
Ask HN: How to clean Mac firmware? - tmaly
Given the news release today about Mac firmware being infected, how would you go about detecting this and cleaning it up?<p>Is Apple going to do anything about it?
======
tgragnato
The released documents are very old, so we don't really know what's the actual
state of the art.

This is what I did (any express or implied warranty is disclaimed):

> diskutil list

/dev/disk0 (internal):

    
    
       #:                       TYPE NAME                    SIZE       IDENTIFIER
    
       0:      GUID_partition_scheme                         xxx.x GB   disk0
    
       1:                        EFI EFI                     314.6 MB   disk0s1
    
       2:          Apple_CoreStorage <Root_Name>             xxx.x GB   disk0s2
    
       3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
    

...

> sudo diskutil mount /dev/disk0s1

Volume EFI on /dev/disk0s1 mounted

> ls -R /Volumes/EFI/EFI/APPLE

EXTENSIONS FIRMWARE UPDATERS

/Volumes/EFI/EFI/APPLE/EXTENSIONS: Firmware.scap

/Volumes/EFI/EFI/APPLE/FIRMWARE: MBxx_xxxx_Bxx_LOCKED.fd

/Volumes/EFI/EFI/APPLE/UPDATERS: MULTIUPDATER USBCVA

...

Be sure there are no unwanted extensions.

> shasum -a 256 <MBxx_xxxx_Bxx_LOCKED.fd>

A sha hash is returned, check it against
[https://github.com/gdbinit/firmware_vault](https://github.com/gdbinit/firmware_vault).
If there's a mismatch, you may be affected.

