Apple is doing a much better job than all the rest of the PC vendors. Even those vendors that I haven't published keygens for [1] have just stupendously unsound bypass mechanisms for BIOS passwords.
Nevertheless, physical access still means it's game over; and I consider that a feature, not a bug. Given that, it's actually a little amusing that Apple went to all that effort for something that can be defeated with nothing more than a full BIOS reflash.
Maybe not so amusing! As far as I know, you’ll need to take the machine apart to reflash it, plus special hardware — because when a firmware password is set, a Mac requires the password to choose a different boot disk.
with this feature, Apple HQ can give a service center the ability to clear a particular firmware password without giving them a universal backdoor (hardware or software).
> As far as I know, you’ll need to take the machine apart to reflash it, plus special hardware
This doesn't take very long. Maybe 5 minutes to disassemble the machine.
As for hardware, you can flash SPI chips using a Teensy and a clip chip. [1] The total cost of parts is under $30.
Incidentally, I highly recommend investing in one of these if you're doing firmware development for routers. It's so much easier to flash a backup than muck around with TFTP.
> because when a firmware password is set, a Mac requires the password to choose a different boot disk.
This is hardly unique to Apple. Most PC laptop manufacturers also disable changing the boot device or choosing a temporary boot device when a setup password is enabled.
> with this feature, Apple HQ can give a service center the ability to clear a particular firmware password without giving them a universal backdoor (hardware or software).
Um, this is how it works for PC firmware passwords as well. Unless there is a keygen available, most modern implementations use a hashed value from the serial number or hard drive as the master unlock password. It's unique to the laptop being unlocked.
The bypass algorithms have largely remained unchanged when the industry moved to EFI. Most vendors (Lenovo, Dell, Acer, Asus, Toshiba, Fujitsu, ...) simply wrapped their bypass algorithms into some DXE driver and called it a day.
I wonder what PCs would be like if Intel bought Compaq in 1991 with people like Rod Canion and Jim Harris staying on. I think they were there when Compaq reverse engineered the IBM PC BIOS for example.