I have a FileVault firmware password protected MacBook Air 2015, can I recover the SSD data from it?

[alexmartinpc]

Hello, I own a MacBook Air from 2015. Sadly and mistakenly (it was not necessary at all), I enabled years ago somehow, without fully understanding it, the FileVault password to firmware protect it.

Forgot about this laptop for a few years, and now I want to use it. When I turned it on it it asked for my user account password, which I don't remember. It was a local user, no Apple ID linked, so there's no way I can recover that password.

Then I thought, okay, I'll put a new SSD or install a new copy of macOS. But then, I encountered this FileVault password that basically locks the entire PC, the motherboard itself, and it can't perform any action unless you put the password. I don't remember it, tried the few I could remember but nope, it all failed. I tried resetting NVRAM and many other things, nothing, turns out when you enable the firmware password, you either enter it or that MacBook Air will be 100% useless, can't install a new macOS even after removing the SSD and installing a new one, can't do anything.

I read that Apple can remove it if you go with the purchase ticket, but I don't have access to it because I am the second user. So... no proof of purchase.

After trying everything, I suddenly thought "wait, I can replace the motherboard". So I did, put a new motherboard and a new bigger Apple SSD, and finally the FileVault password is gone, and I can finally install macOS and use it normally. The only thing that changed now is that the serial number doesn't match the engraved one on the back, since it is a different MoBo, and also that I had the i5 4GB version and this new mobo is the i7 8GB version. The original motherboard got damaged during storage.

Now... all I want is to recover the data from the original SSD. What can I do to recover it?
If I put it inside my now perfectly working MacBook Air will it still boot into macOS and ask for the user password?
What if I plug it via USB with an Apple SSD to USB adapter?
Is the data encrypted?

I don't wanna risk that maybe installing the original SSD can put back the firmware password, or if the mac somehow would delete the data, or something like that. Hence my questions.

 

[russell_314]

it it asked for my user account password, which I don't remember.

I encountered this FileVault password. I don't remember it,

Now... all I want is to recover the data from the original SSD. What can I do to recover it?

Wait, don’t remember any of the passwords to include the encryption password and you don’t have proof that it’s your MacBook, but you want to recover data off the drive.

If it was that easy where you can just bypass passwords, the encryption would be useless.

I’m not saying it’s impossible but what you’re basically asking for is there any way to hack filevault encryption. There may be and someone else might have the answer for that one.

I know there are companies that offer data recovery services, but I’m not sure if this would be in your budget

 

[Fishrrman]

I don't use filevault. I've NEVER used it.
You now understand what kind of problems can result in certain circumstances.

This is only my uneducated guess, but...
Forget it. Don't remember the password?
You're not getting that data back.

 

[MacCheetah3]

Foremost, for the sake of clear(er) communication, FileVault and firmware passwords are separate and provide separate levels of security.

Hello, I own a MacBook Air from 2015. Sadly and mistakenly (it was not necessary at all), I enabled years ago somehow, without fully understanding it, the FileVault password to firmware protect it.

Forgot about this laptop for a few years, and now I want to use it. When I turned it on it it asked for my user account password, which I don't remember. It was a local user, no Apple ID linked, so there's no way I can recover that password.

Then I thought, okay, I'll put a new SSD or install a new copy of macOS. But then, I encountered this FileVault password that basically locks the entire PC, the motherboard itself, and it can't perform any action unless you put the password. I don't remember it, tried the few I could remember but nope, it all failed. I tried resetting NVRAM and many other things, nothing, turns out when you enable the firmware password, you either enter it or that MacBook Air will be 100% useless, can't install a new macOS even after removing the SSD and installing a new one, can't do anything.

I read that Apple can remove it if you go with the purchase ticket, but I don't have access to it because I am the second user. So... no proof of purchase.

This sounds like a firmware password:

What is a firmware password on Mac?

Use a firmware password to prevent others from starting up your Mac using an internal or external storage device.

support.apple.com

Set a firmware password on your Mac - Apple Support

When you set a firmware password, users who don't have the password can't start up from macOS Recovery or any disk other than the designated startup disk.

support.apple.com

Now... all I want is to recover the data from the original SSD. What can I do to recover it?
If I put it inside my now perfectly working MacBook Air will it still boot into macOS and ask for the user password?
What if I plug it via USB with an Apple SSD to USB adapter?
Is the data encrypted?

Do you recall if you (also) had FileVault enabled?

Protect data on your Mac with FileVault

Turn on FileVault to add an extra layer of security to the encrypted data on your Mac.

support.apple.com

If you did not, you should just be able to install the previous drive into the new Mac motherboard/mainboard.

If you did enable fileVault (and you didn't note the recovery key), there’s still a chance of data recovery.

Officially, Apple states:

WARNING: Don’t forget your recovery key. If you turn on FileVault and then forget your login password and can’t reset it, and you also forget your recovery key, you won’t be able to log in, and your files and settings will be lost forever.

However, data recovery companies can attempt, for example:

Recover Data from an Encrypted Hard Drive | Gillware

If your Encrypted Hard Drive has failed, we can help. Gillware can recover data from an encrypted hard drive. Learn how we recover encrypted data.

www.gillware.com

Research/contact your regional/local data recovery companies for details.

My guess is they use a brute force method:

Therefore, their success of accessing the data will probably depend on how complex and long your password is/was, and how patient you are.


By the way, on a T2-equipped or newer Mac, breaching the data storage (i.e., SSD) encryption is basically impossible — with today’s technology, it would require many years.

Mac computers with the Apple T2 Security Chip - Apple Support

Learn which Mac computers have the Apple T2 Security Chip.

support.apple.com

Secure Enclave

The Secure Enclave is a dedicated secure subsystem in the latest versions of iPhone, iPad, Mac, Apple TV, Apple Watch, Apple Vision Pro, and HomePod.

support.apple.com

 

[alexmartinpc]

Wait, don’t remember any of the passwords to include the encryption password and you don’t have proof that it’s your MacBook, but you want to recover data off the drive.

If it was that easy where you can just bypass passwords, the encryption would be useless.

I’m not saying it’s impossible but what you’re basically asking for is there any way to hack filevault encryption. There may be and someone else might have the answer for that one.

I know there are companies that offer data recovery services, but I’m not sure if this would be in your budget

I have the box, same serial number, but no, no purchase ticket, it was a gift and there's no way to recover the ticket.


I'm of course not asking to crack a password.

1. First, and foremost, I just want to know if there's any problem about putting the original SSD in the MacBook Air with the new MoBo. All I am asking is... was it MANDATORY to have the original firmware password motherboard, then one that broke while storing it due to an accident, or can I just put the SD in the new mobo and try to keep putting passwords I remember?

2. If there's a way to recover the data without the password. In Windows, for example, unless you manually enable BitLocker, that is, a password that encrypts your HDD entirely, you can totally recover the data even if it had users with accounts and password, because the data is not encrypted and you can access to it with a SATA to USB adapter. Done it hundreds of times. Knowing the story of the first post, my second question is... is the data encrypted in the original SSD?

 

[alexmartinpc]

I don't use filevault. I've NEVER used it.
You now understand what kind of problems can result in certain circumstances.

This is only my uneducated guess, but...
Forget it. Don't remember the password?
You're not getting that data back.

Yeah, I would never enable such thing because of these situations, and I really think it was a relative that used the laptop for a bit that enabled it without being aware. I'm talking in first person to simplify the posts, as if I did all the mistakes myself.

 

[adrianlondon]

You're still confusing (or writing confusingly) firmware password with filevault.

Filevault encrypts the data.

Firmware password locks the mac from booting to a different drive. See if this helps:

https://www.reddit.com/r/MacOS/comments/1fphvel/is_ur_macbookimac_locked_with_firmware_password

 

[alexmartinpc]

Foremost, for the sake of clear(er) communication, FileVault and firmware passwords are separate and provide separate levels of security.


This sounds like a firmware password:

What is a firmware password on Mac?

Use a firmware password to prevent others from starting up your Mac using an internal or external storage device.

support.apple.com

Set a firmware password on your Mac - Apple Support

When you set a firmware password, users who don't have the password can't start up from macOS Recovery or any disk other than the designated startup disk.

support.apple.com

Do you recall if you (also) had FileVault enabled?

Protect data on your Mac with FileVault

Turn on FileVault to add an extra layer of security to the encrypted data on your Mac.

support.apple.com

If you did not, you should just be able to install the previous drive into the new Mac motherboard/mainboard.

If you did enable fileVault (and you didn't note the recovery key), there’s still a chance of data recovery.

Officially, Apple states:


However, data recovery companies can attempt, for example:

Recover Data from an Encrypted Hard Drive | Gillware

If your Encrypted Hard Drive has failed, we can help. Gillware can recover data from an encrypted hard drive. Learn how we recover encrypted data.

www.gillware.com

Research/contact your regional/local data recovery companies for details.

My guess is they use a brute force method:

Therefore, their success of accessing the data will probably depend on how complex and long your password is/was, and how patient you are.


By the way, on a T2-equipped or newer Mac, breaching the data storage (i.e., SSD) encryption is basically impossible — with today’s technology, it would require many years.

Mac computers with the Apple T2 Security Chip - Apple Support

Learn which Mac computers have the Apple T2 Security Chip.

support.apple.com

Secure Enclave

The Secure Enclave is a dedicated secure subsystem in the latest versions of iPhone, iPad, Mac, Apple TV, Apple Watch, Apple Vision Pro, and HomePod.

support.apple.com

Thank you!!!

I am talking in first person as if I did all the mistakes myself, but the reality is it was a relative that enabled all these security nonsense measurements, without knowing. I would never enabled these FBI features because I know how bad it can end, like it just did.

I hope you can answer this question, which is really what's bugging me the most:

- Do I MANDATORY need the original motherboard (that broke in an accident while storing it) to TRY to access or recover the data, or boot from that SSD?

Or the SSD is completely independent from that motherboard and I can install it and boot into macOS like I did before, and try to keep trying new passwords that come to my mind?

My fear is that maybe if you have one motherboard with one serial number, and you enable all these security features and encrypt and enable FileVault and firmware password and all that, maybe the SSD becomes dependent on that motherboard and you need that motherboard in order to boot from that SSD and put the Apple account password.

In other words, I fear that I put the SSD in the new motherboard and when booting it says "you enabled FileVault and/or firmware password and/or encryption in this SSD with another motherboard. Please, to boot from this SSD, insert it in the motherboard you enabled all of that with"

 

[alexmartinpc]

You're still confusing (or writing confusingly) firmware password with filevault.

Filevault encrypts the data.

Firmware password locks the mac from booting to a different drive. See if this helps:

https://www.reddit.com/r/MacOS/comments/1fphvel/is_ur_macbookimac_locked_with_firmware_password

Yeah, I am sorry, I am mixing FileVault with firmware password.

If I understood correctly, firmware password is a password that is stored in the motherboard and then that motherboard can ONLY work properly if you enter that password, meaning install new macOS, boot from other SSD... you know, any useful feature. If you don't enter that password, you can't even remove the original SSD install a new one and try to start fresh. Nope, still you need the FW password to do it. In other words, the laptop becomes absolutely 100% useless.

If I understood correctly, FileVault is like BitLocker in Windows, it encrypts the data of the SSD using the password of the local account?

So you don't need at all the original motherboard from which you enabled FileVault?
You can try to boot from that SSD from another MacBook and it will boot into macOS asking for the password?

Anyways, since I bought another motherboard and installed it, I don't care anymore about the firmware password of the original motherboard, since the new motherboard is not FW locked and I already installed Monterey, all works perfectly. Only those last 2 questions are what bother me now...

Also... a method that implies deleting the data of the original SSD is not desired. I already bought a new SSD, all I need now is knowing if I can still try to boot from the original SSD with this motherboard (same model, but different SN and an i7 and 8GB of RAM instead of i5 and 4GB of RAM).

 

[MacCheetah3]

I hope you can answer this question, which is really what's bugging me the most:

- Do I MANDATORY need the original motherboard (that broke in an accident while storing it) to TRY to access or recover the data, or boot from that SSD?

Or the SSD is completely independent from that motherboard and I can install it and boot into macOS like I did before, and try to keep trying new passwords that come to my mind?

The two are separate. So, yes, you could continue to try the user account password.

 

[alexmartinpc]

The two are separate. So, yes, you could continue to try the user account password.

Really?

So I can plug that SSD into my MacBook Air with the new MoBo (i7 8GB RAM instead of the original i5 4GB RAM, and different serial number of course) and it will boot just like before?

Before, besides the FW password, it also had a local account password that I don't remember, but at least I can keep trying... right?
When you turned the mac on, it would directly go to the home screen and ask the user account password.

It was when I tried to access recovery or install macOS in a new SSD via USB that I encountered the hideous FW password.

So, there's nothing linking this SSD to the original mobo that somehow to unlock or decrypt, I need the original mobo that performed such encryption?

 

[MacCheetah3]

If I understood correctly, FileVault is like BitLocker in Windows, it encrypts the data of the SSD using the password of the local account?

Yes.

 

[alexmartinpc]

Yes.

Okay, so I just thought about this:

When you encrypt a storage device with an OS, say that's macOS or Windows, I am guessing that it only encrypts the data considered personal, meaning... it doesn't encrypt the boot files necessary to boot from that drive, correct?

Because then, before even accessing any bit of data from that drive, it should mandatory ask for the password, however in Windows you are still able to boot from that drive, and with my original motherboard I was able to load macOS up to the user password screen, so all those bytes of data were accessible before inserting any password.

Anyways, how can I tell if encryption was enabled or not in that SSD?
Could it be that it was not encrypted, only password protected with the local account user, and that I could buy an Apple SSD to USB adapter and instead of booting form it, directly access to it like an external storage?

 

[MacCheetah3]

Really?

So I can plug that SSD into my MacBook Air with the new MoBo (i7 8GB RAM instead of the original i5 4GB RAM, and different serial number of course) and it will boot just like before?

Before, besides the FW password, it also had a local account password that I don't remember, but at least I can keep trying... right?
When you turned the mac on, it would directly go to the home screen and ask the user account password.

It was when I tried to access recovery or install macOS in a new SSD via USB that I encountered the hideous FW password.

So, there's nothing linking this SSD to the original mobo that somehow to unlock or decrypt

Correct, at least for that Mac model.

Added earlier:

By the way, on a T2-equipped or newer Mac, breaching the data storage (i.e., SSD) encryption is basically impossible — with today’s technology, it would require many years.

Mac computers with the Apple T2 Security Chip - Apple Support

Learn which Mac computers have the Apple T2 Security Chip.

support.apple.com

Secure Enclave

The Secure Enclave is a dedicated secure subsystem in the latest versions of iPhone, iPad, Mac, Apple TV, Apple Watch, Apple Vision Pro, and HomePod.

support.apple.com

That is, on newer Macs (and iPhones, iPads, etc):

The UID allows data to be cryptographically tied to a particular device. For example, the key hierarchy protecting the file system includes the UID, so if the internal SSD storage is physically moved from one device to another, the files are inaccessible.

 

[alexmartinpc]

Correct, at least for that Mac model.

Added earlier:

That is, on newer Macs (and iPhones, iPads, etc):

"The UID allows data to be cryptographically tied to a particular device. For example, the key hierarchy protecting the file system includes the UID, so if the internal SSD storage is physically moved from one device to another, the files are inaccessible"

But this does not apply to my MacBook Air 2015, correct?
Can I install it and give it a shot?
Check if my MacBook Air can still boot from the original SSD and load up to the user screen asking for a password?

"On modern Macs (those with Apple silicon or the T2 chip), the Secure Enclave includes a unique device identifier (UID), which is part of the hardware encryption process, even if FileVault isn't enabled. This UID is a randomly generated, unique key fused into the SoC during manufacturing and is used to protect device-specific secrets and the volume encryption key"

So if the motherboard of a T2 device with encryption enabled gets broken, you lose the data forever unless you are able to repair that motherboard?
Sounds like an absolutely terrible idea designed in Hell.

I guess I was talking about that link before, I meant something like that, exactly, a UID that would made my SSD impossible to access to from any other motherboard other than the one that is broken right now.

 

[MacCheetah3]

Okay, so I just thought about this:

When you encrypt a storage device with an OS, say that's macOS or Windows, I am guessing that it only encrypts the data considered personal, meaning... it doesn't encrypt the boot files necessary to boot from that drive, correct?

Yes, there is a basic/minimal boot partition.

But this does not apply to my MacBook Air 2015, correct?

Yes.

So if the motherboard of a T2 device with encryption enabled gets broken, you lose the data forever unless you are able to repair that motherboard?

