08 May 2007

What you need to know about the Apple firmware password

The Apple firmware password can be a very important tool to make your Mac more secure: it basically prevents anyone who does not know the password to reformat your hard disk. For Undercover users, this is particularly useful, since a reformat is the only way to disable Undercover. In spite of its usefulness, the firmware password utility is one of the most poorly understood Apple tools.

Before explaining how to enable the firmware password on your Mac, we first squash some common misconceptions.

Misconception 1: The firmware password does not work on Intel Macs.
This is absolutely untrue: Intel Macs use EFI (Extensible Firmware) and Apple has adapted the firmware password utility to work with EFI. For the end user, this is completely transparent: although the underlying technology is totally different on PPC (Open Firmware) and Intel Macs (Extensible Firmware), the firmware password utility looks and works the same way on every Mac.

Misconception 2: If I enable the firmware password, I will need to enter a password every time I boot my Mac.
Only when booting from *another* disk than your default startup disk, the firmware password needs to be entered. This is what makes the firmware password very convenient: since most of us boot from our default startup disk 99% of the time, one will rarely need to enter a password. At the same time, this prevents thieves from reformatting the HD, because the current startup disk cannot be formatted while in use and booting from another drive without entering the password is impossible.

Misconception 3: If I enable the firmware password, a thief cannot boot my Mac, making Undercover useless.
When enabling the password, a thief can still boot your Mac. The only restriction is that he can only boot your Mac from the default startup disk. As a result, a thief can still work and play with your Mac and Undercover can do its work.
In addition, we recommend to create a dummy user account that has no admin privileges and requires no password. That way, a thief can still login and connect to the net, while your personal files are hidden behind a password protected (admin) account.

Misconception 4: With the firmware password enabled, I will not be able to troubleshoot my Mac in case of a problem.
Since you know the password, you will still be able to boot your Mac from any drive you want, including CDs, DVDs, ... and troubleshoot or reformat your drive. You just need to enter the firmware password when prompted.

Enabling the firmware password on your Mac
  • Locate the Mac OS X install CD/DVD that came with your Mac.

  • In the Finder, locate the /Applications/Utilities folder on that disk.

  • Double click the Firmware Password Utility application inside this folder.

  • Click the icon to authenticate. Enter an administrator username and password when prompted.

  • Click Change.

  • Click to select the checkbox for "Require password to change Open Firmware settings".

  • Type your password in the Password and Verify fields and click OK. A confirmation appears.

  • Click the lock icon to prevent further changes.

  • Quit from the Open Firmware Password application.

  • Eject the Mac OS X install disk.

NOTE: It is important NOT to use a disk that came with another Mac model. Also, do NOT download the firmware password utility application from the Net! Use the disk that came with your Mac.

More information regarding the Apple firmware password is available on the Apple website at http://docs.info.apple.com/article.html?artnum=106482.


Anonymous said...

Perhaps there is a way around this issue: My experience has been that when enabled, the open firmware password will not allow you to boot the computer into target disk mode (for use as a slave device on another mac), even if you enter in the correct password. Perhaps I am just nuts and have missed something obvious, but is this indeed true? It does somewhat complicate troubleshooting my mac if the OS is damaged, since I need to be able to launch the application to remove the password in the first place (chicken and egg). Ideas? Thx!

Anonymous said...

The info you need seems to be available at the link Peter provided at the end of his post, on the Apple website.

Thanks Peter for a good post, I didn't know about the Firmware password but will now look into it.


Frank said...


I'm sorry but your answer to Misconception 4 only applies to PPC Macs. Those of us with Intel Macs do not currently have a way to bypass the firmware password without being able to boot our computers from the normal startup drive. Therefore, there is no option for troubleshooting.


Unknown said...

On my iMac 2.16GHz 20" there is *no* applications/utilities folder on the installation disk... Therefore I am not able to set the firmware password. Anyone knows a workaround?


Anonymous said...

I want to update that Peter helped me with troubleshooting an intel-based Mac with the Firmware Password set.

It turns out that all you have to do is hold down the option (alt) key during startup and once you enter your firmware password you will be able to select a disk.

Kris, Mike & Cohen said...

Does the firmware password also prevent you from booting into Windows via Boot Camp?

Jeremy said...

