Prevent Insecure Booting Of Your Mac

maxphunk writes "So you can boot anyone's Mac using a CD or (for newer machines) mount the hard drive using target disk mode. Therefore, your machine isn't secure, right? Stock, yes; otherwise, no. Apple has a neato utility described here that eliminates this problem and more, using Open Firmware Password Protection. I have installed it on my iBook (late 2001) and I am definitely pleased with the results." It requires Mac OS X 10.1 or greater, and prevents things like starting up in single user mode, verbose mode, resetting PRAM, and more.

Forgot the OF Password?

[Paul+Burney]

Fear not! According to the securemac site and the macosxlabs site, just do the following:

Force Removing Password Protection

1) Add or remove DIMMs to change the total amount of RAM in the computer.

2) Then, the PRAM must be reset 3 times. (Command + Option + P + R).

I'm not sure if just removing the PRAM battery will also reset the PRAM or not in this case.

Is this secure? Well, it depends on your situation. If you are in a lab situation and you don't want the students booting off CDs, ZIPs, external hard drives, etc., for their hax0rish needs, then this works OK. It's easy to spot someone opening up a computer and swapping out ram, etc.

For your own machine? Probably more trouble than it's worth because it causes problems with firmware upgrades, etc. If someone has physical access to your machine, they can get the data off by using the above procedure or by the hard drive swapping someone else mentioned.

Bottom Line: If you have sensitive data on your machine, you should encrypt it even if you have OF password set. In general, if you let someone have physical access to a machine, assume they can get access to all the data on it.