Cannot remove or change known firmware password 2011 MBP 8.3 17"

[gulah]

Hello,
After a few days of searching I haven't been able to find anyone else with this issue, maybe someone here can point me in the right direction.

I am the original owner of a 2011 17" macbook pro. Somewhere around the purchase time I set a firmware password that I still know. I also installed an aftermarket SSD and replaced the optical drive with the original spinny drive. Since then I progressed through the supported versions of MacOS (ending at high sierra), and eventually tried out Catalina with Dosdude1's hack. Recently I tried to abandon that and upgrade to Monterey using OpenCore Legacy. I was able to boot once after a couple of tries, but never again after I tried to run the OpenCore post-install patcher despite attempting to reinstall from scratch.

During diagnostics I tried to remove the firmware password- Monterey's recovery was incompatible with with my firmware so no luck there. I then downgraded to Lion (original OS for my laptop) to attempt to remove the password. When I go to startup security, it claims I have no firmware password set. If I set one, it has no effect after I restart (old password still required if booting with option held, or if I attempt to reset nvram I prompted for firmware password and kicked into recovery). If I boot into MacOS and run firmwarepassd from terminal, it also appears I have no firmware password set.

I've since tried everything from high sierra also with no progress. I've also upgraded the firmware of my SSD and ran a secure erase from a linux live CD. I've reset SMB. I've tried the ram swap NVRAM reset. My bootrom is 87.0.0.0.0, which I believe is the latest and not downgradeable. SMC version 1.70f6.

Any ideas? I have a ch341a bios programmer and I'm willing to tinker and risk bricking if it makes sense. I've seen some guides on chip replacement to bypass unkown firmware passwords, but only for similar models, not this exact one. I've read firmware password was moved to some amtel chip starting late 2011.

Many thanks.

 

[DeltaMac]

I though you said that you still know what the firmware password is...
That means, to me, that if you are asked for a password, the one that you try works.
But, now you want to clear that password, and you cannot find out what the password is really for.
If not firmware, how about an encrypted drive (file vault) and that is the spinning drive that is in your optical drive slot.
Is that possible.?

 

[gulah]

I though you said that you still know what the firmware password is...
That means, to me, that if you are asked for a password, the one that you try works.
But, now you want to clear that password, and you cannot find out what the password is really for.
If not firmware, how about an encrypted drive (file vault) and that is the spinning drive that is in your optical drive slot.
Is that possible.?

Sorry if I wasn't clear. Yes I know the password, and can enter it and choose a boot device if I boot while holding the option key. It is definitely a firmware password- It has the lock icon, it is requested at exactly the times when a firmware password is required, and I can press [SHIFT + CONTROL + OPTION + COMMAND + S] from the password prompt and get the long apple reset code.

It seems to me that wherever that password is stored has somehow become corrupted or damaged.

 

[DeltaMac]

What is the "long apple reset code"? Never heard of it before, and have not ever seen that keyboard combo used for anything.
Are you talking about an AppleID or iCloud login reset code?

(nevermind...)

Go into your Terminal for a different check for a firmware password...
enter

sudo firmwarepasswd -check

press enter. type your password when asked (will not show any keypresses when entering your admin password there), and press enter again.
What is the result? Should show you that the password is enabled, or not

 

[gulah]

What is the "long apple reset code"? Never heard of it before, and have not ever seen that keyboard combo used for anything.
Are you talking about an AppleID or iCloud login reset code?

(nevermind...)

Go into your Terminal for a different check for a firmware password...
enter

sudo firmwarepasswd -check

press enter. type your password when asked (will not show any keypresses when entering your admin password there), and press enter again.
What is the result? Should show you that the password is enabled, or not

Thanks for your continued assistance. The long reset code that you haven't heard of is not related to iCloud, AppleID, or anything other than a firmware password. It is described here and is part of the apple firmware unlock procedure https://www.cnet.com/tech/computing/efi-firmware-protection-locks-down-newer-macs/

"To reset the firmware password on newer Macs, you must now follow these steps:

1. Boot with Option key held to display the boot menu's firmware password prompt.
2. Press Control-Option-Command-Shift-S to reveal a 33-digit hash (mixed letters and numbers) that contains an identifier for your specific motherboard and the Atmel chip used for your system. In this hash, the first 17 digits are an identifier for the system's motherboard, and the last 16 digits are a hash for the password.
3. Submit the hash to Apple, where someone will put it through a special utility to create a keyfile that is specific for your machine.
4. Place the file on a special USB boot drive and hold Option to load the boot menu and select this drive.
5. The system will read the file and properly reset the firmware password stored in the Atmel chip."

I haven't tried involving apple with my 11 year old macbook, but have confirmed that I can access the 33-digit hash. I'm also not sure if the process would even work given that I know the password and am still having difficulty.

As I mentioned in the OP, firmwarepasswd cannot detect the password and I've tried from several MacOS versions "Password Enabled: No"

 

[gulah]

Furthermore, if I enter sudo firmwarepasswd -setpasswd xxxxxx it will take it and return "Password Enabled: Yes" when I run the -check command. If i then reboot with option pressed my OLD password will be required. After booting into MacOS sudo firmwarepasswd -check will once again return "Password Enabled: No" despite me doing nothing to disable it.

 

[DeltaMac]

Why would you even try the -setpasswd, when you want to disable it?

But with that in mind, what happens if you try

sudo firmwarepasswd -delete

That's supposed to remove the current firmware password and mode setting

If you don't make any progress - is there any difference if you try that delete from the terminal after booting to your recovery system? You would not be booted to your active system at that point, and perhaps there will be a better effect on changes to the firmware when you are not booted to the active system. (I don't know for sure.)

