macOS High Sierra checks your Mac’s firmware weekly for tampering

macOS High Sierra, scheduled to make its public debut later today, includes a little known cool new security feature that runs a weekly check of your Mac’s firmware integrity, helping protect the computer from sophisticated malware attacks.

Spotted by The Eclectic Light Company on Sunday, the all-new “eficheck” routine in High Sierra, located in /usr/libexec/firmwarecheckers/eficheck, runs automatically on a weekly basis.

As mentioned, it was designed to check the firmware of the Mac it’s installed on in order to identify any modifications by comparing the computer’s ID and the installed firmware against Apple’s database of known-good firmware revisions.

If the checksum fails, the user is asked to send a report to Apple or dismiss the message. The dialog will not pop up again unless the firmware changes. In order for this to work, the user must have security updates turned on in the App Store pane of System Preferences.

According to AppleInsider:

Apple will then look at the transmitted data to evaluate if there has been a malware attack—but what happens after that is not clear.

Also unclear is what impact this may ultimately have on 4,1 Mac Pro owners who have flashed their firmware to make it appear to be the 5,1 Mac Pro or for Hackintosh owners—but it appears at present that the dialog is no more than a one-time hassle.

The report sent to Apple excludes data stored in NVRAM. The publication has confirmed that the routine exists in the macOS High Sierra GM build.

The routine was programmed by Apple engineers Corey Kallenberg, Xeno Kovah and Nikolaj Schlej. Kovah tweeted about the feature only to delete his tweets shortly thereafter.

What do you think of this feature?