Has anyone found a way to enable the password in Leopard? I am unable to locate the /Applications/Utilities on the Install DVD.

dlanorpi said...

Use commandline to access it. The folder Applications and others are hidden in Finder.

Anonymous said...

With the Firmware Password set on my MacBook Pro, By holding down the option key, I've been given a choice of booting from my original Install Disk or the sytem installed on the MPro. However, when I try the same steps with Tech Tools Deluxe which has an operating system on the disk, the TTD disk is not shown as a choice option to boot from. Is there a way for me to boot from the TTD disk? Will I need to reset the Firmware Password to its default setting so that I can just hold the C key down when I boot from the TTD disk ? If so, what are the steps for getting the Firmware Password back to its unset mode? txs. Kent

Anonymous said...

Yeah dlanorpi is right it is there on the Leopard DVD... but hidden and unaccessible from the GUI... what a pain it a$$.

For people rusty at the CLI like me enter the DVD into the drive and then from the CLI:

cd /Volumes/Mac*/Applications/Utilities

then once there

open Firmware*

Good luck! And thanks for bringing this great security app to Leopard for no extra cost.. We'll continue to promote you. Thanks again.

Ben said...

For those using Leopard and nervous about using the command line, it may be easier to boot to the install disk (by restarting, holding the Option key at the startup tone and then selecting the install disk) and then running the Firmware Password Utility from the drop-down menu.

Unknown said...

You can also use a wonderful program called TinkerTool to make the finder show hidden files and then change it back after you are done! TinkerTool has tons of other great features as well.

Anonymous said...

Another way of doing it is to open the cd and in the Go menu choose Go to Folder and type in Applications

Anonymous said...

Or you could go to an instance of Finder,
Press Command + Shift + G (Go To Folder) and type:

/Volumes/Mac OS X Upgrade DVD/Applications/Utilities

Anonymous said...

Would booting up in firewire disk mode, then installing the os from another computer bypass undercover & firmware password?

Anonymous said...

I have upgraded my Mac with OSX Leopard. I have the original DVD with OSX Tiger (10.4.10) - Can I use this one from the DVD or should I be abel to find this on the Upgrade DVD from Leopard?

Anonymous said...

I did the same thing, and I found the password utility on the upgrade DVD in Applications/Utilities using a terminal window. This directory is hidden, but you can get there quite easily from the command line.

SouthsideTim said...

Is it safe to copy the Firmware Password Utility from the install DVD to the HDD in my MBP and use it from there (in Leopard)?

Peter Schols said...

Hi Tim,

Yes, that will definitely work.

VisibleStudioNewYork said...

Just bought the Undercover. Nice piece of software.
( Intel PowerBook Pro / OS 10.4.11)

After going through both Peter's article and Orbicule procedure on Open Firmware Pass, let me see if I got this right:

1. If you enter your OF password in the Startup Manager, ( holding alt at startup )
you can still use the "C" key to start up from an optical disc.
( Misconception #4 ) Right?

How about the rest of the list?
use the "N" key
use the "T" key to start up in Target Disk Mode
start up a system in Single-user
reset Parameter RAM (PRAM)
start up in Verbose mode
start up in Safe Boot ?

Does it still apply that all of the above are disabled UNLESS
you know your OF pass ?

2. I don't have a Open Firmware Password application in Apps > Utilities.There is a MacBook Pro EFI Firmware Update which tells me I am updated to the latest version ( 1.4 ). but there is no OFP application anywhere on this machine.
Could I copy it from the Mac X install DVD ?

3. If I use the Mac X install disk for setting up the OF password,
could I go back and disable the OF password by just un-checking
"Require password to change Open Firmware settings",
following the same path?

4. How about if I use a COPY of the Mac X install, would that make any difference as long I use it consistently for OF settings?

Many anticipated thanks,


Mike said...

Here's a good overview of the firmware password:

This may be different on a PPC mac, I sold my last PPC in December.

1) The only alternate to booting to login with firmware password enabled is holding down option. If you know the firmware password, this will send you to the startup manager, from which you can boot to another disk / cd / netboot. In order to access target disk / single user / etc, you must disable the firmware password. You can get to single user mode by shutting down into it, as documented here:

2) The easiest way of enabling the OF password is (as documented earlier in this thread) through the utilities drop-down on OS X install CD. Your Macbook is OF password ready already.

