password to prevent some IT drone from messing with my carefully curated system. (NOTE: If you say I said or did that, I have no idea what, who, when, or where you are talking about. wink ) As an individual user on my own computer in a reasonably safe environment, I wouldn't mess with setting it, unless as in the situation described it becomes necessary.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: EFICHECK
joemikeb #63886 05/17/23 03:26 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
While we are on the general subject of security, the eclectic Light Company's FREEWARE app Silent Knight that on demand or automatically scans and reports the status of Apple's various security elements including the EFI status and if necessary will download and install the latest version. In my opinion, an equally important concomitant of Silent Knight is the very informative, 25 page, Silent Knight reference manual that is included in the download and contains clear explanations of each of Apple's platform security features.

I highly recommend it.

NOTE: I have no relationship, pecuniary or otherwise, with The Eclectic light company other than that of satisfied user and fan.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: EFICHECK
joemikeb #63889 05/19/23 07:25 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted by joemikeb
While we are on the general subject of security, the eclectic Light Company's FREEWARE app Silent Knight that on demand or automatically scans and reports the status of Apple's various security elements including the EFI status and if necessary will download and install the latest version.
I've taken a peek and this is definitely a very interesting piece of software. However, I'm a believer in "simpler is better" so my question would be: "If a user installed Silent Knight, what can they now do without?".Is there some 'security' software that can now be thrown away to avoid complications that may arise from duplicated efforts?

Last edited by ryck; 05/19/23 07:27 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: EFICHECK
ryck #63902 05/20/23 04:05 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
Originally Posted by ryck
Originally Posted by joemikeb
While we are on the general subject of security, the eclectic Light Company's FREEWARE app Silent Knight that on demand or automatically scans and reports the status of Apple's various security elements including the EFI status and if necessary will download and install the latest version.
I've taken a peek and this is definitely a very interesting piece of software. However, I'm a believer in "simpler is better" so my question would be: "If a user installed Silent Knight, what can they now do without?".Is there some 'security' software that can now be thrown away to avoid complications that may arise from duplicated efforts?

I don't think you would be able to throw away anything, other than a level of worry. wink

If you leave your Mac (desktop or laptop) powered on (sleeping is OK) all the time you will automatically receive Apple's latest security updates. In my case, the laptop is not always running, so I use Silent Knight to check to see if the laptop has the latest security updates; if not, Silent Knight can download them for you.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: EFICHECK
ryck #63903 05/20/23 04:22 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
EFICheck is useful in keeping you aware of the total System Integrity Platform status and offering configuration suggestions and help in setting. It doesn’t do anything that you could not do with half a dozen other apps and a dozen manuals, it merely consolidates everything into one app.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein

Moderated by  alternaut, dkmarsh, joemikeb 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.032s Queries: 32 (0.024s) Memory: 0.6147 MB (Peak: 0.7036 MB) Data Comp: Zlib Server Time: 2024-02-24 08:46:31 UTC
Valid HTML 5 and Valid CSS