macOS High Sierra begins rolling out today, and apparently it will perform an EFI security check every week. This will compare your Mac’s EFI firmware against a database of known good firmware. Apple will do this to make sure your Mac hasn’t been tampered with.
EFI Firmware
According to a series of tweets from an Apple engineer (that have since been deleted), High Sierra has a new security feature. It will use a utility called eficheck to make sure your Mac hasn’t been tampered with. Mac website The Eclectic Light Company was able to give a summary of what the engineer said:
The new utility eficheck, located in /usr/libexec/firmwarecheckers/eficheck, runs automatically once a week. It checks that Mac’s firmware against Apple’s database of what is known to be good. If it passes, you will see nothing of this, but if there are discrepancies, you will be invited to send a report to Apple, with the following dialog.
The dialog box that the operating system presents says: Your computer has detected a potential problem. It gives you the options to Show Report, Don’t Send, Send to Apple. If you’re running a legitimate Mac, and not a Hackintosh, the engineer recommends you send the report. This lets eficheck to send the firmware data, while protecting your privacy by not using data stored in NVRAM.
Most people probably won’t see this dialog box though. It will only appear if your Mac thinks something fishy is going on. If there is a problem, then sending the data to Apple lets the company figure out if malware or something else changed the firmware.
Your Mac also remembers your preference. For example, if you choose to send the data, then it will be sent automatically each week since then. Also, if you have security updates checked in the App Store section in Settings, eficheck will use this library of “known good” data.