Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to prevent someone from easily erasing an Apple Silicon Mac

T

Tony2012

macrumors newbie
Original poster
Sep 10, 2012
7
0
It used to be on Intel Macs that you could stop someone from starting up in Recovery mode by setting a firmware password.

On Apple Silicon Macs, the firmware password option is not there. So, anyone could go into Recovery mode and just erase Apple Silcon Macs if they wanted to.

Does anyone know of a way to stop that from happening? It seems short-sighted on Apple’s part to easily allow someone to erase a AS Mac and not provide any roadblocks to keep that from easily happening if someone wanted to be malicious and cause you to lose your data.
 
xraydoc

xraydoc

Contributor
Oct 9, 2005
11,030
5,491
192.168.1.1
Tony2012 said:
It used to be on Intel Macs that you could stop someone from starting up in Recovery mode by setting a firmware password.

On Apple Silicon Macs, the firmware password option is not there. So, anyone could go into Recovery mode and just erase Apple Silcon Macs if they wanted to.

Does anyone know of a way to stop that from happening? It seems short-sighted on Apple’s part to easily allow someone to erase a AS Mac and not provide any roadblocks to keep that from easily happening if someone wanted to be malicious and cause you to lose your data.
Click to expand...
Does it not ask for the password of the macOS volume before erasing (presuming File Vault is turned on)?
 
T

Tony2012

macrumors newbie
Original poster
Sep 10, 2012
7
0
No. You can boot into Recovery mode and go to Recovery Assistant and "Erase Mac..." and it will allow you to erase the Mac. FileVault is turned on.
 
I

ian87w

macrumors G3
Feb 22, 2020
8,704
12,638
Indonesia
I think Apple did that because of activation lock. So someone can erase the Mac,, but just like the iPhone, the Mac will be activation locked. So basically the same as iPhone. Anyone can restore an iPhone to factory, but there’s activation lock.

I can understand your point though. It would be great if there’s an extra layer of security to prevent such erasures in the first place.
 
M

mikes79

macrumors member
Feb 14, 2014
30
17
Apple removed the firmware password option for non enterprise managed based Macs, prob to lower tech support calls; that said you can enable similar functionality if the Macs or iOS devices are enrolled in a DEP based enterprise management tool; it is called a RecoveryOS password now, however it requires the use of a MDM tool, like JAMF pro or similar.
 
  • Like
Reactions: locovaca
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom