• Did you order new AirTags? We've opened a dedicated AirTags forum.

WolfSnap

macrumors 6502a
Original poster
Sep 18, 2012
929
687
SoCal
Here's how to make your MacBook Pro retina into a brick if someone steals it, and how to hopefully get it back!

There's four things to do:

1. Enable the computer's EFI password.
2. Enable and set a lock message.
3. Encrypt your HDD using FileVault 2 (No, this will not noticeably slow your computer.)
4. Enable guest mode.

Here's how to do it:

1. Enable your computer's EFI password by rebooting your computer while holding down CMD-R.

Once in the recovery console, go to the Utilities menu and choose, "Firmware Password Utility". Set a password. DO NOT FORGET THIS EVER!!! Also, when you sell your computer, ENSURE YOU REMOVE IT (or give the password to the new owner).

2. Open up System Preferences and go to "Security & Privacy". Then, go to "General" and click the lock icon at the bottom left. Then, turn on the 'Show a message when the screen is locked' and click 'Set Lock Message...'.

Enter something meaningful here, like this: Property of WolfSnap. If found, please call 999-555-1212. Reward offered!

3. Go to the FileVault tab and Turn ON FileVault. Follow the prompts and ensure you make a copy of the decryption key. Make a few copies of it, and store it in a sealed envelope at a friends home/parents home.

4. Go to System Preferences, Users & Groups, and click the padlock icon. Click the 'Guest User' account and ENABLE the Allow guests to log in to this computer.

Now that you've enabled all of this, you've essentially made it impossible for a thief to use your computer (except for the very limited guest mode), which ALSO allows you to use the Find my Mac feature in iCloud. Also, there's no way for a thief to reformat your computer and make it usable. It's literally a brick.

BUT, since we've set the lock message, there's a (now) permanent way to mark your computer for easy return. After all, a thief wants some money; a reward is still better than nothing.

Hope this helps!
 

WildCard^

macrumors regular
Oct 11, 2013
152
0
Here's how to make your MacBook Pro retina into a brick if someone steals it, and how to hopefully get it back!

There's four things to do:

Great hints, glad there's a way to protect my hardware. Do these steps only protect newer versions of hardware or OS version? or is it universal among the macbook family?
 
Comment

laurihoefs

macrumors 6502a
Mar 1, 2013
792
22
Great hints, glad there's a way to protect my hardware. Do these steps only protect newer versions of hardware or OS version? or is it universal among the macbook family?

FileVault 2, which encrypts the full disk, was introduced in Mac OS X 10.7. The older FileVault (1), which was available from 10.3 on, only encrypted the user's home folder.

FileVault 2 also requires a CPU that supports AES instructions, so Core 2 or older are not supported, but all i5 and i7 CPUs since Sandy Bridge are.

Guest mode was introduced with 10.7 too, and is not to be confused with a normal Guest user account. It's a workaround to give guests a possibility to use the computer without gaining access to the FileVault 2 encrypted volumes, and it also gives a way to track the computer with Find My Mac even with FileVault 2 enabled.

EFI passwords were possible to bypass in pre-2011(? or 2010, correct me if I'm wrong) MacBook Pros by changing the memory configuration, e.g. taking out a memory module, but currently it's not possible to (easily) bypass.

To sum it up: Any MacBook Pro with an i5/i7 CPU and OS X 10.7 or newer can use these methods.
 
Comment

laurihoefs

macrumors 6502a
Mar 1, 2013
792
22
Thanks Lauri. I just have Core2Duo MBs so I will do what I can.

Thanks!

To be a bit more specific: FileVault 2 works with Core2Duo CPUs, you'll just see a larger performance decrease and higher CPU utilization than you would with a newer CPU.

I tried googling for benchmark data, but could not find much. If I remember correctly, with a Core 2 CPU you might see a >20% drop in disk performance with FileVault 2 enabled, when according to some benchmarks the performance drop on current MacBook Pros is almost negligible. I'm getting a <5% disk I/O hit on a 2012 rMBP, without noticing any rise in CPU utilization.

Whether this performance hit becomes noticeable, depends largely what you use the computer for. Final Cut Pro, Logic Pro, Premiere and ProTools would be examples of software that would suffer both from the slower I/O and the increased overhead, but in most tasks the difference would go unnoticed. YMMV.
 
Comment

WolfSnap

macrumors 6502a
Original poster
Sep 18, 2012
929
687
SoCal
This works best on a retina due to the hard drive not being (easily) swappable, and dedicated decryption hardware.

But, this will work on any newer MBP.
 
Comment

everfangomanga

macrumors member
Jul 12, 2008
59
0
Osaka, Japan
I've looked around but haven't found a clear answer. What would the process be if you wanted to use boot camp as well? First encrypt, then partition for boot camp?

EDIT: I just turned filevault on, tried installing windows but during the installation process, it said, "Can't install on partition" due to it not being NTFS format, or something along those lines. Then I had to exit out of the installation. When I restarted my computer, I got to the gray splash screen (with no apple logo) and it hung for a few seconds and went to a black DOS type screen telling me, "No bootable device." I then had to restart while pressing option to select which drive to boot from (it only gave me one option) and I was able to log in just fine.

I have now deleted my bootcamp partition through the bootcamp utility and am turning off filevault as I type this. I'm going to give it another go once it's done decrypting.
 
Last edited:
Comment

Silon

macrumors member
Dec 1, 2013
56
34
This works best on a retina due to the hard drive not being (easily) swappable, and dedicated decryption hardware.

But, this will work on any newer MBP.

Is my understanding correct that with any macbook that uses a regular HDD one can just take the HDD out, wipe it, put it back in and reinstall OSX? In that case this all does not make a whole lot of sense apart from securing your personal files. The thief will still be perfectly able to use the machine.
 
Comment

WolfSnap

macrumors 6502a
Original poster
Sep 18, 2012
929
687
SoCal
Is my understanding correct that with any macbook that uses a regular HDD one can just take the HDD out, wipe it, put it back in and reinstall OSX? In that case this all does not make a whole lot of sense apart from securing your personal files. The thief will still be perfectly able to use the machine.

You can't change the boot device without the firmware password. You also can't open the recovery console without it either.

So, I guess you could swap drives, but I doubt that's a big risk.

Admittedly, this works better on a retina, but it's still reasonable to do on a non-retina MBP.
 
Comment

laurihoefs

macrumors 6502a
Mar 1, 2013
792
22
You can't change the boot device without the firmware password. You also can't open the recovery console without it either.

So, I guess you could swap drives, but I doubt that's a big risk.

Admittedly, this works better on a retina, but it's still reasonable to do on a non-retina MBP.

Changing the hard drive won't bypass the firmware password. You can't boot from any other partition, even on an internal HDD/SSD, without having to enter the password.

Partitions get unique identifiers when created, and disks have their own unique identifiers too, so I doubt if even an identically partitioned new disk, or an exact clone of the old disk, would work.
 
Comment

Velin

macrumors 68000
Jul 23, 2008
1,601
1,065
Hearst Castle
Just did these steps with my new retina Macbook Pro. Took less than a half hour, feel much more confident now putting sensitive material on the portable.

In addition, recently purchased 1Password and have encrypted all the logins/passwords. Necessary steps in today's world.

Thanks for this list, every single new Macbook Pro owner should do this.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.