Mac OS X, Open Firmware Passwords: ‘Power On Protection’

Because Max OS X facilitates the use of modifier keys that enable Mac users to boot up from alternative sources, or in FireWire Target Disk mode, it may be necessary as an additional line of defence against would be intruders, to implement an open firmware password.

In a scenario where an intruder gains physical access to your Mac and engages FireWire Target Disk mode, all security defenses attributed to Mac OS X is defeated and the user is given full access to your Mac’s hard drive. Similar to a typical PC BIOS password protection feature, this feature in Apple’s implementation of Open Firmware allows you to password protect your computer’s ability to boot. Even zapping the PRAM or even TechTool’s “complete zap”, will not disable or remove the password protection.

Previously, the only means to engage the Open Firmware password was to boot your Mac OS X in Open Firmware mode and type lines of code instructing its activation. However, recently Apple has released downloads for both Mac OS X 10.1 – 10.3.9 and Mac OS X 10.4, that uses an Open Firmware application to make enabling/disabling Open Firmware password protection an integrated feature of Mac OS X.

Mac OS X 10.1 to 10.3.9 — Download and Install the Open Firmware Password application from this page.

Mac OS X 10.4 or later — you must use the updated version that can be copied from the software installation disc; located at /Applications/Utilities/ on the disc.

20051111122951127_2

After all that is said and done, the best security precaution users can take is to restrict physical access to their Mac systems. This is the first tenant of good data security. Open Firmware password protection are for those moments where unauthorised startup of your Mac may occur and is especially cogent for roadwarriors and their Mac portables.