firmware-passwordmac
I would like to set a firmware password on my MacBook Pro, but I only run Linux on it. I know I could download a macOS installer and use that to set the firmware password without installing macOS, but it would be a lot easier simply to set the password from Linux.
Is it possible to set the Mac firmware password from Linux? If so, how?
In a word, no. If you are concerned with the contents of your machine being compromised should the machine be stolen a better bet may be to encrypt your drive with FileVault (assuming you are or intend to upgrade to using Lion). Even if the firmware passwords was irreversible, it would not stop someone simply taking your disk out and reading another way. The only benefit I can see is preventing a theif from being able to ever use the mcahine he just stole, but frankly this won't help stop your laptop from being stolen in the first place, although it probably would result in it getting binned if it was, rather than re-used and potentially identified at a later date via it's serial number etc.
If you mount the hidden "Recovery HD" partition in Terminal:
sudo diskutil mount Recovery\ HD
and then again mount the "BaseSystem.dmg" by double clicking it:
then you should be able to use the setregproptool, located inside "Firmware Password Utility.app":
To get to the folder containing setregproptool right-click (or Control click) "Firmware Password Utility.app", select "Show Package Contents" and navigate to Contents/Resources.
Alternatively to the description in this link:
Set a firmware password from the command line - (see post from "Sep 13, '11 05:04:00AM ")
you can copy the "Firmware Password Utility.app" to a more acceptable location (for example on your local drive) and then use it from there.
These are the options of setregproptool:
$ sudo Firmware\ Password\ Utility.app/Contents/Resources/setregproptool -h
Password:
setregproptool v 2.0 (9) Aug 24 2013
Copyright (C) 2001-2010 Apple Inc.
All Rights Reserved.
Usage: setregproptool [-c] [-d [-o <old password>]] [[-m <mode> -p <password>] -o <old password>]
-c Check whether password is enabled.
Sets return status of 0 if set, 1 otherwise.
-d Delete current password/mode.
Requires current password on some machines.
-p Set password.
Requires current password on some machines.
-m Set security mode.
Requires current password on some machines.
Mode can be either "full" or "command".
Full mode requires entry of the password on
every boot, command mode only requires entry
of the password if the boot picker is invoked
to select a different boot device.
When enabling the Firmware Password for the first
time, both the password and mode must be provided.
Once the firmware password has been enabled, providing
the mode or password alone will change that parameter
only.
-o Old password.
Only required on certain machines to disable
or change password or mode. Optional, if not
provided the tool will prompt for the password.
Best Answer
No, I'm not aware of any software for Linux that allows you to change the EFI firmware password on your Mac.
If you have a recent Mac that supports internet recovery you can reboot straight into internet recovery mode, even if the boot disk has been formatted or overwritten. Once you've booted into a recovery environment, you should be able to use the firmware password tool.
If you have an earlier Mac, then your best bet is to find another working Mac and create a bootable installer to get into recovery mode without needing to overwrite your Linux installation.