The Entry Point to EFI in a MacBook Pro
When your computer starts up, your operating system is actually the second system to load. The first is your firmware, the software that directly runs your hardware and translates signals from the operating system. MacBook Pros use Intel's Extensible Firmware Interface, an open standards platform, for their firmware. However, Apple's stock implementation of EFI restricts your point of entry to a few commands when the computer starts.
You have direct access to your MacBook Pro's EFI for a short window every time you start up the laptop. The grey screen without any icons that appears shortly after you power up the MacBook Pro is EFI's equivalent of the black screen with a computer manufacturer's logo on PCs that use BIOS. This grey screen means that EFI has not loaded an operating system, and you can still press down keys to tell EFI to boot from a disk in the optical drive or bring up a menu with the different operating systems on your hard drive.
Securing EFI Access
By default, this access to EFI to issue commands is unrestricted: Anyone with physical access to your MacBook Pro can issue them immediately after starting up the computer. You can restrict this access by setting a password on your EFI that users have to enter before EFI will execute any commands. To set this password, you will need to boot your MacBook Pro from the system install disk that came with the laptop. Restart your laptop, after putting this disk in the optical drive, and press the "C" key. After the disk's menu loads, select "Firmware Password Utility" from the "Utilities" menu.
Your MacBook Pro's EFI is capable of much more than just selecting the medium from which to boot up. By bringing up the EFI shell, a command line environment, you can perform a variety of emergency system maintenance tasks and advanced configurations. However, Apple disables access the option to launch the EFI shell on all of its computers. Using these factory settings, your entry into your MacBook Pro's EFI is limited to a number of key commands at startup.
Apple disables the standard mechanism for entry into the EFI shell in its computers, but not the EFI shell itself. If you want to launch the EFI shell, you can download third-party software that changes the interface EFI shows you at start-up. This includes the option for launching the EFI shell. However, installing this kind of software can be dangerous. If your MacBook Pro's EFI becomes corrupted, your computer could fail to boot properly. Damage to the very software that starts the computer will require a technician to repair, and tampering with EFI could void your MacBook Pro's warranty.