Disabling the "Password Restart from Install Disc" option
Sorry, but the idea of my computer's security being laid bare by someone finding my install discs is not something I like. Is there a way of disabling this 'feature'?
Also, Apple, if you're listening: include an option in the Tiger installer to do this. Just tuck it under Configure Installation or something. I'm sure IT pros would like this.
Yes, I know, 'hide your disc', etc. But I just want to know that there's no way of getting into my computer without knowing my password.
Thanks.
Also, Apple, if you're listening: include an option in the Tiger installer to do this. Just tuck it under Configure Installation or something. I'm sure IT pros would like this.
Yes, I know, 'hide your disc', etc. But I just want to know that there's no way of getting into my computer without knowing my password.
Thanks.
Comments
Protect your Mac using an Open Firmware banner
_Tue, Jan 4 '05 at 08:37AM ? from: las_vegas
_
This article discusses a technique of installing personal contact information into your Mac in such a way that you have a good chance of getting it back in the even of theft. Password protection is a great feature of OS X and if used properly, will protect your files to some degree from intruders. It's well known how to override and change the password with an OS X boot CD. If you're smart, you're using Apple's Open Firmware (OF) Password protection on your notebook (or desktop for that mater!) to prevent access from any intruders. Now your files are safe. But what about your Mac?
If someone steals your Mac, if you have a password to keep them from using the computer and you've installed the OF Password, what they've acquired is little more that a very pretty doorstop! They can't even replace the hard drive since, without the OF Password, they're locked out of initializing it. And yet, with all this protection, there's no simple method for anyone to get it back to you, its rightful owner!
Open Firmware has a rarely used variable called oem-banner that, when activated, displays a single line of text at the top of the Open Firmware screen. This is where we're going to place our information. This can be done from a Terminal window or from within Open Firmware itself.
reg
Originally posted by Placebo
Sorry, but the idea of my computer's security being laid bare by someone finding my install discs is not something I like. Is there a way of disabling this 'feature'?
Also, Apple, if you're listening: include an option in the Tiger installer to do this. Just tuck it under Configure Installation or something. I'm sure IT pros would like this.
Yes, I know, 'hide your disc', etc. But I just want to know that there's no way of getting into my computer without knowing my password.
Thanks.
IIRC, you may password-protect your computer within Open Firmware. It is my understanding that File Vault is intended to thwart an attempts to steal your data by gaining physical access to your computer. FWIW, I don't trust File Vault.
You seem dangerously close to asking for perfect security. People who study these things can explain better than I the dangers of security that is "too good."
My recommendation is to follow common sense rules for maintaining your security. Leave the exotic stuff to the NSA.
Here's how:
1. Boot the machine into Open Firmware by holding down command-option-O-F during boot.
2. The system should come up to the Open Firmware command prompt.
3. At the prompt, enter the command
password
and enter and verify when prompted the (max 8-character) OF password.
4. Now you want to disable booting from anything except the hard drive. At the next prompt enter the command
setenv security-mode command
5. Now to continue booting into X, enter
reset-all
6. The machine should boot into the OS X Login Window.
7. Test the settings by restarting and holding down the "c" key with a bootable CD in the drive.
Edit: Let me just add that anyone with physical access to the machine can always compromise it, with any OS X CD. There is a way to clear the OF password, of course, and I won't reiterate it here.
If you need to remove the password protection, you will have to change the security setting again:
setenv security-mode none
and enter the password when requested.