HT4790: OS X: About FileVault 2Learn about OS X: About FileVault 2
Currently Being ModeratedApr 9, 2012 4:25 PM (in response to PauloRebelo)
The firmware password will prevent:
Resetting the PRAM/SMC
Booting to another partition
Taking any boot arguments (Safe Mode, Single User mode, etc.)
If you couple this with FileVault, then you will have your desired setup of full password protection, in addition to the inability to recover your data by removing the hard drive. However, regardless of what you do, someone will ALWAYS be able to format your drive. There is no getting around this. Even a firmware password can be reset by altering the hardware configuration (removing or adding RAM, for instance), and the hard drive can always be removed from the system.
Currently Being ModeratedApr 9, 2012 4:45 PM (in response to PauloRebelo)
You're manufacturing your own problems out of non-issues.
If you are interested in preventing theft of data, you need encryption. If you want to prevent loss of data, you need backups. Without those two things, anyone who gets physical access to your computer can easily steal or destroy your data.
Don't fool yourself - you can have all the firmware passwords in the world on your computer, and all I've got to do to steal unencrypted data is take the hard drive out, put it in an enclosure and read the data off of it. This is just as true of Windows as it is of Macs. And destruction of your data is even more trivial.
If you have encryption and backups, nobody can steal or destroy your data. No need for firmware passwords.
Currently Being ModeratedApr 9, 2012 8:03 PM (in response to thomas_r.)
Thank you once again for all the help, guys. I have three encrypted backups (one of them server-side) and I keep them synchronized constantly. As I said earlier, I'm not worried about data being deleted, I just get creepy about someone stealing the macbook and getting the disk out of it. I've avoided using Filevault due to performance and diskspace issues. I wish there would be an option for Filevault to encrypt only the /user folder instead of the entire Macintosh HD. Is it possible?