A1278 MacBook Pro EFI Password

This article is a stub. You can help Repair Wiki grow by expanding it

Device has an EFI password meaning you cannot replace the drive or even boot into an operating system if the device didn't come with a drive to begin with. Often times these devices come in huge lots brought from recycler's and resellers and there is no way to contact the original owner / even if you could, the device may have been recycled years ago and even the original owner cannot remember the password.

This guide is not intended to help anybody steal a A1278, the newest A1278 was made in 2016, 8 years ago with nearly 13 year old hardware (god I am getting old). Nobody who can actually follow this guide through is stealing these! This is intended for people like me who get these in huge lots and would rather not see these logic boards that work perfectly fine that we legally acquired end up in the donor board bin. That being said, do this on boards you own or have the permission to do this on.

• Holding option while booting brings up a big padlock with a password box.

You can wipe the EFI password out of these devices by dumping the EPROM, finding the password in the EFI bin file, deleting it and reflashing the EPROM with the newly unlocked file.

Diagnostic Steps

There's really no steps to diagnose this, this is a feature not a fault, just hold down the option key and if you see a padlock, you know this is the guide for you.

Repair Steps

There's 2 angles you can take with this repair

1. Steal an EPROM from an exact match donor board that doesn't have an EFI password (easiest but the serial number will mismatch and it MUST be an exact, if you have a mid 2012 with an EFI password, you need a mid 2012 donor EPROM and so on and so fourth, processor doesn't matter! You can use an i5 EPROM on a i7 board as long as it's the same year and same period)
2. Wipe the EFI password out of the EPROM that's on the board by using an EPROM programmer (Best method)

Now before I start, I want to mention something that may come to your mind if you don't want to solder, Yes you can use a CH341A with a clip to avoid soldering, I don't recommend this but it can be done and the steps are pretty much the same. The reason I do not recommend using a CH341A is they aren't good programmers, often they fail to flash or don't correctly dump the EFI and in rare cases can kill the EPROM, if you use a CH341A make absolutely positively sure you remove the clip, reseat it and than verify your dump, If you dump your EFI and it doesn't fully dump or is corrupt when you flash it back to the EPROM the device likely won't boot anymore, this is not the end of the world as you can hunt down EFI dumps for these machines easily online but it's a hassle and if you don't have experience this will probably get your heart racing a bit thinking you broke it.

Step 1. Remove the EPROM and place it in or solder it to your programmer

U6100 right by the top side of the board by the fan is your EPROM, apply flux to the legs and tin them with leaded solder, using your hot air station, de-solder the EPROM (I run my Quick 861DW at 350°C at 60 airspeed while removing EPROMs). Now you can either solder the EPROM to the breakout board of your EPROM programmer (Pin one has an indent on the IC above it) or place it in your SOP8 adaptor. If you are using a CH341A, Get your clip in the right position and ready for the next step!

Step 2. Dump the EFI and remove the password

I can't give you exact instructions because every EPROM programmer has different software but you are going to need to detect the EPROM, The IC is a MACRONIX MX2SL64O6E @SOP8, it may also be a Winbond EPROM, use Auto Detect if you can or take a picture of the top of your EPROM so you know what EPROM you are dealing with. Now click read and then save the dump to your PC as a .bin file, ideally make a backup copy with the same name but include unlocked or edited in the name so you have a backup of the original incase something goes wrong. If you are using a CH341A everything is the same here just make sure you verify your dump after reseating the clip to ensure you got a correct dump.

Step 3. Unlock the EFI

Using a hex editor (such as HxD) open your dump with the unlocked or edited in the file name and search for $SVS, it's possible that you have 2 instances but normally you will only find one string that starts with $SVS with data in the case that you do have 2 instances, if the 2nd is pretty much empty other than "ZPP" (not English characters but you will know what I mean) than you should be good to leave the 2nd instance alone, if it has data like the first one, do the same as what I am about to say for the first instance, for both! For the first instance you should notice it's between a lot of weird looking Y's. Select from $SVS all the way down until the last character before the weird looking Y's, once selected use the Fill selection tool to fill the section with the hex value FF. It's very important that you don't erase the section, you must fill the section with FF's as you cannot change the file size! This will wipe out the section that stores the EFI password! Once done, you can save the .bin file, then go into properties on the newly unlocked file and make sure it is still 8MB and then you are ready to move onto the next step! :)

Step 4. Write the Unlocked bin file to the EPROM

Go back to your EPROM programmer software and now open the unlocked file. Again I cannot give you exact instructions here but it's normally the same sequence of events for most software. Erase the EPROM, write/program and verify the new file against the EPROM and done!

Step 5. Resolder the EPROM to the logic board

Clean the old flux off the board with 100% IPA and a q-tip, once dry, wick the pads clean and apply fresh flux and tin the pads with leaded solder, now flow the EPROM back down onto the board with your hot air station and clean the area with a q-tip and 100% IPA.

And done! Wait for the board to cool down, reassemble the device and you should no longer have an EFI password on your A1278! All these steps will also work for the A1286 and A1297 of any year!