Earlier today, Apple released macOS High Sierra 10.13 for download in the Mac App Store, bringing tons of new features and performance enhancements. One new security feature that will benefit all those who upgrade to macOS High Sierra is its ability to automatically check the Mac’s EFI firmware against Apple’s database of “known good” data every week, to ensure it hasn’t been tampered with (via MacRumors).
In case the EFI check fails, a prompt will appear with options to “Send to Apple” or “Don’t Send” (as shown above). The selection is remembered in subsequent weeks.
The new feature was revealed in a series of tweets by an Apple engineer, and although the tweets have now been removed, the summary remains on the Mac blog The Eclectic Light Company:
“The new utility eficheck, located in /usr/libexec/firmwarecheckers/eficheck, runs automatically once a week. It checks that Mac’s firmware against Apple’s database of what is known to be good. If it passes, you will see nothing of this, but if there are discrepancies, you will be invited to send a report to Apple”
The blog also notes that the “eficheck” tool sends the binary data from the EFI firmware, and preserves user privacy by excluding data which is stored in NVRAM, allowing Apple to analyze the data to determine whether it has been altered by malware or anything else.