3) yes

4) It would only make a difference if the copy has been tampered with.

(many anticipated welcomes, well at least 4)

Anonymous said...

If the firmware password is enabled will the theft be able to change the harddisk?

Anonymous said...

If you have a Leopard (Mac OS X 10.5) disc, included in your box of your new Mac, you would have to use this guidelines to change the firmware password:

- Insert the Mac OS X disc

- Go to any Finder window -->
Press Command + Shift + G (Go To Folder) and type:

- /Volumes/Mac OS X Install Disc 1/Applications/Utilities/

This worked for me, as my disc is a included disc and not a upgrade as other has used..

Good luck, and thanks Peter for your hint!

Anonymous said...

I just have the OSX 10.5 upgrade DVD, as my macbook was slightly older. How would I set up a firmware password? There doesn't seem to be an Applications directory on my DVD.

Anonymous said...

Peter... have just purchased Undercover and like it. Have set firmware password on my iMac G5 and find that no firmware password is required to change to a different boot partition on the same disk.

As I understand it, a savvy thief could copy a working system (without Undercover) onto an alternative partition and then boot from it thus circumventing Undercover.

Any comments? Tony

Frederic said...

I am wondering how to set firmware password from a macbook air. I guess there would be an option using remote disc, but as it is, i don't have a desktop, nor an external disc drive.

Any suggestions? Frederic

Peter Schols said...

Hi Frederic,

If you drop me an email, I'll send you the firmware password utility by email. It should work on the MBA.

Undercover developer

Anonymous said...


I'm thinking about buying Undercover after my last Macbook Pro got stolen. My Mac geek friends know my story and we are all considering it after what has happened to me.

I'm seeing only one important flaw in the protection Undercover gives, and it's actually Apple's fault. It is the fact that it's widely documented how to override the Open Firmware password protection so the thief/hacker is able to just wipe clean the machine with a Mac OS X install DVD right after it has been stolen. It only takes a screwdriver and removing one memory DIMM.

Do you have any plans to talk with Apple about such a huge flaw? Because if this is not solved, solutions like Undercover are counting on the thief being somewhat a newbie in computers or unable to use Google to overcome the security.

I think it's OK to try to fool the thief to get the laptop back, but the right physical countermeasures have to be in place to give the crook no other option but return the stolen computer.

How EFI works is not documented at all by Apple, so maybe putting pressure from security companies like yours in Apple side will help to solve this kind of flaws and to improve even more the chance of getting the computer back.


Tom Howe said...

Many people say they can't find the Applications/Utilities folder on the disk on Leopard. My solution was to insert the disk, start the installation and once it had booted from CD, access the firmware password option from the "Utilities" menu that appeared at the top.

Anonymous said...

In case anyone else comes across this problem:

I set the firmware password but was still getting prompted for it when booting up even though I was booting from the internal (and only) disk.

I had the disk replaced a few months ago to increase capacity. However, even though it was the only disk in the Mac, the new disk wasn't selected as the startup disk.

The Startup Disk Preference under System Preferences on OSX showed the internal disk and Network Startup as the only two options and neither were selected.

So, I just had to select the internal disk so that it was highlighted. Then I could boot up as normal without being prompted for the firmware password (as expected from Misconception 2).

Anonymous said...

Reply to Javier:

What you are referring to is Open Firmware (PPC architecture). Intel Macs have EFI, or Extensible Firmware, which does not come under the workaround you are talking about.

Unless I am wrong, which has happened before!

Vancouver Dude said...

Question 1.

Yesterday I finally got around to installing the Open Firmware Password from the startup disk as specified in your email. I had a huge shock today when I tried to plug in my LaCie external HD and it could not be read. I had just transfered my data from one lacie to another after reformatting them. Anyway, for while I thought I had lost all my data and my heart is still racing. But I got the start up disk, removed that Open Firmware Password option and restarted the computer. Now it can read the disks.

What am I doing wrong? I did not try to boot the computer from the ext HD. I would like to have that extra proetection AND be able to use external hard drives. Please help.

Question 2.

On that topic. I am affraid that my computer is not very safe. A thief would not even need to use another HD, cause I have no password right now on my admin account. Why not you ask? Because my girlfriend and I share the computer. I have created an account for her and we switch accounts several times per day. I don't want to have to enter a password every time we switch. It would be nice, ideally, if no password were required to switch accounts once we are logged on, but that a password be required to log on when it is turned on, to install software or to erase the int. HD.

