Monday, July 25, 2016

Disable Find My Mac by Resetting NVRAM

Adam C. Engst:

There is one other problem that my friend Will Mayall alerted me to recently, which is that resetting NVRAM disables Find My Mac. Will discovered this on his own, but it turns out that others have run across the same fact over the past few years, as evidenced by a quick Google search. In essence, Apple stores the Find My Mac data in NVRAM, which is good for keeping it around even if the hard drive is removed, but bad in the sense that it’s easy to reset NVRAM — just restart while holding down Command-Option-P-R. A quick test confirmed the problem in OS X 10.11 El Capitan, and nothing has changed in the public beta of macOS 10.12 Sierra.

The only way to prevent Find My Mac from being disabled is to set a firmware password, which you must enter whenever you start up from a disk other than the usual startup disk. Plus, if you try to reset NVRAM, you’re prompted for the firmware password, and when you enter it, the Mac instead boots into Recovery mode. In fact, when you lock your Mac via Find My Mac, what it’s doing is setting a firmware password.

I still think Find My Mac is not worth the risks.

Comments RSS · Twitter

Leave a Comment