|
Open Firmware Password
On Securing your Macintosh System
The best way to secure most any computer system is to put it in a locked room shielded from electromagnetic radiation, filter power going into the room and disconnect all lines of communication. That works just dandy for Three Letter Agencies of the government, but is not a practical solution for the rest of us who are trying to communicate with one-another out here in the Big Blue Room .
Preventing Booting from Alternate Media
One of many means utilized to secure your Macintosh is to restrict booting to the internal hard drive specified in the 'Startup Disk' Preference Pane (OS X) or Control Panel (OS 9). Normally, anyone can walk up to a Macintosh, connect a firewire disk, or insert a CD, reboot the machine from this added CD or firewire drive *Voila* the system is now under their control.
The purpose of the Open Firmware Password is to prevent a desktop user from circumventing system security by rebooting the system with an OS X install disk or a disk other than the one selected in the System Preferences Startup Disk pane. For the Xserve hardware platform additional functionality is provided by locking the case shut.
1. The open firmware password only works on machines made from about mid-2000 on. See KB articles for compatible older model machines
2. The open firmware password is reset by adding or removing memory, and rebooting
- A. For a desktop/tower power mac you *need* to lock the case to prevent it from being opened (and memory moved)
-
- B. On a TiBook or iBook, this is not as effective because the keyboard can not be secured in place.
-
3. Read the fine print in the KB articles.
Also see: Additional Security for Confidential / Private Files
Page last updated: October 2002, OS X 10.2.1 |
