Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Journalist3

macrumors newbie
Original poster
Feb 4, 2024
7
0
How does one completely restore the EFI firmware on a macbook air 2017 intel i7 (no T2 chip) to be certain that every single bit and byte of what is currently on that ROM is erased and a clean trusted firmware is placed on. My friend in a major peace organization is a peace activist and his laptop was held by authorities at los angeles airport for over 7 hours before being returned on a recent trip. Currently being a peace activist is the biggest threat to those in power who are heavily invested in the profits of war and others like him have long been targets of the agencies. He will be replacing the SSD in the machine but as we know its is the firmware that is much more difficult to determine what is happening so the safest bet is to re-flash it with what is hopefully a known clean firmware. Thanks in advance for anyone pointing in the right direction

Sandy
 
Last edited:
Aside from hardware chip replacement I don’t see any other valid way if you really want the cleanest firmware.

If your friend is that paranoid, I recommend considering buying Linux laptops. Apple hardware is not good if you are worried about you being targeted by state. Trust me, Apple definitely won’t look after your friend if he is in trouble.
 
The question is - is there a procedure that will zero out all sectors of the existing SMD rom chip so that no possible hiding places for backdoors can exist - and then a clean firmware install can be placed there. Just one of the NSA's firmware exploits appeared on eleven thousand machines in the United States so it's not at all paranoid for activists to understand the facts that there is widescale targeting of them.
If anyone else can pipe in that would great.

(thanks Shirasaki for your answer - I would like to get several other opinions from different persons before the rather drastic replacement of the rom chip which I do not possess the equipment for)
 
I need the mac for final cut pro but also to run linux from a partition and can't carry two machines so unfortunately I am stuck with mac. (been editing FCPX for 15 years not going to use windows or linux to edit)
 
Unfortunately if I used that link from Github, I woudl have to trust that a guy named "MuertoGB isn't a worse option than apple - at least with apple there is some possibility that you might get firmware that is OK, so I am trying to find what procedures I can use to get a copy of the firmware directly from apple and then flask that into the rom
 
Last edited:
Doing a quick search I can't find any reports of firmware malware. Maybe could happen but looks as if it would be exceedingly rare.


“If your Mac has Apple silicon, or your Intel-based Mac has the T2 chip, then by default it has a security policy to ensure that your hardware and software haven’t been tampered with. With the default security policy, from the time you turn your Mac on, your Mac uses its hardware to verify each step of the boot process to ensure that the hardware and software haven’t been tampered with. ”

Excerpt From
macOS Support Essentials 12 - Apple Pro Training Series
Benjamin G. Levy
This material may be protected by copyright.

Looks as if you can restore your firmware:

“Use Apple Configurator 2 to Revive or Restore Your Mac
Under extremely rare circumstances, such as power loss during a small window of time when you are updating firmware, your Mac may become unresponsive, and you might have to use Apple Configurator 2 to revive or restore your firmware.
This applies only to:

Mac computers with Apple silicon
Intel-based Mac computers with the T2 chip

The revive process updates the firmware, and the restore process updates the firmware and erases the internal flash storage. The details of this process are outside the scope of this guide. For more information, refer to the appropriate article in the Apple Configurator 2 User Guide for more information”

Excerpt From
macOS Support Essentials 12 - Apple Pro Training Series
Benjamin G. Levy
This material may be protected by copyright.

“support.apple.com/guide/apple-configurator-2/apdd5f3c75ad”

Excerpt From
macOS Support Essentials 12 - Apple Pro Training Series
Benjamin G. Levy
This material may be protected by copyright.

“support.apple.com/guide/apple-configurator-2/apdd5f3c75ad”
 
Doing a quick search I can't find any reports of firmware malware. Maybe could happen but looks as if it would be exceedingly rare.


“If your Mac has Apple silicon, or your Intel-based Mac has the T2 chip, then by default it has a security policy to ensure that your hardware and software haven’t been tampered with. With the default security policy, from the time you turn your Mac on, your Mac uses its hardware to verify each step of the boot process to ensure that the hardware and software haven’t been tampered with. ”

Excerpt From
macOS Support Essentials 12 - Apple Pro Training Series
Benjamin G. Levy
This material may be protected by copyright.

