EFI Modifications Leaves iMac Unbootable?

jerbare writes "In attempting to run Linux and Windows on the new iMac Core Duo, people experimenting with configuring the EFI Console/Boot loader have found they can no longer boot the machine at all. Dave Schroeder of appleintelfaq.com comments, 'We have already irreversibly lost a couple of iMacs trying to load various EFI modules'. Instructions for breaking the iMac's are presently located at the bottom of the comments."

Re:Ugly reality from the article (no joke)...

[Budenny]

"Otherwise, you potentially have the mother of all DRM traps in front of you."

Yes. This, if it turns out to be the way it looks at first glance, is truly evil. Very important to realise what you may be looking at. The first commercial example of a company which has totally taken away control of your hardware.

Lets hope it turns out not to be true. Because if it is true, its war.

Re:Except in this case the user : s/user/malware/

[Phroggy]

Instead of using sudo...

Make an Installer package (using /Developer/Applications/Utilities/PackageMaker) that requires root access (under the Configuration tab, select Root from the Authentication menu). Set it to require a restart after installation (select Required Restart from the Post-Install Action menu). It doesn't have to actually install anything, just go through the motions. Put the malware in a script called InstallationCheck, put it in the Resources folder, and make it executable.

Build your package, make a disk image from it (open Disk Copy, select File/New/Disk Image from Folder, select your package), set the internet-enable bit (open Terminal, type hdiutil internet-enable -yes /path/to/image.dmg), throw it on a web server and trick users into downloading it by telling them it's a pornographic screen saver or something.

Upon downloading the .dmg file, your package will automatically be opened. The user will be prompted to enter an Administrator password, and they will be told the installer needs to run a script to see whether the software can be installed. If they enter their password and click OK to the security prompt, the script will run with root privileges even if the user changes their mind and cancels the installation. If they proceed with the installation, they'll be asked to restart the computer.

Anyone who says Mac OS X isn't susceptible to malware doesn't know what they're talking about. Yes, this method requires the user to enter their password and confirm a security warning, but these are perfectly normal things to do when installing software, so most users are accustomed to it. As long as you make them think what they're installing is something they want to have, most users won't even blink.

To be honest, I'm surprised this hasn't been done on a wide scale already.

Btw, please don't do this, kthx.