Mac OS X 10.1 Security Feature - Apple Includes Open Firmware Password App

by , 8:00 AM EDT, October 8th, 2001

It's not part of a basic install, and Apple has not drawn any attention to it, but an application called Open Firmware Password that is similar to the classic Mac OS "Password Security" has been included on the Mac OS X 10.1 CD. On the CD you can find the application at:

Mac OS X Install CD:Applications:Utilities

When you first run Open Firmware Password, you are presented with a window that says "The Open Firmware password is used to prevent others from starting your computer with a different disk. This makes your computer more secure."

WARNING!!!!!

The Mac Observer urges caution in using this or any firmware password application. Misuse could result in an unbootable system or worse. Firmware operates at the lowest level of the Mac. The data does not reside on any hard drive, so a reformat would be useless in reversing any misfortune. In Apple's case, caution is especially warranted since the utility includes no documentation or help files.

To add or change the password, you must click on the lock symbol in the lower left of the window and enter an administrator's password (see image).

This takes you to a window where you can choose to have a password required for starting your Mac up from another disk, and either enter or change that password (see image).

An article from Apple's Knowledge Base notes that recent firmware updates for newer Macs have added "support for additional security options that allow the Open Firmware to be password-protected." The program's about box states, "Use this application to set the security mode and password for Open Firmware. Enabling this feature provides IEEE1275 compliant security for your system." (See Image)

Interestingly, the application cannot be fully copied from the CD. Even logging in as root copies only 88K of the 120K application. Examining the package's contents reveal that some components simply won't move off the CD, producing a non-functional application on the target volume. There may be a very good reason not to run this program from a local hard disk, but as of yet, Apple has not provided any information to its users regarding this powerful program's operation. To our knowledge, this is the first time that Apple has taken such measures to prevent an application from being copied from a CD.

You can get more information on IEEE 1275 by doing a search for 1275-1994 on the Institute of Electrical and Electronics Engineers' Web site.

In the weeks leading up to 10.1's release, Digital Specter released Startup Security (currently at version 1.2) for $19.95 on both OS 9 and X which makes use of the same firmware feature.

The Mac Observer Spin:

Did we mention that you should be extremely careful about using this kind of tool? Please do, be careful that is. There may well be a way for reversing an Open Firmware lock, but we don't know what it is. Turning your Mac into a useless, but beautiful, hunk of plastic in the name of security would be a terrible waste.

That said, this is a wonderful tool to add to the arsenals of many Mac users. Those that travel, those with sensitive materials, and those who are just plain paranoid can use Open Firmware Password to make sure that if their Mac falls into the wrong hands, it will at least be exceedingly difficult to do anything with it other than part it out.

It should also be noted that if someone has physical access to your computer, they can likely get at the data on it one way or another. At the very least, the hard drive could be removed and plopped into another computer. Security in the computer industry is an elusive target, especially when it comes to losing possession of your computer, but every little bit helps.