Does that option exist on Tiger, if not could you suggest it to Apple?

Ian Lind said...

Just wondering about activating the firmware password on a MacBook Pro that has been upgraded to Leopard.

Do I use the Leopard install disk, although it is not specific to this computer?

Peter Schols said...


Yes, you should use the firmware password utility that comes on your Leopard disk, even if it's not the original disk that came with your Mac.

It's important to know that the firmware password is still on the Leopard DVD, and it's still in /Applications/Utilities, but this folder is now hidden.

In order to view it in the Finder:
- Press Command + Shift + G (Go To Folder)
- Enter /Volumes/Mac OS X Upgrade DVD/Applications/Utilities in the dialog box
(where Mac OS X Upgrade DVD is the name of your Leopard DVD: this name might be different)
- Launch the application and set the password


Anonymous said...

what if my laptop gets stolen and the thief just orders a new hard drive and just sells my hard drive on ebay?

RS Navin said...

Just wondering, if i need to boot in target mode or reset the PRAM, all i do is enter OS X, pop in the Leopard DVD and open the Firmware Password Utility and uncheck the option right?

BTW, when do we need to use target mode?

laura virginia ulloa quiroga said...

I am in China and my Mac OS X DVD (Leopard) is in Austria, is there an other way to enable the firmware password on my mac?

Peter Schols said...

Hi Laura,

Send us an email (support at orbicule dot com) and we will send you the Apple firmware password.

Unknown said...

For 10.5 Leopard, you need to start from the CD, click the Utilities menu, click the Open Firmware password in that menu, enter a password. Click the lock icon. Amazing!

Anonymous said...

How do I know that Undercover is installed and running correctly on my system? Can I look in Activity Monitor for a process name? It's great that it is hidden from thieves but I would like some way of knowing that it is working?

Peter Schols said...

Yes, you can indeed check that in AM. Please contact us at support at orbicule dot com for more information.

Anonymous said...

I am wondering: can't the thief boot the Mac in target mode and reformat the drive remotely from another Mac? Or is this also prevented by the Firmware password?

Peter Schols said...

That's indeed impossible if you don't know the FWP.

Anonymous said...

As a follow-up question to the Anon on July 6th, where does Undercover "live" - is it hidden in the applications or utilities folder? Could a thief easily find the process in activity monitor? I'm sure that any thief capable of using google just has to search for things like "thief protection mac" and this will come up, so that they can start making counter-measures and find out if Undercover is there at all.

tom said...

How do I install the FWP if I'm running 10.6??
I can't find it on the Install DVD??

tom said...

okay okay - I've found it myself . . .
it's also in
/Volumes/Mac OS X Install DVD/Applications/Utilities/
on the Install DVD

(choose goto folder from view)

David W. said...

Almost all laptop thefts are sudden opportunities and not the work of a very tech savvy individuals. They got a nice laptop and will want to fire it up or sell it as quickly as possible.

For a thief to get around Undercover, they first of all must realize that your laptop actually has Undercover running on it. Since this isn't obvious, most thieves will blindly boot up their newly acquired booty and surf for porn or play a game.

Only about 1% of the thieves might be alert that your Macbook might contain some sort of program like Undercover, and that connecting to the Internet might be dangerous. In this case, most of the thieves will simply pawn off your Mac to someone else and let them be the ones who boot it up and get discovered.

It would be a very rare thief who'd even notice the firmware lock, and even rarer one who knows how to open the Mac in order to get around it.

Not to get something like Undercover because you fear that if your Mac is stolen, that somehow it may be stolen by that 1 theif out of the thousands who has some technical understanding what they have acquired strikes me as being foolish. It would be like not getting insurance for your house because none of the policies cover meteor damage.

Anonymous said...

If you are out traveling, it may be a good idea to store your Undercover ID as a document in your Dropbox account. In that case you may find the ID by logging into Dropbox from another computer when your laptop is stolen.....

Anonymous said...

If you are having problems finding the firmware password utility on your install disk, download this great free file manager. It shows all the hidden files.


Pl-Svn said...

... ok: installed Undercover and set a FP on this MacBook Air, but...

