If you able to boot the better way is take a SSD from your MBP and do corrections inside one file on filesystem. In other words, you need to connect SSD to the machine where you CAN be an admin user.
Edit file <SSD_MOUNT_POINT>/Library/Preferences/SystemConfiguration/com.apple.Boot.plist
File may be a binary plist file, so you may need to convert it into xml by command:
sudo plutil -convert xml1 com.apple.Boot.plist
This file can provide a boot arguments for the kernel. -s,-v etc... You need to boot into single user mode, so '-s' is your option.
Here an example of file for booting into single user mode with verbose output:
.....
<dict>
<key>Kernel Flags</key>
<string>-s</string>
<string>-v</string>
</dict>
.....
After you change a file umount SSD, return it back to the MBP and boot. You should be booted into single user mode and you are root.
The way #1
In single user mode you need to:
1. Make filesystem check: '
fsck -fy'
2. re-mount filesystem and make it writable: '
mount -uw /'
3. Launch OpenDirectory service: '
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist'
Now you can take control under system:
First of all, check NVRAM data available from the userland by command '
nvram -p'
If machine linked with iCloud you should see fmm-mobileme-token-FMM and fmm-computer-name in output of the '
nvram -p'
Delete it:
#
nvram -d fmm-mobileme-token-FMM
#
nvram -d fmm-computer-name
Or just wipeout NVRAM data with: '
nvram -c'
Second - change password for admin user. Little complex situation here and depended on how login screen looks. If it simple entries for username and password you can setup password for root user in single mode and use it after. But if it users list - you need to know that username.
To change password for root user just type command '
passwd' and enter new password twice.
To can see users list use a command: '
dscl . -list /Users'
To change password for some user: '
sudo dscl . -passwd /Users/<USERNAME>'
After you change password for admin user, return boot preferences back... i.e. com.apple.Boot.plist should looks like this:
....
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
....
Reboot, login... enjoy.
The way #2
If you want make full system re-install you need after booting into single user mode make Recovery Partition 'blessed'.
But don't forget clean up NVRAM.
1. Locate Recovery FS: '
diskutil list'
You should see something like this:
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk0
1: EFI EFI 209.7 MB disk0s1
2: Apple_HFS Macintosh HD 499.2 GB disk0s2
3: Apple_Boot Recovery HD 650.0 MB disk0s3
2. Mount Recovery disk:
diskutil mount /dev/disk0s3 (! The disk '/dev/disk0s3' is an example here !)
3. 'Bless' recovery booting: '
bless --mount /Volumes/Recovery\ HD --setBoot --file /Volumes/Recovery\ HD/com.apple.recovery.boot/boot.efi'
4. Reboot. You are into Recovery mode and can do system reinstall.
The way #1 - is less risky, because you just change existing data on the filesystem and can always rollback your changes.
The way #2 - seem more simple, but you should keep in mind that mistake with 'bless' command may be a reason that machine will be not bootable. EFI just didn't find a boot loader and hangs.
Currently is no way to clean EFI-password by software without knowing actual password. For EFI password cleanup you need to reflash a firmware. However, all iCloud data keep into NVRAM and you need erase it for iCloud unlink. iCloud can't replace already installed EFI password on your machine.