Yes.

Sounds like an absolutely terrible idea designed in Hell.

Redundancy (i.e., backups) will always be important, especially for critical data.

Anyways, how can I tell if encryption was enabled or not in that SSD?
Could it be that it was not encrypted, only password protected with the local account user, and that I could buy an Apple SSD to USB adapter and instead of booting form it, directly access to it like an external storage?

Can I install it and give it a shot?
Check if my MacBook Air can still boot from the original SSD and load up to the user screen asking for a password?

How to Determine if a Mac Is Using FileVault from the Command Line

FileVault is a security feature that offers full disk encryption for Macs. Identifying Macs that are using FileVault is fairly easy in person for machines that have a logged in user account, all yo…

osxdaily.com

How to Access Terminal via Recovery Mode for Mac

Some more advanced Mac troubleshooting and diagnostics techniques require a user to access the Terminal from Mac OS Recovery Mode. We’ll show you how to quickly access the command line while …

osxdaily.com

 

[alexmartinpc]

Thank you for all your time and replies! You are awesome. So turns out I still have a shot to recover the data. Maybe it's not even encrypted (but knowing this relative went full FBI and enabled all security options, because you have to enable FW password manually, I think it's encrypted). For a moment I thought I needed mandatory the original broken motherboard in order to boot from that original SSD due to some kind of linking between the SSD and the motherboard that enabled encryption and FW pass and all that.

Quick parallel question... what happens if somehow one of the files to boot the encrypted SSD is damaged or corrupted, hence you can't boot from that SSD and put the user password to decrypt data?

Can you somehow plug that SSD as an external storage device and use a program to apply decryption to that SSD?

 

[MacCheetah3]

Quick parallel question... what happens if somehow one of the files to boot the encrypted SSD is damaged or corrupted, hence you can't boot from that SSD and put the user password to decrypt data?

Can you somehow plug that SSD as an external storage device and use a program to apply decryption to that SSD?

Understanding Partitioning Schemes, FileVault 2 and macOS Encryption: A User-Friendly Guide

When it comes to Mac systems, partitioning schemes play a crucial role in organizing data, managing storage, and ensuring smooth system operations. Whether you're installing macOS, working with external drives, or handling disk images, understanding these schemes can help you navigate storage...

www.cyberengage.org

Basically, you should be able to access the "Data" volume with your user account password. It should be similar to an encrypted external (e.g., non-boot, single partition) drive.

The original version of FileVault only encrypted a user’s home folder. So, I would think, you would be prompted for the user password when accessing the user folder on such versions of macOS. However, I’ve never tried, so can’t confirm.

 

[Fishrrman]

OP:

If you have the "original" motherboard that is physically "broken", forget that. You're not fixing that.

If you have another MacBook that will fit the drive, why don't you just swap it out and see what happens? Rather than talk about it here?

Your entire thread was a bit misleading, in that it turns out it's not YOUR MacBook, but someone else's.
Are you trying to help THEM get the data back?

If you can't get anywhere after swapping the drive into another MacBook, then you could try an "external connection", IF such connection is possible. You'll have to find an enclosure or some kind of adapter that will accept the SSD and plug into a USB port. Other World Computing used to sell these, not sure if they had one for that particular SSD. It's almost certainly a discontinued item.

Even if you can establish a connection, the filevault will probably prevent access to the drive.

Finally, you could send the drive to a data recovey outfit.
But be prepared to spend LOTS of money -- IF they can recover the data.
Maybe thousands.

Is the data on that drive really, REALLY worth that much to the MacBook's owner?

 

[FreakinEurekan]

Resetting the user password is possible in most cases using the Apple Account.

Beyond that, you're SOL. Just erase the drive & treat it as a life lesson - if data is important, back it up.

 

[alexmartinpc]

OP:

If you have the "original" motherboard that is physically "broken", forget that. You're not fixing that.

If you have another MacBook that will fit the drive, why don't you just swap it out and see what happens? Rather than talk about it here?

Your entire thread was a bit misleading, in that it turns out it's not YOUR MacBook, but someone else's.
Are you trying to help THEM get the data back?

If you can't get anywhere after swapping the drive into another MacBook, then you could try an "external connection", IF such connection is possible. You'll have to find an enclosure or some kind of adapter that will accept the SSD and plug into a USB port. Other World Computing used to sell these, not sure if they had one for that particular SSD. It's almost certainly a discontinued item.