1) I do not fully understand how Firmware Passwor Utility works: the one supplied with my MBA does not behave as reported here. eg: no lock icons nor confirmation.
Also... what if I want to change my password? Just launch the utility and set a new one?

2) I'm a little scared, as Apple says "in case you forget your password and you are on a MacBook Air... just bring it to an Apple Service"!!! =:-/

3) Haven't gone through the whole process but... if I insert my Install DVD and start installing... my computer will boot just fine from it :-(

Pl-Svn said...

... ok... then it will ask my password before doing anything :-) :-) :-)

I think Undercover is great on this machine with no optical drive and just a "quite expensive" internal ssd :-)
(hope I'll never need it anyway ;-)

Peter Schols said...


There is no need to run the Mac OS X installer. Simply insert the Mac OS X DVD and follow these instructions:

- In the Finder, select Go - Go To Folder
- Enter /Volumes/Mac OS X Upgrade DVD/Applications/Utilities in the dialog box (where Mac OS X Upgrade DVD is the name of your Leopard DVD: this name might be different)
- Launch the application and set the password

Note that you will only be asked for the password in case you boot from another disk than your default startup disk. During normal use, you'll never be prompted for the FWP.

It's very important that you keep track of the FWP. If you lose it, you'll have to take your Mac to an authorized reseller indeed.

It's also worth noting that Undercover does not require a firmware password. It's recommended, and it's definitely more secure, but we recovered many Macs that did not have the FWP enabled. Especially on a MacBook Air, where there is no immediate access to an optical drive, omitting the firmware password is less of an issue.

Peter Schols
Undercover developer

Unknown said...

There is no application or utilities folder on the Mac OS X install DVD that came with my Mac.
Therefor I'm unable to set my password.

Peter Schols said...

Hi Wendy,

It's important to know that the firmware password is still on the (Snow) Leopard DVD, and it's still in /Applications/Utilities, but this folder is now hidden.

In order to view it in the Finder:
- Press Command + Shift + G (Go To Folder)
- Enter /Volumes/Mac OS X Upgrade DVD/Applications/Utilities in the dialog box
(where Mac OS X Upgrade DVD is the name of your Leopard DVD: this name might be different)
- Launch the application and set the password


Anonymous said...

Apologies if this has already been covered (I did a search on the page first!). How do I boot in safe mode now that I have set up my firmware password?

Peter Schols said...

You can still boot in single user mode with the firmware password enabled: http://www.macosxhints.com/article.php?story=20020725085134490


Sairam Kunala said...

I think I am reiterating over some question which has been un-answered.

At 11 March, 2008 20:41, Anonymous said...

If the firmware password is enabled will the theft be able to change the harddisk?

Peter Schols said...

If the firmware password is enabled, changing the HD will not work.

Best wishes,


Grahamd said...

I have just bought Undercover for my family. My main aim is to protect our data if our computers are stolen. Retrieving the computers is secondary though important. We already have enabled the feature where one has to enter the password after the Mac goes to sleep.

As I read this thread I am beginning to wonder how Undercover will manage to find a Mac which has firmware password enabled and a password is required to wake from sleep - and at login.

Forgive my ignorance of how Undercover works. Perhaps it can work if the Mac is simply connected to the web? Anyway I would welcome your comments and explanation. Thanks.

Peter Schols said...


We would recommend to create a dummy Mac OS X account that has no password and no admin privileges. That way, the thief can use the Mac, triggering Undercover. Since the dummy account is completely separate from your admin account, the thief cannot access your data.

Anonymous said...

Just wanted to say that i found my folder by:

- Pressing : CMD - Shift - G
- Going to : /Volumes/Mac OS X install DVD/Applications/Utilities


Anonymous said...

may i ask one question. i have one mac book 2007 mid version . old harddisk is crashed and lost original DVD. I buy new HD and use with 10.6 snow leopard DVD of my friend macbook new version. this DVD is not the original one of my mac book. this password reset utility of 10.6 DVD can be used in my old mac book one?
what the problem that i am facing if i used this DVD.

Peter Schols said...

No problem at all, you may use the password on another DVD that did not come with your Mac.


Anonymous said...

I love your site, but honestly tell you that you need more for him to monitor those who commented with your records

Anonymous said...

How do I change or set an firmware password on a new MacBook Air 11,6", which is delivered with an USB-Recovery Stick?

