About startup security utility

Sunday, March 8, 2020 12:09 PM

About Startup Security Utility

https://support.apple.com/en-ca/HT208198?fbclid=IwAR1rCiy-hrXmgveoVs0gkLJ5DohIcv5lpLw28Skz9tMqrZiL04HdQTa5a2o


Use Startup Security Utility to make sure that your Mac always starts up from your designated startup disk, and always from a legitimate, trusted operating system.





Available only on Mac computers that have the Apple T2 Security Chip, Startup Security Utility offers three features to help secure your Mac against unauthorized access: Firmware password protection, Secure Boot, and External Boot.

To open Startup Security Utility:

  1. Turn on your Mac, then press and hold Command (⌘)-R immediately after you see the Apple logo. Your Mac starts up from macOS Recovery.
  2. When you see the macOS Utilities window, choose Utilities > Startup Security Utility from the menu bar.
  3. When you're asked to authenticate, click Enter macOS Password, then choose an administrator account and enter its password.








Firmware password protection


Use a firmware password to prevent anyone who doesn't have the password from starting up from a disk other than your designated startup disk. To set a firmware password, click Turn On Firmware Password, then follow the onscreen instructions. Learn more about firmware passwords.

You can also use External Boot to prevent even those who know the firmware password from starting up from external media.








Secure Boot


Use this feature to make sure that your Mac starts up only from a legitimate, trusted operating system. Learn more about Secure Boot.








External Boot


Use this feature to control whether your Mac can start up from an external hard drive, thumb drive, or other external media. The default and most secure setting is ”Disallow booting from external media.” When this setting is selected, your Mac can't be made to start up from any external media:

  • Startup Disk preferences displays a message that your security settings do not allow this Mac to use an external startup disk.
  • Startup Manager allows you to select an external startup disk, but doing so causes your Mac to restart to a message that your security settings do not allow this Mac to use an external startup disk. You'll then have the option to restart from your current startup disk or select another startup disk. 

To allow your Mac to use an external startup disk:

  1. Open Startup Security Utility.
  2. Select ”Allow booting from external media.”
    Your Mac doesn't support booting from network volumes, whether or not you allow booting from external media.
  3. If you want to select an external startup disk before restarting your Mac, quit Startup Security Utility, then choose Apple menu  > Startup Disk.