Even if you can establish a connection, the filevault will probably prevent access to the drive.

Finally, you could send the drive to a data recovey outfit.
But be prepared to spend LOTS of money -- IF they can recover the data.
Maybe thousands.

Is the data on that drive really, REALLY worth that much to the MacBook's owner?

It does NOT matter if the MacBook is mine or a relative's, completely unrelated to any of my problems... so I don't understand what's exactly your point when you pointed that.

I just had to say it was a relative's because I noticed this "see when happens when you enable something you don't know about?" tone, and I wanted to clarify I am not the person that messed up this bad, I'm here talking about firmware and encryption and recovery, you thank God if any of my relatives knows what the heck is a motherboard, its function, what an SSD is or what the software is.

Anyways, yeah, I want to recover the data of that SSD, but I also wanted to know, for myself, a little bit about what all these passwords really mean, if there's a link between the SSD and the mobo that encrypted it (turns out there is in newer macs...), etc...

Wanted to tell the whole story in case it mattered.

"why don't you just swap it out and see what happens?"
Well, you answered it yourself, see what happens?
No, before "seeing what happens" I prefer to consult and read about it. Imagine if Apple designed the encryption so that if an SSD with FileVault enabled is plugged into a different motherboard from the original one, it erases the data as a protection measure. Since I wasn't sure if I could plug that SSD to a new motherboard without causing any issue, I opened this thread.

I'm aware of those adapters, I mentioned them in some posts earlier. I am the savvy of the whole family and I have many adapters, built computers, fixed computers (and it's what I did with this MacBook), but I mostly work with Windows devices, since I don't own a mac as a daily driver, all these specifics... get me a bit lost and I need to search here, like I did.

I know I can go to a data recovery center... and nuke 1500€ or more. No, can't, I am not a company that wants to recover that 500 000€ project from the SSD. I am just trying to help a relative, that's all.

 

[alexmartinpc]

Resetting the user password is possible in most cases using the Apple Account.

Beyond that, you're SOL. Just erase the drive & treat it as a life lesson - if data is important, back it up.

I am well aware of that, good luck trying to impose that correct view to friends and relatives that barely know what is an OS.

Anyways, if somehow FileVault is not enabled, I think I could access the data if I connect the SSD via USB adapter, via MTP.

If I'm not wrong, Apple can help you, with a proof of purchase, disable the firmware password so you can use the MacBook again, BUT, what Apple can't do is remove the password of a local account, right?

 

[tonmischa]

@MacCheetah3 already gave a lot of good advice. (Kudos!)

I will also try to help with a few answers.

If I'm not wrong, Apple can help you, with a proof of purchase, disable the firmware password so you can use the MacBook again

Correct.

BUT, what Apple can't do is remove the password of a local account, right?

Right.
A lot of this question is covered in this Apple Support Document (already posted by others, but I will link it again anyway)
but because of the several different generations of security (M1, T2, etc.) it is not easy to see through...

If you forgot your Mac login password - Apple Support

If you can’t log in to your Mac user account, try these solutions.

support.apple.com

For your 2015 Mac it basically means: (i hope i get this right... )
_IF_ the disk is encrypted (=FileVault), you need:
- the password for the local user accounts (you do not have that. i know.)
OR
- if the user account is linked to an Apple Account (Apple ID) and you know the password for that AppleAccount, then you can -probably- reset the password / decrypt the drive from there.
OR
- the recovery key that was given during the FileVault encryption.

If you have none of these, the data is lost.

Also:
You do not need to build the SSD into the motherboard, you could also put it into a plain 2,5inch SATA to USB enclosure and connect it to the Mac. (maybe easier to handle?)
(just hold Option during startup and select the external disk to boot from.)

EDIT: The drive is a M.2 SSD with a proprietary connector. There are special enclosures out there, but you need the correct one.

I can also confirm that connecting that drive to a new motherboard will NOT make the Firmware Lock suddenly reappear. As you correctly stated: The Firmware Password lives on the Firmware of the motherboard.

