What happens if I use Command-R and use the Recovery HD to log into the machine and erase (format) everything? Can this scenario actually happen? I mean, the Recovery HD won't ask for a password, so it would be pretty simple to lose everything or am I missing something here?
MacBook Pro (17-inch Early 2011), Mac OS X (10.7.3)
PauloRebelo wrote:
What happens if I use Command-R and use the Recovery HD to log into the machine and erase (format) everything? Can this scenario actually happen?
Yes, everything in OS X and Bootcamp, not the Lion Recovery HD
I mean, the Recovery HD won't ask for a password, so it would be pretty simple to lose everything or am I missing something here?
Yep, you can lose it all. 🙂
https://discussions.apple.com/community/notebooks/macbook_pro?view=documents
The firmware password will prevent:
Resetting the PRAM/SMC
Booting to another partition
Taking any boot arguments (Safe Mode, Single User mode, etc.)
If you couple this with FileVault, then you will have your desired setup of full password protection, in addition to the inability to recover your data by removing the hard drive. However, regardless of what you do, someone will ALWAYS be able to format your drive. There is no getting around this. Even a firmware password can be reset by altering the hardware configuration (removing or adding RAM, for instance), and the hard drive can always be removed from the system.
You're manufacturing your own problems out of non-issues.
If you are interested in preventing theft of data, you need encryption. If you want to prevent loss of data, you need backups. Without those two things, anyone who gets physical access to your computer can easily steal or destroy your data.
Don't fool yourself - you can have all the firmware passwords in the world on your computer, and all I've got to do to steal unencrypted data is take the hard drive out, put it in an enclosure and read the data off of it. This is just as true of Windows as it is of Macs. And destruction of your data is even more trivial.
If you have encryption and backups, nobody can steal or destroy your data. No need for firmware passwords.
Thank you once again for all the help, guys. I have three encrypted backups (one of them server-side) and I keep them synchronized constantly. As I said earlier, I'm not worried about data being deleted, I just get creepy about someone stealing the macbook and getting the disk out of it. I've avoided using Filevault due to performance and diskspace issues. I wish there would be an option for Filevault to encrypt only the /user folder instead of the entire Macintosh HD. Is it possible?
What's the point if anyone can log into Recovery HD?
