Become a MacRumors Supporter for $25/year with no ads, private forums, and more!
  • Did you order new AirTags? We've opened a dedicated AirTags forum.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,456
14,151



Mac users who upgrade to macOS High Sierra will benefit from a significant new security feature that works in the background.

macos-high-sierra.jpg

macOS High Sierra automatically checks a Mac's EFI firmware against Apple's database of "known good" data to ensure it hasn't been tampered with, according to a series of tweets from an Apple engineer.

The tweets have since been deleted, but a summary remains available on the Mac blog The Eclectic Light Company.
The new utility eficheck, located in /usr/libexec/firmwarecheckers/eficheck, runs automatically once a week. It checks that Mac's firmware against Apple's database of what is known to be good. If it passes, you will see nothing of this, but if there are discrepancies, you will be invited to send a report to Apple.
If the check fails, a prompt will appear with options to "Send to Apple" or "Don't Send." The selection is remembered in subsequent weeks.

eficheck-800x233.jpg

The "eficheck" tool sends the binary data from the EFI firmware, and preserves user privacy by excluding data which is stored in NVRAM, according to The Eclectic Light Company. Apple will then be able to analyze the data to determine whether it has been altered by malware or anything else.

The database's library will be automatically and silently updated so long as security updates are turned on.

EFI, which stands for Extensible Firmware Interface, bridges a Mac's hardware, firmware, and operating system together to enable it to go from power-on to booting macOS.

macOS High Sierra will be publicly released on the Mac App Store later today.

Article Link: macOS High Sierra Automatically Performs Security Check on EFI Firmware Each Week
 

ghostface147

macrumors 68040
May 28, 2008
3,496
3,389
Rather interesting. Now to update to High Sierra later tonight with a clean install.
 
Comment

jblagden

macrumors 65816
Aug 16, 2013
1,159
640



Mac users who upgrade to macOS High Sierra will benefit from a significant new security feature that works in the background.

macos-high-sierra.jpg

macOS High Sierra automatically checks a Mac's EFI firmware against Apple's database of "known good" data to ensure it hasn't been tampered with, according to a series of tweets from an Apple engineer.

The tweets have since been deleted, but a summary remains available on the Mac blog The Eclectic Light Company.If the check fails, a prompt will appear with options to "Send to Apple" or "Don't Send." The selection is remembered in subsequent weeks.

eficheck-800x233.jpg

The "eficheck" tool sends the binary data from the EFI firmware, and preserves user privacy by excluding data which is stored in NVRAM, according to The Eclectic Light Company. Apple will then be able to analyze the data to determine whether it has been altered by malware or anything else.

The database's library will be automatically and silently updated so long as security updates are turned on.

macOS High Sierra will be publicly released on the Mac App Store later today.

Article Link: macOS High Sierra Automatically Performs Security Check on EFI Firmware Each Week
This sounds like a way to get rid of Hackintoshes.
 
Comment

dan9700

Suspended
May 28, 2015
3,347
4,823
Will later be same as gm version but without feedback and letter or new verison i wonder
 
Comment

ArtOfWarfare

macrumors G3
Nov 26, 2007
9,130
5,099
Huh, I wonder what this will mean for Hackintosh?

This wouldn't have any impact on the reverse, would it? I decided to throw out the Snow Leopard partition on my 2006 Mac Mini and replace it with a current version of Lubuntu, since increasingly little software still supports Snow Leopard and I was worried my Mac Mini was vulnerable having gone so long without a security update.

I guess obviously not. If macOS isn't on the computer, then this efi firmware check would be gone, right? Or is it somewhere below what the Lubuntu installer would have noticed (like, is it in the efi itself? IDK. We're just beyond the realm of stuff I understand now.)
 
Comment

nt5672

macrumors 68020
Jun 30, 2007
2,241
4,758
This has been needed for a long time. The real question is when Apple will change from reporting to refusing. This is when it goes too far. As to hackintoshes, my guess is that they have security updates turned off anyway and so at least for now, will not apply.
 
Comment

Cougarcat

macrumors 604
Sep 19, 2003
7,766
2,552
This sounds like a way to get rid of Hackintoshes.
Huh, I wonder what this will mean for Hackintosh?

This doesn’t affect hackintoshes. HS is working on them just fine. (The Apple employee who posted the original tweets even said don’t send in your data if you’re on a hack, because it’s useless to them.)
 
