In OS X Lion you can boot to the Recovery partition by holding Command-R at startup.Īfter the password is enabled then the computer will no longer boot to Target Disk Mode until you disable the password (using this same utility). To prevent this from happening, you can enable a firmware password to lock it down, which can be done by booting to the OS X installation DVD, and choosing Firmware Password Utility from the Utilities menu. Unfortunately Apple's systems by default allow for access with Target Disk Mode and other alternate boot options, but these can be managed in a couple of ways:Īpple's alternative boot options are enabled through keyboard commands at startup that tell the system's firmware to go into a specific mode or pass a specific condition to the OS X kernel when it boots up. Security concerns about this are quite valid, especially since an unauthorized person with a FireWire or Thunderbolt cable and another Mac can quickly boot a system into Target Disk Mode and then copy the contents of the hard drive. The Firmware Password utility can be used to set or remove a firmware password. If you rip the hard drive out and put it in another computer then you bypass the OS and can access all the files on the drive, which is essentially what you are doing in Target Disk Mode.
In all PC systems regardless of the make and OS used, the security is in the directory and permissions settings, and is enforced by the operating system's file-access services. When you access a Mac's drive with Target Disk Mode, you are in essence turning the whole system into a large external drive that bypasses the security offered by the operating system on it. Is there a way to password-secure, or fully disable that access to the machine?
The "T" Target Hard-disk bootup allows anyone full access to all of a person's files.
I've been reading through your internet security articles and am wondering whether or not there is a solution to a major Mac vulnerability. Recently CNET reader "Leonard" wrote in with such concerns about Target Disk Mode: This mode is exceptionally useful for troubleshooting, migrating accounts and data to a new computer, or even gaining quick access to a system's documents without fully booting the system however, since it gives full access to the boot drive it creates some security concerns. At this point you can connect the system to another Mac (or even a PC) and have its hard drives mount locally on the second system for quick access. This mode can be enabled by restarting the system with the T key held down, until you see the FireWire symbol displayed on the screen. On Apple computers, Target Disk Mode is a special boot option that allows the system's hard drives to be accessed with a FireWire cable (also with a Thunderbolt connection for newer systems).