Article Name: Open Firmware Password Protection Release Date: 2001 May 12 Platform: Open Firmware 4.1.7 (iMac and iBook), Open Firmware 4.1.8 (Power Mac G4, Power Mac G4 Cube, and PowerBook) Remote: No Local: Yes Author: CodeSamurai (codesamurai@mac.com) Reference: www.securemac.com/openfirmwarepasswordprotection.php ## DISCLAIMER & WARNING ## Enabling the Open Firmware password protection feature is done so at your own risk; the author of this article and/or SecureMac will NOT be held accountable or responsible for whatever you do. Changes to Open Firmware that have not been explicitly endorsed by Apple may damage your computer's logic board. Any repairs that are necessary because of this damage would not be covered under the terms of the Apple One-Year Limited Warranty, AppleCare Protection Plan, or other AppleCare agreement. Also, updating the Open Firmware with security enabled has been reported to cause permanent password corruption (and the security-mode setting before the update stays). So disable password protection security before applying any Open Firmware update. ## INFORMATION ## Apple's latest Open Firmware update introduces support for additional security options which allow the Open Firmware to be password protected. Similar to the typical PC BIOS password protection feature, this feature in Apple's implementation of Open Firmware allows you to password protect your computer's ability to boot. Furthermore, Apple went above and beyond the Open Firmware 1275 specification and added a progressive delay technique to discourage brute force hacking of the Open Firmware password. The delay itself increases in a pattern of 2^x seconds. If you don't quite understand what the "progressive delay technique" is, you can check it out on a machine with password protection enabled by pressing the return key several times at the password request prompt. Also note, zapping the PRAM (through Command + Option + P + R or even TechTool's "complete zap") will not disable or remove the password protection. The way this password protection feature works is that there's an Open Firmware command "password" which will request you to set your password, and then on confirmation of what you typed as you password, it sets that as the password. Then, you must tell it to enable the security and specify which setting level of security you wish. This is stored as the "security- mode" variable which can be set to one of three modes: "none", "command", or "full". The "none" mode effectively disables security. The "command" mode just restricts the commands that may be executed to "go" and "boot". Additionally, under the "command" mode, the "boot" command may not have any arguments--that is, it will only boot the device specified in the boot device variable; no other command may be entered or any settings changed unless the password is supplied. Moreover, this password protection feature also applies to booting up with the option key held down (which allows you to choose from available bootable volumes through a built-in graphical user interface). Finally, in "full" mode, the machine is completely prohibited from booting until the password is entered. ## PROCEDURES ## ++ ENABLING PASSWORD PROTECTION ++ 1) Boot into the Open Firmware. (Command + Option + O + F) 2) At the command prompt, type "password". You will be prompted to enter in the password you wish to use. Type your password, press the return key, retype your password again, and press return to verify that that the first password you typed is indeed the password you want. (Note: the password is stored in the "security-password" variable, but the contents of this variable is never shown via the "printenv" command.) 3) Type "setenv security-mode full" OR "setenv security-mode command" OR "setenv security-mode none", depending on which level of security you wish. 4) Then type "reset-all" to restart the computer. ++ DISABLING PASSWORD PROTECTION ++ 1) Boot into the Open Firmware. (Command + Option + O + F) 2) Type "setenv security-mode none" and press return. 3) Enter in the password at the password request prompt and press return. 4) Then type "reset-all" to restart the computer. ++ FORCE REMOVING PASSWORD PROTECTION ++ 1) Add or remove DIMMs to change the total amount of RAM in the computer. 2) Then, the PRAM must be reset 3 times. (Command + Option + P + R). ++ CHANGING SECURITY-MODE FROM WITHIN MAC OS X ++ 1) Login on a virtual terminal with an administrative user account. 2) Type in "sudo nvram security-mode="none"" OR "sudo nvram security-mode="command"" OR "sudo nvram security-mode="full"", depending on which level of security is desired. ## PASSWORD RETRIEVAL ## FWSucker - Software for use under the Classic Mac OS for the retrieval of an existing Open Firmware password: If you are already booted into the Mac OS, the Open Firmware password can be retrieved by using the application FWSucker created by mSec. Be cautious of this application, and if you are using any desktop security software, it is advised that this program be kept restricted by it. http://www.securemac.com/file-library/FWSucker.sit http://www.msec.net/software/FWSucker.sit ## RELATED LINKS ## Power Mac G4 Firmware 4.1.8 Update: http://download.info.apple.com/Apple_Support_Area/Apple_Software_Updates/ English-North_American/Macintosh/Power_Mac_G4/G4_FW_Update_4.1.8.smi.bin G4 Cube Firmware 4.1.8 Update: http://download.info.apple.com/Apple_Support_Area/Apple_Software_Updates/ English-North_American/Macintosh/G4_Cube/G4_Cube_FWUpdate_4.1.8.smi.bin iMac Firmware 4.1.7 Update: http://download.info.apple.com/Apple_Support_Area/Apple_Software_Updates/ English-North_American/Macintosh/iMac/iMac_FWUpdate_4.1.7.smi.bin iBook Firmware 4.1.7 Update: http://download.info.apple.com/Apple_Support_Area/Apple_Software_Updates/ English-North_American/Macintosh/iBook/iBook_FWUpdate_4.1.7.smi.bin PowerBook Firmware 4.1.8 Update: http://download.info.apple.com/Apple_Support_Area/Apple_Software_Updates/ English-North_American/Macintosh/PowerBook/PBook_FWUpdate_4.1.8.smi.bin Firmware Updates 4.1.7/4.1.8 May Disable Out-of-Spec Third-Party RAM: http://til.info.apple.com/techinfo.nsf/artnum/n60839 Apple Open Firmware Password Protection Notice: http://til.info.apple.com/techinfo.nsf/artnum/n106292 Apple Computer Open Firmware Home Page: http://bananajr6000.apple.com/ Apple Open Firmware Technotes: http://bananajr6000.apple.com/OF/technotes.html Firmworks: Open Firmware Information: http://www.firmworks.com/open_firmware/literature/ MSec: Open Firmware Password Bypass: http://www.msec.net/archives/of_pwd_bypass.html