Comment

craig1410

macrumors 65816
Mar 22, 2007
1,125
896
Scotland
This is great news as it should help to guard against any sort of tampering which might result through a bad actor having temporary physical access to a machine such as at a border security point.

I honestly don't believe that Hackintoshes are being targeted here but if increasing legitimate Mac security results in Hackintoshes having a few bumps in the road then so be it IMO.
 
Comment

jblagden

macrumors 65816
Aug 16, 2013
1,159
640
This has been needed for a long time. The real question is when Apple will change from reporting to refusing. This is when it goes too far. As to hackintoshes, my guess is that they have security updates turned off anyway and so at least for now, will not apply.
Exactly! That's precisely what I would be worried about - well, if I had a Hackintosh. If Apple is willing to go as far as checking for a legitimate EFI, they may very well be willing to kill Hackintoshes to try to increase sales of legitimate Macs. Though, if they go that far, I think most Hackintoshers will go to Linux.

As it is, I'm already preparing to switch to Linux. I looked into making a Hackintosh over a year ago, and it just looks like a lot more work than it was worth, both in setup and maintenance. There are a lot of different hacks that you have to do, and the part selection is pretty limited - you have to check tonymacx86.com for part compatibility. Linux doesn't have quite the same level of hardware compatibility as Windows, but it does much better than MacOS in that department. I expect that that's at least partly due to the fact that unlike MacOS, installing Linux on "PC hardware" doesn't violate a EULA.

What I like about Linux is that it combines some of the strengths of MacOS and Windows. Like MacOS, it's pretty secure and (as far as I know) is only susceptible to Trojans & it has a similar Unix-like foundation - in fact, it was actually created for the purpose of serving as an open-source alternative to Unix. On the other hand, Linux has a much larger part selection than MacOS, which makes it more like Windows.
 
Comment

brendu

macrumors 68020
Apr 23, 2009
2,460
2,538
USA
I honestly don't believe that Hackintoshes are being targeted here but if increasing legitimate Mac security results in Hackintoshes having a few bumps in the road then so be it IMO.

As a recent hackintosh builder I agree. Apple needs to ensure its users have the most secure devices possible. If that means I have to do some workarounds or stay on Sierra I am fine with it.
 
Comment

Cougarcat

macrumors 604
Sep 19, 2003
7,766
2,552
As it is, I'm already preparing to switch to Linux. I looked into making a Hackintosh over a year ago, and it just looks like a lot more work than it was worth, both in setup and maintenance. There are a lot of different hacks that you have to do, and the part selection is pretty limited - you have to check tonymacx86.com for part compatibility.

Just FYI—Tonymac’s parts list isn’t comprehensive. It’s just what they recommend. You’re pretty much fine if you have an Intel processor, and you can even get AMD working these days, but it’s harder. WiFi/Bluetooth is the one thing that’s particular.
 
  • Like
Reactions: sd70mac
Comment

jblagden

macrumors 65816
Aug 16, 2013
1,159
640
Just FYI—Tonymac’s parts list isn’t comprehensive. It’s just what they recommend. You’re pretty much fine if you have an Intel processor, and you can even get AMD working these days, but it’s harder. WiFi/Bluetooth is the one thing that’s particular.
You can get parts that aren't on the list, but you often end up having to do a lot more Hacks and/or having more things not working. The list exists to help people get the most-compatible parts.
 
  • Like
Reactions: sd70mac
Comment

DolsJ

macrumors member
Aug 27, 2008
54
55
This wouldn't have any impact on the reverse, would it? I decided to throw out the Snow Leopard partition on my 2006 Mac Mini and replace it with a current version of Lubuntu, since increasingly little software still supports Snow Leopard and I was worried my Mac Mini was vulnerable having gone so long without a security update.

I guess obviously not. If macOS isn't on the computer, then this efi firmware check would be gone, right? Or is it somewhere below what the Lubuntu installer would have noticed (like, is it in the efi itself? IDK. We're just beyond the realm of stuff I understand now.)

This check is being executed at the OS layer. So if you are not running Mac OS (specifically High Sierra) then the check would never be run.
 
Comment

anyjungleinguy

macrumors 6502
Mar 6, 2012
283
196
So all it does is send the data? No removal action?

The vast majority of people who see that pop up won’t think that their Mac has potentially been compromised - they’ll be thinking there’s a software or hardware error.
 
  • Like
Reactions: sd70mac
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.