Best Regards

Peter Schols said...

Please contact our support center (support at orbicule), we would be happy to provide you with a firmware password utility.

Anonymous said...

Maybe this has been asked before, but when if i now want to change my HD. Let's say i use timemachine to duplicate my disc.
Will the computer ask for the firmware pass when booting on the new HD?
If it does, can i change the firmware pass so it works on the new disc with the firmware pass utility?

Peter Schols said...

Yes, that would be no problem at all.


Anonymous said...

I have a MacBook and the disk drive is broken. Can I "Remote Disk" to my iMac to set the firmware password ?

Peter Schols said...


You can simply copy the Apple firmware password utility from one Mac to another over the network.


Unknown said...

How can I do this with Mac OS X Lion? Thanks!

Peter Schols said...

See http://orbicule.blogspot.com/2011/07/what-you-need-to-know-about-undercover.html for more information about the firmware password on Lion.

Tanguy said...

Im about to but a new macbook and having had my old one stolen im very keen on purchasing your software.
Just one question...If a theif simply takes out my harddrive and replaces can he not then just reinstall on that drive and use it?

Peter Schols said...

@Tanguy: Thanks for your interest in Undercover! By installing the Apple firmware password, you can prevent the thief from booting from another HD then the default startup disk. However, over 90% of the thieves don't even fiddle with the hardware, they simply sell the Mac as soon as possible, or use it themselves.

Anonymous said...

Forgive my ignorance, but if I create a dummy user account with no admin privileges, how will the thief find this account? I have a password on my MBP, on sleep or login. So if it were stolen, it would be logged in as my real account, with a password lock to get in. How does the thief get to the dummy account, or even find out about it?

Peter Schols said...

@Anonymous: the thief would probably reboot your Mac. This would lead him to the login screen, where he'll see the dummy account.

Anonymous said...

Re: VGP 02 February, 2008 18:00

Question #1. Yes, you can use T to enter Target Disk Mode after you have started into Startup Manager by holding down 'alt' and entering your password. The screen only shows the option of choosing a disk, but T works as well.


Anonymous said...

Has anything changed with Mountain Lion? Also how would one accomplish this on a rMBP seeing as their is no startup disc or drive

Peter Schols said...

No changes on ML compared to Lion. With both operating systems, the firmware password utility is now on the recovery partition, so you have to boot from that one to enable the AFP.

Sir Pe said...

There is one little hole that the firmware password leaves open, and I have verified this myself under 10.7.5 (Lion).

If, when logged in to OS X, you go to "System Preferences" -> "Startup Disk", choose an external USB drive that you have previously mounted, then hit "Restart..." you can boot from it without needing the Firmware Password.

This feels a bit strange, since "Target Disk Mode" from the same preferences pane does require a password before it will work.

So with an OSX Installer USB stick, and from a currently logged-in admin account (provided you know its password) you can bypass all the protection given by the firmware password.

Peter Schols said...

@Sir Pe: to select another disk in the Startup Disk prefpane, you'll need to enter an admin password. If you previously entered the password to unlock the pane, it might be that the system does not ask you again (after unlocking, the pane remains unlocked for a few minutes).

Donna said...

I have a 2007 MBPro and every time I reboot I HAVE to hold down the Option Key - type in a password then select the only HD installed. I 'm really tired of doing this, especially when I have updates and have to reboot. If I forget, it's an annoyance to have to force powerdown to restart with the option key held down. I don't want to have to do this anymore.

My DVD drive is of no use anymore. What can I do to bypass having to enter the firmware password? I literally leave my computer on to avoid putting it in.

Peter Schols said...

@Donna: please make sure your hard drive is selected in the System Preferences - Startup Disk preference pane. That way, you won't have to enter your firmware password every time you boot your Mac.

Anonymous said...

I'd like to install a firmware password, but can't find the start-up disk for my Macbook Pro. Is there any hope for me?

I have the start-up disk from my previous Macbook Pro (stolen 7 months ago) but the replacement Macbook Pro I bought has a slightly newer OS (10.7.5 v. 10.6.7). The information I've read about this says not to try using a start-up disk from a previous model, so I am wondering what I can do.

Peter Schols said...

With Lion and Mountain Lion, the firmware password utility is now on the recovery partition, so you have to boot from the recovery partition in order to enable the AFP.