Disabling the "Password Restart from Install Disc" option

placeboplacebo
Posted:
in macOS edited January 2014
Sorry, but the idea of my computer's security being laid bare by someone finding my install discs is not something I like. Is there a way of disabling this 'feature'?



Also, Apple, if you're listening: include an option in the Tiger installer to do this. Just tuck it under Configure Installation or something. I'm sure IT pros would like this.



Yes, I know, 'hide your disc', etc. But I just want to know that there's no way of getting into my computer without knowing my password.





Thanks.

Comments

  • Reply 1 of 4
    regreg Posts: 832member
    Take a look at todays macoshints. http://www.macosxhints.com/



    Protect your Mac using an Open Firmware banner

    _Tue, Jan 4 '05 at 08:37AM ? from: las_vegas

    _

    This article discusses a technique of installing personal contact information into your Mac in such a way that you have a good chance of getting it back in the even of theft. Password protection is a great feature of OS X and if used properly, will protect your files to some degree from intruders. It's well known how to override and change the password with an OS X boot CD. If you're smart, you're using Apple's Open Firmware (OF) Password protection on your notebook (or desktop for that mater!) to prevent access from any intruders. Now your files are safe. But what about your Mac?



    If someone steals your Mac, if you have a password to keep them from using the computer and you've installed the OF Password, what they've acquired is little more that a very pretty doorstop! They can't even replace the hard drive since, without the OF Password, they're locked out of initializing it. And yet, with all this protection, there's no simple method for anyone to get it back to you, its rightful owner!



    Open Firmware has a rarely used variable called oem-banner that, when activated, displays a single line of text at the top of the Open Firmware screen. This is where we're going to place our information. This can be done from a Terminal window or from within Open Firmware itself.



    reg
  • Reply 2 of 4
    mr. memr. me Posts: 3,221member
    Quote:

    Originally posted by Placebo

    Sorry, but the idea of my computer's security being laid bare by someone finding my install discs is not something I like. Is there a way of disabling this 'feature'?



    Also, Apple, if you're listening: include an option in the Tiger installer to do this. Just tuck it under Configure Installation or something. I'm sure IT pros would like this.



    Yes, I know, 'hide your disc', etc. But I just want to know that there's no way of getting into my computer without knowing my password.





    Thanks.



    IIRC, you may password-protect your computer within Open Firmware. It is my understanding that File Vault is intended to thwart an attempts to steal your data by gaining physical access to your computer. FWIW, I don't trust File Vault.



    You seem dangerously close to asking for perfect security. People who study these things can explain better than I the dangers of security that is "too good."



    My recommendation is to follow common sense rules for maintaining your security. Leave the exotic stuff to the NSA.
  • Reply 3 of 4
    lundylundy Posts: 4,466member
    You want to disable booting from a CD unless the Open Firmware password is provided, right?



    Here's how:



    1. Boot the machine into Open Firmware by holding down command-option-O-F during boot.



    2. The system should come up to the Open Firmware command prompt.



    3. At the prompt, enter the command



    password



    and enter and verify when prompted the (max 8-character) OF password.



    4. Now you want to disable booting from anything except the hard drive. At the next prompt enter the command



    setenv security-mode command



    5. Now to continue booting into X, enter



    reset-all



    6. The machine should boot into the OS X Login Window.



    7. Test the settings by restarting and holding down the "c" key with a bootable CD in the drive.



    Edit: Let me just add that anyone with physical access to the machine can always compromise it, with any OS X CD. There is a way to clear the OF password, of course, and I won't reiterate it here.



    If you need to remove the password protection, you will have to change the security setting again:



    setenv security-mode none



    and enter the password when requested.
  • Reply 4 of 4
    macflymacfly Posts: 256member
    unfortunately someone can still bypass even the open firmware password bit if they have physical access to the computer. if the ram amount is changed they will be able to reboot. at least i think that is what i read in a book on apple security. anyone know about this?
Sign In or Register to comment.