macOS High Sierra Automatically Performs Security Check on EFI Firmware Each Week

[MacRumors]

Mac users who upgrade to macOS High Sierra will benefit from a significant new security feature that works in the background.

macOS High Sierra automatically checks a Mac's EFI firmware against Apple's database of "known good" data to ensure it hasn't been tampered with, according to a series of tweets from an Apple engineer.

The tweets have since been deleted, but a summary remains available on the Mac blog The Eclectic Light Company.

The new utility eficheck, located in /usr/libexec/firmwarecheckers/eficheck, runs automatically once a week. It checks that Mac's firmware against Apple's database of what is known to be good. If it passes, you will see nothing of this, but if there are discrepancies, you will be invited to send a report to Apple.

If the check fails, a prompt will appear with options to "Send to Apple" or "Don't Send." The selection is remembered in subsequent weeks.

The "eficheck" tool sends the binary data from the EFI firmware, and preserves user privacy by excluding data which is stored in NVRAM, according to The Eclectic Light Company. Apple will then be able to analyze the data to determine whether it has been altered by malware or anything else.

The database's library will be automatically and silently updated so long as security updates are turned on.

EFI, which stands for Extensible Firmware Interface, bridges a Mac's hardware, firmware, and operating system together to enable it to go from power-on to booting macOS.

macOS High Sierra will be publicly released on the Mac App Store later today.

Article Link: macOS High Sierra Automatically Performs Security Check on EFI Firmware Each Week

 

[ghostface147]

Rather interesting. Now to update to High Sierra later tonight with a clean install.

 

[jsalda]

Huh, I wonder what this will mean for Hackintosh?

 

[jblagden]

Mac users who upgrade to macOS High Sierra will benefit from a significant new security feature that works in the background.

macOS High Sierra automatically checks a Mac's EFI firmware against Apple's database of "known good" data to ensure it hasn't been tampered with, according to a series of tweets from an Apple engineer.

The tweets have since been deleted, but a summary remains available on the Mac blog The Eclectic Light Company.If the check fails, a prompt will appear with options to "Send to Apple" or "Don't Send." The selection is remembered in subsequent weeks.

The "eficheck" tool sends the binary data from the EFI firmware, and preserves user privacy by excluding data which is stored in NVRAM, according to The Eclectic Light Company. Apple will then be able to analyze the data to determine whether it has been altered by malware or anything else.

The database's library will be automatically and silently updated so long as security updates are turned on.

macOS High Sierra will be publicly released on the Mac App Store later today.

Article Link: macOS High Sierra Automatically Performs Security Check on EFI Firmware Each Week

This sounds like a way to get rid of Hackintoshes.

 

[dan9700]

Will later be same as gm version but without feedback and letter or new verison i wonder

 

[Onexy]

Spoken like a government. This is probably not to fight malware but to fight hackintoshs.

 

[ArtOfWarfare]

Huh, I wonder what this will mean for Hackintosh?

This wouldn't have any impact on the reverse, would it? I decided to throw out the Snow Leopard partition on my 2006 Mac Mini and replace it with a current version of Lubuntu, since increasingly little software still supports Snow Leopard and I was worried my Mac Mini was vulnerable having gone so long without a security update.

I guess obviously not. If macOS isn't on the computer, then this efi firmware check would be gone, right? Or is it somewhere below what the Lubuntu installer would have noticed (like, is it in the efi itself? IDK. We're just beyond the realm of stuff I understand now.)

 

[GhostRaider]

Huh? That’s unexpected. Someone from the Hackintosh community needs to check this out. Very concerning.

 

[nt5672]

This has been needed for a long time. The real question is when Apple will change from reporting to refusing. This is when it goes too far. As to hackintoshes, my guess is that they have security updates turned off anyway and so at least for now, will not apply.

 

[Cougarcat]

This sounds like a way to get rid of Hackintoshes.

Huh, I wonder what this will mean for Hackintosh?

This doesn’t affect hackintoshes. HS is working on them just fine. (The Apple employee who posted the original tweets even said don’t send in your data if you’re on a hack, because it’s useless to them.)

 

[gpat]

Huh, I wonder what this will mean for Hackintosh?

Probably nothing at all.
Will just make actual Macs more secure.

 

[adrianlondon]

It doesn't seem to do anything except pop up a warning message. If so, it's not going to affect hackintoshes.

