Apple EFI firmware passwords and the SCBO myth

Apple is doing a much better job than all the rest of the PC vendors. Even those vendors that I haven&#x27;t published keygens for [1] have just stupendously unsound bypass mechanisms for BIOS passwords.<p>[1] <a href="https:&#x2F;&#x2F;dogber1.blogspot.com&#x2F;2009&#x2F;05&#x2F;table-of-reverse-engineered-bios.html" rel="nofollow">https:&#x2F;&#x2F;dogber1.blogspot.com&#x2F;2009&#x2F;05&#x2F;table-of-reverse-engine...</a>

<i>These could be insiders working at Apple support centers or even Apple itself.</i><p>It makes me somewhat happy in a weird way to think that, even in notoriously locked-down and secretive companies like Apple, there are individuals who don&#x27;t believe in and subvert the company&#x27;s attempts to have sole control of its products. We have these individuals to thank for schematics, parts, and a lot of other material that feeds the third-party repair industry.

This article is the kind that makes me sit down with a cup of coffee and read it top to bottom, even though I don&#x27;t understand all of the low-level assembler details (but it&#x27;s understandable without that). Security is important for everyone, not just security researchers.

Can someone please cut me to the chase?

What the hell does <i>SCBO</i> even mean?

Hmm... what about bugs in the USB &#x2F; FireWire implementation of the EFI?<p>Or the good old FireWire DMA trick?

I wonder if we can expect this to change if Apple add a TouchID reader (and accompanying Secure Enclave) to the next generation of MacBooks

TLDR? EFI password protection broken or not?