 

[gulah]

Why would you even try the -setpasswd, when you want to disable it?

But with that in mind, what happens if you try

sudo firmwarepasswd -delete

That's supposed to remove the current firmware password and mode setting

If you don't make any progress - is there any difference if you try that delete from the terminal after booting to your recovery system? You would not be booted to your active system at that point, and perhaps there will be a better effect on changes to the firmware when you are not booted to the active system. (I don't know for sure.)

I thought it would possibly be useful diagnostic data. The fact that firmwarepasswd doesn't see the password set, thinks it can set one, and it doesnt survive reboot seems to be relevant. I've observed similar behavior from the startup security utility within recovery.

-delete operation yields "No firmware password set" \ "ERROR | main | Exiting with error: 5"

The recovery terminal doesn't have access to the firmwarepasswd command afaict, but again the startup security utility shows no password set and if you set one it doesn't survive reboot.

Thanks again.

 

[DeltaMac]

Ah, well, OK. My pitiful attempts to help you are - well - pitiful...
other random thoughts.
I do remember that reset process to get that 33-character code. Never tried it out - but I think there is a step or two missing from that list. I'm pretty sure, that even with your 11-year old MBPRo - Apple will likely still require that the user show proof that they are the owner of Mac, and won't provide a response code to clear a firmware password without that proof.

But, after taking a bit of time to think back (and read what you already said ), I think that your logic board likely has some corrupted bits somewhere around the chipset. Might be worth looking for a firmware installer that will backgrade what you have -- something to try, but I've no idea if that kind of manipulation will make a difference. The likely fix is replacing the logic board, IMHO. I may not have your level of technical experience, but I've been around these things as a tech for a long time, so just my (maybe uninformed) take on your situation.
And, in the final analysis, you know what that password is, and you know when to use it. Other than being a bit of an annoyance, does it affect the use of your MBPro?

 

[jowaju]

Have you tried a High Sierra recovery? That would be my next step.

 

[gulah]

Ah, well, OK. My pitiful attempts to help you are - well - pitiful...
other random thoughts.
I do remember that reset process to get that 33-character code. Never tried it out - but I think there is a step or two missing from that list. I'm pretty sure, that even with your 11-year old MBPRo - Apple will likely still require that the user show proof that they are the owner of Mac, and won't provide a response code to clear a firmware password without that proof.

But, after taking a bit of time to think back (and read what you already said ), I think that your logic board likely has some corrupted bits somewhere around the chipset. Might be worth looking for a firmware installer that will backgrade what you have -- something to try, but I've no idea if that kind of manipulation will make a difference. The likely fix is replacing the logic board, IMHO. I may not have your level of technical experience, but I've been around these things as a tech for a long time, so just my (maybe uninformed) take on your situation.
And, in the final analysis, you know what that password is, and you know when to use it. Other than being a bit of an annoyance, does it affect the use of your MBPro?

I really appreciate your efforts, very kind of you! Indeed my research indicated they would strictly require proof of ownership- I don't know why i wouldnt be in their system as the original owner though. I have no idea if they would charge for this service or if it would be successful.

I agree downgrading the firmware is a possible solution, one I am hoping someone on here has experience with. My research indicates that there is no way to downgrade the bootrom via software and I'm on the latest version. Perhaps I got a bad upgrade somewhere along the way, maybe dosdude/opencore hacks messed with mine, I'm really not sure. I am willing to try to flash the chip directly with a programmer but im a novice and haven't found any documentation for my exact model.

If the Apple firmware reset procedure failed I have little doubt their next move (quite reasonably) would be a logic board replacement. I'm a tinkerer and dont mind bricking it and wasting some time learning in the process if there's a chance at repair.

It's not a huge deal presently. I have a slight suspicion that my attempt to upgrade to unsupported Monterey was thwarted by (or maybe caused?) this firmware issue. It is also possible that I've had this issue for a decade and never noticed it. The only other consideration is I could see myself selling or gifting the computer and would like to remove the password for the next owner. Thanks again.

 

[gulah]

Have you tried a High Sierra recovery? That would be my next step.

Yes, I have tried High Sierra and Lion recoveries, clean installs of both versions, recovery from USB, etc. The startup security utility never detects the existing firmware password, but the computer always requires the firmware password to select a different boot disk.

 

[laz232]

I had weirdness on a 2018 MBP FW password - seemed to be a interconnection to iCloud (which I don't use), and a FW password failure lockout counter.

Had to log into the machine with my admin account, change the admin account PW, then back to the FW utility to be able to enter it...

Don't remember the details, but I was very strange.
NB the FW utility does not seem to have warning to show that you've been locked out after n failed attempts.

 

[gulah]

I had weirdness on a 2018 MBP FW password - seemed to be a interconnection to iCloud (which I don't use), and a FW password failure lockout counter.

Had to log into the machine with my admin account, change the admin account PW, then back to the FW utility to be able to enter it...

Don't remember the details, but I was very strange.
NB the FW utility does not seem to have warning to show that you've been locked out after n failed attempts.

I have also experienced some similar wierdness with a T2 security chipped 2018 macbook air- ended up having send it to DFU mode and reset the firmware with another mac and Apple Configurator 2. Apparently that security chip has been owned by jailbreakers so all the hoops are security theater anyways

I appreciate the reply, but I don't think any of that is related to the problems of my geriatric MBP. I haven't had any significant failed password attempts and I don't think this mac ties its firmware to any admin/icloud/apple accounts like some of the new ones do. Thank you.