Looks as if you can restore your firmware:

“Use Apple Configurator 2 to Revive or Restore Your Mac
Under extremely rare circumstances, such as power loss during a small window of time when you are updating firmware, your Mac may become unresponsive, and you might have to use Apple Configurator 2 to revive or restore your firmware.
This applies only to:

Mac computers with Apple silicon
Intel-based Mac computers with the T2 chip

The revive process updates the firmware, and the restore process updates the firmware and erases the internal flash storage. The details of this process are outside the scope of this guide. For more information, refer to the appropriate article in the Apple Configurator 2 User Guide for more information”

Excerpt From
macOS Support Essentials 12 - Apple Pro Training Series
Benjamin G. Levy
This material may be protected by copyright.

“support.apple.com/guide/apple-configurator-2/apdd5f3c75ad”

Excerpt From
macOS Support Essentials 12 - Apple Pro Training Series
Benjamin G. Levy
This material may be protected by copyright.

“support.apple.com/guide/apple-configurator-2/apdd5f3c75ad”
Hi thanks, the computer is a Macbook air 2017 - no T2 chip and an Intel i7
 
If you are worried enough about being a target of state sponsored implant, simply buy a new device.

You can't re-flash the SMC (secure device, not re-flashable by someone without the crypto keys) and re-flashing the MacBook Air BootROM is costly, to eliminate any possibility you gonna have to replace the SPI flash memory or at least remove, erase, reprogram it and install back. You need to have the firmware and the equipment and know exactly what to do, so, it's not something that an end user or even 99% of tech people can do.
 
  • Like
Reactions: kitKAC
Unfortunately if I used that link from Github, I woudl have to trust that a guy named "MuertoGB isn't a worse option than apple - at least with apple there is some possibility that you might get firmware that is OK, so I am trying to find what procedures I can use to get a copy of the firmware directly from apple and then flask that into the rom
Fair point. You would have to trust someone.

Counter point: "...at least with apple there is some possibility that you might get firmware that is OK"

That seems fairly paranoid. If you don't trust Apple...not sure what to tell you. Even buying a new Mac is risky if you don't trust them. And if not Apple, what vendor/supplier do you trust?

MS is MS....and Linux is dependent on open open-source code base, no?
 
As mentioned, are there any known firmware attacks or unpatched compromises for Mac EFI?

There were some vulnerabilities way back about 2015, but those have long since been patched, as long as machines were updated.

Are there any at all for AS Macs? They don't use EFI, but iBoot in its place. I don't see any current, known vulnerabilities for iBoot. iBoot seems fairly robust, from a security perspective.

If I had any concern that a state-sponsored attack could target my computer, I would be using a newish Mac with all updates, with FileVault active, and set to Full Security mode. M1 at least. Notice the iBoot updates in the latest OS patch.
 
Last edited:
Fair point. You would have to trust someone.

Counter point: "...at least with apple there is some possibility that you might get firmware that is OK"

That seems fairly paranoid. If you don't trust Apple...not sure what to tell you. Even buying a new Mac is risky if you don't trust them. And if not Apple, what vendor/supplier do you trust?

MS is MS....and Linux is dependent on open open-source code base, no?
Nothings paranoid about not trusting Apple - most trusted security experts are warning that Apple's privacy protection claims are a joke. After 35 years of trusting them I too have seen they are no longer a company that deserves to be trusted. The amount of bloatware and telemetry phoning home is off the charts and with Apple literally scanning your entire computer's contents to index it for spotlight, their snooping with their speakers for siri and their scanning of all of your media to "protect the children" from csam which has the EFF and other privacy watchdog groups raising alarms, there is not much difference at this point between Apple and Microsoft. In fact in some respects at least the non apple architectures have greater capability to be de-google'd, and de-android'ed and have their firmware corebooted, not so with Apple which is a closed door.

Linux is the right direction and so long as there is robust audits then that is the much safer direction and this is why I would like to find ways to guarantee a clean firmware on my macs because to be honest the design of the Apple hardware is superior in my view and the non apple hardware from a design standpoint is junk. So I want to KEEP the apple hardware and ditch the apple software and especially their firmware or at least find ways to either easily verify the integrity of the firmware and assure there is not bugs or backdoors or find a methodology to re-flash it from known "clean" (or as clean as one would trust from apple) firmware.

But as for trusting Apple, nope. Sure I will always keep air-gapped apple computers to run Final Cut and Logic and photoshop but never for connecting to the Internet.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.