Hack 16 Using Open Firmware Password Protection


Password-protect your Mac, blocking circumvention by booting from another device, booting into single-user mode, and more.

There are times when you want nary a finger but your own fiddling with your computer. No sister, no boss, no mother looking for porn, no husband reading chat logs. With the Open Firmware built into newer models of the Mac (iBooks, G4s, some iMacs, etc.), you have access to a strong, low-level way of password protecting your Mac from meddling interlopers and innocent wanderers.

Before we go any further, you'll have to check whether your computer has the necessary firmware. To do so, open the Apple System Profiler (under /Applications/Utilities/) and look under the System Overview section for the Boot ROM version (which also represents your Open Firmware version), as shown in Figure 2-3. On my dual 450MHz G4 running 10.2.2, you can see Boot ROM info with a value of 4.2.8f1. To be eligible for password protection, you'll need later than 4.1.7 or 4.1.8 (firmware upgrades are available at Apple's web site).

Figure 2-3. Apple System Profiler

Once we've met the version prerequisites, what exactly does this password protection prevent? Longtime users of the Mac OS may recall such pre-OS X hacks as holding down the Shift key or customizing your extensions with the spacebar, as well as the ability to boot from a CD. While extensions don't exist under OS X, Open Firmware blocks all other avenues that do, including booting up with the C, N, or T keys depressed, in single or verbose mode, or zapping the PRAM. It'll also require a password if you try to edit its settings or get into the Startup Manager.

As with most technology, there's more than one way to set the password, depending on your skills. Apple provides a utility that will do all the magic for you in a pretty GUI (see the link in the See Also section of this hack). Simply download the installer, run the single screen configuration, and reboot your machine to solidify your password protection.

But what if you wanted to do everything by accessing Open Firmware manually and having complete control over the process? No problem! First off, boot into Open Firmware by holding down the figs/command.gif, Option, O, and F keys during startup. You'll be dropped into a blank screen with a mere prompt for typing commands. Next, set the firmware password by typing password and entering your password twice (for verification). Once you've done that, set the security level with setenv security-mode <mode>, where <mode> can be one of three words: none (no security), command (restricts usable Open Firmware commands), or full (which does the same thing as Apple's downloadable utility). Finally, to reboot the computer with your changes saved, enter reset-all.

Disabling the password protection can be done with Apple's provided utility or by booting into Open Firmware (as before), typing setenv security-mode none, entering your password, and then rebooting the computer with reset-all.

16.1 Hacking the Hack

The inevitable has happened: you've forgotten the password you've set in Open Firmware. Luckily, there are a couple of alternatives: booting into OS 9 (and optionally zapping the PRAM) or removing some memory DIMMs. But if you're lucky enough to still be logged into the Finder (before a worrisome reboot), you can download an OS 9 utility called FW Sucker. With a simple double-click, it'll display the current firmware password, from which you can then disable the protection or change it to something more suitable (via the earlier instructions).

16.2 See Also

  • How to Set Up Open Firmware Password Protection (http://docs.info.apple.com/article.html?artnum=106482)

  • Open Firmware Password 1.02 Download (http://docs.info.apple.com/article.html?artnum=120095)

  • Open Firmware Password Protection (http://www.securemac.com/openfirmwarepasswordprotection.php)

  • FW Sucker 1.0 (http://www.msec.net/software/index.html#fwsucker)