| > As far as I know, you’ll need to take the machine apart to reflash it, plus special hardware This doesn't take very long. Maybe 5 minutes to disassemble the machine. As for hardware, you can flash SPI chips using a Teensy and a clip chip. [1] The total cost of parts is under $30. Incidentally, I highly recommend investing in one of these if you're doing firmware development for routers. It's so much easier to flash a backup than muck around with TFTP. > because when a firmware password is set, a Mac requires the password to choose a different boot disk. This is hardly unique to Apple. Most PC laptop manufacturers also disable changing the boot device or choosing a temporary boot device when a setup password is enabled. > with this feature, Apple HQ can give a service center the ability to clear a particular firmware password without giving them a universal backdoor (hardware or software). Um, this is how it works for PC firmware passwords as well. Unless there is a keygen available, most modern implementations use a hashed value from the serial number or hard drive as the master unlock password. It's unique to the laptop being unlocked. [1] https://trmm.net/SPI_flash |