
Sep 12, '11 07:30:00AM • Contributed by: tom larkin
I needed a work around fast so I was looking into the Firmware Password Utility found on the Installer DVDs. There is a tool called setregproptool inside the package contents of this utility. This command line tool can be used to set the firmware password on your Mac.
My problem of course was that I did not have a new Installer DVD at all, in fact all I had were a few thousand of the USB OS X installer disks that ship with Macbook Airs. So, if you open up Terminal and browse the Mac OS X Install USB stick, you will see these contents:
$ cd /Volumes/Mac\ OS\ X\ Install $ ls -l total 8254080 -rw-r--r--@ 1 hadmin staff 13447709 Dec 8 2010 Extensions.mkext -rw-r--r--@ 1 hadmin staff 346540 Dec 8 2010 Install iLife.pkg -rw-r--r--@ 1 hadmin staff 4193180820 Dec 8 2010 MacOSX.dmg -rw-r--r--@ 1 hadmin staff 46401 Nov 19 2010 MacOSX_Media_Background.png drwxr-xr-x@ 3 hadmin staff 102 Dec 8 2010 Packages drwxr-xr-x 3 hadmin staff 102 Aug 25 2010 SimpleInstallAssistant.app drwxr-xr-x@ 3 hadmin staff 102 Dec 8 2010 System -rw-r--r--@ 1 hadmin staff 332464 Dec 8 2010 boot.efi -rw-r--r--@ 1 hadmin staff 361 Dec 8 2010 com.apple.Boot.plist -rw-r--r--@ 1 hadmin staff 18693813 Dec 8 2010 mach_kernelYou need to copy that MacOSX.dmg to your desktop or somewhere on your machine, then change the hidden flags via:
chflags nohidden ~/Desktop/MacOSX.dmg (if it is on your desktop).
Now you can mount the image and navigate into the /Applications/Utilities folder and find the Firmware Password Utility app, go into the package contents and find the proper version of the tool.
/Volumes/Mac OS X Install Image/Applications/Utilities/Firmware Password Utility.app/Contents/Resources sudo ./setregproptool -h Password: setregproptool v 2.0 (7) Oct 3 2010 Copyright (C) 2001-2010 Apple Inc. All Rights Reserved. Usage: setregproptool [-c] [-d [-o ]] [[-m -p ] -o ] -c Check whether password is enabled. Sets return status of 0 if set, 1 otherwise. -d Delete current password/mode. Requires current password on some machines. -p Set password. Requires current password on some machines. -m Set security mode. Requires current password on some machines. Mode can be either "full" or "command". Full mode requires entry of the password on every boot, command mode only requires entry of the password if the boot picker is invoked to select a different boot device. When enabling the Firmware Password for the first time, both the password and mode must be provided. Once the firmware password has been enabled, providing the mode or password alone will change that parameter only. -o Old password. Only required on certain machines to disable or change password or mode. Optional, if not provided the tool will prompt for the password.
[crarko adds: I haven't tested this one. Obviously handy of you need to do a mass deployment. If you get this (or something similar) working in Lion as well please mention so in the comments.]