Will this work?


Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
More
9 years 1 week ago #315 by NoobHour
Will this work? was created by NoobHour
I have a mid 2014 MBP from a university with a efi lock for recovery boot (black screen with lock). It boots to the standard apple login screen. I was thinking of borrowing another 2013-14 MBP and swapping the original SSD to the new one to access recovery and install a fresh copy of OSX. I realize the efi lock would still be on the original, but wouldn't matter if I could use it.

Also, if I set my own iCloud lock and unlock it, I'm guessing that the original efi password would still be on the MPB? Being that this is not an iCloud lock, and a EFI password set by the university.

Is my logic ok here, or am I completely off?

EMC number 2875
More
9 years 1 week ago #317 by thaGH05T
Replied by thaGH05T on topic Will this work?
Your logic is fine; however I would like to clarify it for you. If a EFI password is set by a person then it will not be changed when the iCloud lock is initiated. If you use another MBP and swap drives or even copy the entire disk image to another drive (clone it) then you will be able to use it as normal. The fact that the iCloud lock has not been set is the actual deciding factor of which way you can go. I need to make a flowchart for the decision making process for everyone. Once you are logged in as and admin then you can actually change the EFI password from the OS, which in your case is like gold. I am not sure if this is actually still valid with late MBP/MBA but its worth a shot. Token.Paul could answer this better maybe?

Step 1: My suggested plan of action for you is to clone a drive and use it to gain access to the MBP.

Step 2: Use command line tools to reset the EFI password if at all possible.

Step 3: Reinstall OSX from the recovery menu to ensure optimized performance.

Step 4: Set the EFI password the normal way and make sure your device is registered under your own account in iCloud.

ALT: If for some reason you cannot reset the EFI password from the OS then you need flash the EFI chip! This will better serve you in the future...
More
8 years 11 months ago #368 by token.paul
Replied by token.paul on topic Will this work?
If you able to boot the better way is take a SSD from your MBP and do corrections inside one file on filesystem. In other words, you need to connect SSD to the machine where you CAN be an admin user.
Edit file <SSD_MOUNT_POINT>/Library/Preferences/SystemConfiguration/com.apple.Boot.plist
File may be a binary plist file, so you may need to convert it into xml by command: sudo plutil -convert xml1 com.apple.Boot.plist
This file can provide a boot arguments for the kernel. -s,-v etc... You need to boot into single user mode, so '-s' is your option.
Here an example of file for booting into single user mode with verbose output:

.....
<dict>
<key>Kernel Flags</key>
<string>-s</string>
<string>-v</string>
</dict>
.....

After you change a file umount SSD, return it back to the MBP and boot. You should be booted into single user mode and you are root.
The way #1
In single user mode you need to:
1. Make filesystem check: 'fsck -fy'
2. re-mount filesystem and make it writable: 'mount -uw /'
3. Launch OpenDirectory service: 'launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist'

Now you can take control under system:
First of all, check NVRAM data available from the userland by command 'nvram -p'
If machine linked with iCloud you should see fmm-mobileme-token-FMM and fmm-computer-name in output of the 'nvram -p'
Delete it:
# nvram -d fmm-mobileme-token-FMM
# nvram -d fmm-computer-name
Or just wipeout NVRAM data with: 'nvram -c'

Second - change password for admin user. Little complex situation here and depended on how login screen looks. If it simple entries for username and password you can setup password for root user in single mode and use it after. But if it users list - you need to know that username.

To change password for root user just type command 'passwd' and enter new password twice.

To can see users list use a command: 'dscl . -list /Users'
To change password for some user: 'sudo dscl . -passwd /Users/<USERNAME>'

After you change password for admin user, return boot preferences back... i.e. com.apple.Boot.plist should looks like this:

....
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
....

Reboot, login... enjoy.

The way #2
If you want make full system re-install you need after booting into single user mode make Recovery Partition 'blessed'. But don't forget clean up NVRAM.
1. Locate Recovery FS: 'diskutil list'
You should see something like this:
/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk0
   1:                        EFI EFI                     209.7 MB   disk0s1
   2:                  Apple_HFS Macintosh HD            499.2 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
2. Mount Recovery disk: diskutil mount /dev/disk0s3 (! The disk '/dev/disk0s3' is an example here !)
3. 'Bless' recovery booting: 'bless --mount /Volumes/Recovery\ HD --setBoot --file /Volumes/Recovery\ HD/com.apple.recovery.boot/boot.efi'
4. Reboot. You are into Recovery mode and can do system reinstall.

The way #1 - is less risky, because you just change existing data on the filesystem and can always rollback your changes.
The way #2 - seem more simple, but you should keep in mind that mistake with 'bless' command may be a reason that machine will be not bootable. EFI just didn't find a boot loader and hangs.

Currently is no way to clean EFI-password by software without knowing actual password. For EFI password cleanup you need to reflash a firmware. However, all iCloud data keep into NVRAM and you need erase it for iCloud unlink. iCloud can't replace already installed EFI password on your machine.
More
8 years 11 months ago #369 by thaGH05T
Replied by thaGH05T on topic Will this work?
Great alternative Token, can you write a tutorial on this to be posted in the blog section? I need to create a workflow on this. Such as does your mac boot? yes - do this, no - do something else... and so on and so forth.
More
8 years 11 months ago #370 by token.paul
Replied by token.paul on topic Will this work?
Sure, I'll write. I think we also need to say about things which better do not do ever if efi-pass set and unknown. Such as 'target-mode', Recovery Disk erasing... etc.
More
8 years 11 months ago #375 by thaGH05T
Replied by thaGH05T on topic Will this work?
Great, please submit to me when you have completed.

Who's Online

We have 1029 guests and no members online

N00BZ

  • ljamal
  • ljamal74
  • mikeg2atest
  • ducchinhbui
  • anjarezt

Cookies