Possible intrusion ? hacking ? Firmware Password is TURNED ON ??? cannot change boot drive now ???

[dustybone]

Hello there, I would like to thankyou for the hard work put into the patch as I was successfully able to install macOS 11.1 BigSur on my unsupported iMac late 2013 i5 without any issues and was working fine for weeks now. But I have now have a MAJOR incident as I have noticed that the iMac Firmware password has been activated on my iMac without my consent or knowledge, It was previously NOT activated as i had turned OFF firmware password and filevault prior to the fresh BigSur install to the internal PCIExpress 128GB SSD. I am reluctant to try to reset NVRAM as this disallow booting to external drives with the current firmware password settings ? As the EFI patches NVRAM, is this part of the the patching ? or has my system been hacked/compromised ?

[ghost]

There is no way your firmware password could of turned on by the patcher and the chances something was able to turn on the firmware password is very low. Obviously, you must have been able to unlock the firmware (otherwise you wouldn't have been able to take that screenshot) so just boot into recovery mode and turn it off. It's not an NVRAM thing, otherwise you could power cycle the Mac to get rid of it, which is against the point of a firmware password.

[dustybone]

Your right, I am able to boot into the patched BigSur on the internal HD, but on a restart, (option key or command + R) I cannot get into recovery mode or boot into the installer usb of patched bigSur, as firmware password is enabled now. Which was not the case prior to BigSur. I am stumped as I had disabled firmware password and FileVault on the Catalina install prior to installing BigSur weeks prior and have had no issues till now. If I reset the NVRAM what does this do ? It just removes the BigSur patches needed, but then once that is done I can no longer boot into bigSur on the internal hdd and because Firmware password is enable now, I suspect I won't be able to boot into and external media as well. I have tried to run the Startup Security Utility from the patched BigSur usb recovery media from inside of BigSur but it reports that the Firmware is not supported ? I also tried the Catalina version of Startup Security Utility with the same results. Can you offer any other options ?

On Sat, 13 Feb 2021 at 04:33, Ben Sova notifications@github.com wrote:

There is no way your firmware password could of turned on by the patcher and the chances something was able to turn on the firmware password is very low. Obviously, you must have been able to unlock the firmware (otherwise you wouldn't have been able to take that screenshot) so just boot into recovery mode and turn it off. It's not an NVRAM thing, otherwise you could power cycle the Mac to get rid of it, which is against the point of a firmware password.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/barrykn/big-sur-micropatcher/issues/192#issuecomment-778351143, or unsubscribe https://github.com/notifications/unsubscribe-auth/AR7YAWP42WPHFPPYDHT27WLS6VUPFANCNFSM4XRAXBDA .

[dustybone]

See I check the firmware via integrity check and can see a mismatch in firmware, is this the BigSur patches doing this ?

[Ausdauersportler]

Where do you exactly see the mismatch in the firmware?

[dustybone]

I meant that Startup Security Utility would not recognise the iMac firmware (gave an error on launch that it was not a supported firmware) to be able to reset the firmware password when I ran it from the mounted "Recovery" partition whilst still booted into BigSur 11.1, as I could not get into real recovery mode (Maybe this is not a valid way of running Startup Security Utility outside of booting into Recovery or it checks for specific firmware on launch ?) and the screenshot above mentions non allowed version ?

[ghost]

You need to get into real recovery mode. Try this:

1. Open Terminal in Big Sur and run: sudo nvram recovery-boot-mode=unused
2. Restart your Mac and it should go straight into recovery (after you enter your firmware password)
3. Use Secure Startup Utility there
4. EVEN IF THAT DOES NOT WORK, Open Utilities/Terminal in Recovery then run nvram -d recovery-boot-mode so that your Mac no longer boots into Recovery.