A quick word on Encryption and Firmware locks:
While I deeply sympathize with your pain, this also shows how strong the security is, that Apple built.
Just imagine a scenario where the laptop is stolen, you can see how hard it is to get it running again and it's very hard to get to the data.
We have locks on our cars, locks on our doors, because we dont want our property to get stolen or our privacy to get invaded.
Our data is also a valuable property. Why not protect it the same way as a car or our homes?

 

[alexmartinpc]

Oh, I'm not mad

@MacCheetah3 already gave a lot of good advice. (Kudos!)

I will also try to help with a few answers.


Correct.

Right.
A lot of this question is covered in this Apple Support Document (already posted by others, but I will link it again anyway)
but because of the several different generations of security (M1, T2, etc.) it is not easy to see through...

If you forgot your Mac login password - Apple Support

If you can’t log in to your Mac user account, try these solutions.

support.apple.com

For your 2015 Mac it basically means: (i hope i get this right... )
_IF_ the disk is encrypted (=FileVault), you need:
- the password for the local user accounts (you do not have that. i know.)
OR
- if the user account is linked to an Apple Account (Apple ID) and you know the password for that AppleAccount, then you can -probably- reset the password / decrypt the drive from there.
OR
- the recovery key that was given during the FileVault encryption.

If you have none of these, the data is lost.

Also:
You do not need to build the SSD into the motherboard, you could also put it into a plain 2,5inch SATA to USB enclosure and connect it to the Mac. (maybe easier to handle?)
(just hold Option during startup and select the external disk to boot from.)

I can also confirm that connecting that drive to a new motherboard will NOT make the Firmware Lock suddenly reappear. As you correctly stated: The Firmware Password lives on the Firmware of the motherboard.

A quick word on Encryption and Firmware locks:
While I deeply sympathize with your pain, this also shows how strong the security is, that Apple built.
Just imagine a scenario where the laptop is stolen, you can see how hard it is to get it running again and it's very hard to get to the data.
We have locks on our cars, locks on our doors, because we dont want our property to get stolen or our privacy to get invaded.
Our data is also a valuable property. Why not protect it the same way as a car or our homes?

Wow, to the point, straight, thank you so much.


When I first tried to access the local account, even with a FW password that I didn't know, the MacBook would boot normally into the user account password screen. I already tried to recover it using an Apple ID, but my relative failed to provide any correct password for the local account, nor any Apple ID linked to that account. In other words, it is a local account without any links to any Apple ID. I logged in the Apple account web and in "my devices", there was no MacBook Air, only an iPhone and an iPad. That is enough to determine that my relative's Apple Account was not linked to that Mac, right?

I mean there's only one Apple account my relative handles... not much else to do...

Unless, and I've been helping relatives and friends long enough to experience all kind of plot twists... my relative used a different Apple ID. And doesn't even remember the name, let alone the password.

In case FileVault is disabled, I can, instead of booting normally from the SSD by installing it inside the MacBook which would trigger the Apple Account Password request and that's how far I'd get, plug it in via an USB adapter (thank you Apple for creating unnecessary M.2 like SSD's that I can't plug in my universal M.2 to USB adapter) as a MTP, external drive, and explore the folders and stuff from there, right?

In case FileVault is enabled, my relative doesn't remember the pass, let alone a key, already checked the emails, nothing. So until the password is finally remembered somehow, data is lost I guess.

I'm not mad at Apple, by the way, indeed the fact that I was worried that without the original motherboard I would not be able to even boot or try to access the original SSD, is because I precisely thought that a good security measurement would be to link the SSD to the motherboard that encrypted the data, that way you can't remove the SSD from the MacBook and try to crack it in yours or elsewhere.

It's just the same old story, friends and relatives with no knowledge of anything, touching things they don't understand, and getting mad when things go to hell. Experienced it many times, and sometimes me, the helper, getting some heat somehow, because they turn the fan, out of frustration.

A local user password should protect the files and no one, not even Apple, should be able to recover that password, because then, what's the point.
Even I find it troubling that Apple can disable a FW password, that makes me think it's a weak option to protect your data. I mean, I guess that's just the motherboard, there's no personal data in the motherboard, so cracking or removing a FW password only means you can save $200-400 in a new motherboard replacement, but there is no data at risk.

I was completely expecting that Apple can't do anything to guess or remove a local account password.

 

[nathansz]

Is this a removable drive or soldered flash chip?