 

[craig1410]

This is great news as it should help to guard against any sort of tampering which might result through a bad actor having temporary physical access to a machine such as at a border security point.

I honestly don't believe that Hackintoshes are being targeted here but if increasing legitimate Mac security results in Hackintoshes having a few bumps in the road then so be it IMO.

 

[imran5720]

Thats what we love about Apple
Silently providing us goodies that other platform users can just dream of

 

[leman]

Huh, I wonder what this will mean for Hackintosh?

Absolutely nothing. You’d either ignore the warning or disable the check in the first place.

 

[jblagden]

This has been needed for a long time. The real question is when Apple will change from reporting to refusing. This is when it goes too far. As to hackintoshes, my guess is that they have security updates turned off anyway and so at least for now, will not apply.

Exactly! That's precisely what I would be worried about - well, if I had a Hackintosh. If Apple is willing to go as far as checking for a legitimate EFI, they may very well be willing to kill Hackintoshes to try to increase sales of legitimate Macs. Though, if they go that far, I think most Hackintoshers will go to Linux.

As it is, I'm already preparing to switch to Linux. I looked into making a Hackintosh over a year ago, and it just looks like a lot more work than it was worth, both in setup and maintenance. There are a lot of different hacks that you have to do, and the part selection is pretty limited - you have to check tonymacx86.com for part compatibility. Linux doesn't have quite the same level of hardware compatibility as Windows, but it does much better than MacOS in that department. I expect that that's at least partly due to the fact that unlike MacOS, installing Linux on "PC hardware" doesn't violate a EULA.

What I like about Linux is that it combines some of the strengths of MacOS and Windows. Like MacOS, it's pretty secure and (as far as I know) is only susceptible to Trojans & it has a similar Unix-like foundation - in fact, it was actually created for the purpose of serving as an open-source alternative to Unix. On the other hand, Linux has a much larger part selection than MacOS, which makes it more like Windows.

 

[canadianreader]

Someone needs to stop this routine app or else it will be the death of the Hackintosh

 

[thisisnotmyname]

Maybe this will finally put an end to all the IP theft with "hackintoshes"

 

[brendu]

I honestly don't believe that Hackintoshes are being targeted here but if increasing legitimate Mac security results in Hackintoshes having a few bumps in the road then so be it IMO.

As a recent hackintosh builder I agree. Apple needs to ensure its users have the most secure devices possible. If that means I have to do some workarounds or stay on Sierra I am fine with it.

 

[jonnysods]

Bam!!

Excited, forgot that was today

 

[Cougarcat]

As it is, I'm already preparing to switch to Linux. I looked into making a Hackintosh over a year ago, and it just looks like a lot more work than it was worth, both in setup and maintenance. There are a lot of different hacks that you have to do, and the part selection is pretty limited - you have to check tonymacx86.com for part compatibility.

Just FYI—Tonymac’s parts list isn’t comprehensive. It’s just what they recommend. You’re pretty much fine if you have an Intel processor, and you can even get AMD working these days, but it’s harder. WiFi/Bluetooth is the one thing that’s particular.

 

[jblagden]

Just FYI—Tonymac’s parts list isn’t comprehensive. It’s just what they recommend. You’re pretty much fine if you have an Intel processor, and you can even get AMD working these days, but it’s harder. WiFi/Bluetooth is the one thing that’s particular.

You can get parts that aren't on the list, but you often end up having to do a lot more Hacks and/or having more things not working. The list exists to help people get the most-compatible parts.

 

[DolsJ]

This wouldn't have any impact on the reverse, would it? I decided to throw out the Snow Leopard partition on my 2006 Mac Mini and replace it with a current version of Lubuntu, since increasingly little software still supports Snow Leopard and I was worried my Mac Mini was vulnerable having gone so long without a security update.

I guess obviously not. If macOS isn't on the computer, then this efi firmware check would be gone, right? Or is it somewhere below what the Lubuntu installer would have noticed (like, is it in the efi itself? IDK. We're just beyond the realm of stuff I understand now.)

This check is being executed at the OS layer. So if you are not running Mac OS (specifically High Sierra) then the check would never be run.

 

[thomasthegps]

Is this going to affect flashed Mac Pros in any way ?

 

[anyjungleinguy]

So all it does is send the data? No removal action?

The vast majority of people who see that pop up won’t think that their Mac has potentially been compromised - they’ll be thinking there’s a software or hardware error.