[duskwuff]

> For example, hackers could analyze the preboot environment of an encrypted mac and sniff out the password using a variety of methods.

The password is not available in the preboot environment. The disk encryption key is encrypted with the user's password, which must be entered to boot the machine.

While Apple hasn't open-sourced the implementation, they've explained how it operates in considerable detail. By all accounts, it's a rather good design.

[no_wizard]

You can even set a firmware password on top of that to block any attempts to boot into target disk mode or single user or recovery

[kogepathic]

Firmware passwords are trivial to bypass if you have physical access and the proper tools. [0]

$30 gets you the equipment needed to dump, modify, and re-write the firmware, clearing any firmware password.

[0] https://trmm.net/SPI_flash

[no_wizard]

Granted I maybe missed it but this doesn't Specifically State that it was successfully used to by pass the firmware lock? Since 2010 Apple has worked hard to close these loopholes https://m.imore.com/how-set-your-macs-firmware-password-and-...

[kogepathic]

Apple still does not integrate a TPM into their laptops.

And it doesn't matter, even if they did, you could modify the firmware on flash to bypass the checks.

There is nothing stopping someone with physical access from removing the firmware password via SPI flash.

It is a fundamental flaw of x86, IMHO, that there is no Boot ROM (BROM) which can perform signature/integrity checks on the UEFI firmware. ARM has this, x86 does not.