Imagine a Late 2013 Retina MacBook Pro. It's got FileVault 2 enabled, it's been shut down (so the disk is encrypted) and the EFI Password is set, so they can't boot from another disk or reinstall macOS. I've also locked the Mac, but we'll imagine Find My Mac hasn't been able to phone home yet.
They can't Command-R or Option-Power their way past, and they can't access the copy of Catalina installed on the drive. My question is this: could they install a copy of macOS onto another compatible SSD and then replace my Mac's internal SSD with said other SSD, bypassing EFI Lock because it's classified as the internal drive? Or can Apple's EFI detect that the drive is different and refuse it, asking for a password?
As someone who carries my MacBook Pro Retina on me at all times, and plans on a somewhat pricey upgrade to a newer model sometime in the future, I'd like to ensure I can make this thing a glorious paperweight for any would-be thief.
Best Answer
No. The firmware lock prevents even this. Firmware doesn’t reside on the drive, it resides in a protected “memory” (not RAM) area that holds the boot, encryption, management, etc. software.
In fact, if you want to test it, set an EFI lock and remove the drive. Then try to boot. You’ll notice that the password is still there
You’re in luck because the new Mac computers with the T2 chip take security much further with Secure Boot and whole disk encryption. Once these features are enabled, would be thieves would end up with great looking paper weights.