View Other Properties

Contents

View Other Properties

How to List Startup Security Settings Across All Macs

Using Kolide, you can easily view and query Mac Startup Security Settings across your fleet.

Introduction

Depending on the model of Mac, modern versions of macOS come equipped with boot/startup security options. Options like firmware passwords, secure boot, and external boot, can be set in Apple's Startup Security Utility when macOS is booted into Recovery OS. For more information, please read Apple's support article.

What Mac Startup Security Setting Data Can Kolide Collect?

Kolide's endpoint agent bundles in osquery to efficiently collect Mac Startup Security Settings from Macs in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.

Kolide meticulously documents every piece of data returned so you can understand the results.

Mac Startup Security Settings Schema

Column Type Description
id Primary Key

Unique identifier for the object

device_id Foreign Key

Device associated with the entry

device_name Text

Display name of the device associated with the entry

efi_boot_mode Enum::Text

The mode of the EFI Boot

Can be one of the following:

  • none
  • unknown
  • command
  • full
efi_option_roms_allowed Boolean

true if PCI option roms are allowed to load; otherwise false

efi_password_enabled Boolean

true if a startup password is set; otherwise false

external_boot Enum::Text

The state of the Mac's external boot setting

Can be one of the following:

  • allowed
  • medium
  • not_applicable
secure_boot Enum::Text

The state of the Mac's secure boot setting

Can be one of the following:

  • full - Ensures that only the current OS, or signed operating system software currently trusted by Apple, can run. This mode requires a network connect at software installation time.
  • medium - Allows any version of signed operating system software ever trusted by Apple to run.
  • disabled - Does not enforce any requirements on the bootable OS
  • not_applicable - This setting is not available or applicable to the current Mac (likely due to lack of a Secure Enclave)
windows_boot Enum::Text

The state of the Mac's windows boot setting

Can be one of the following:

  • allowed
  • medium
  • not_applicable
collected_at Timestamp

Time the row of data was first collected in the database

updated_at Timestamp

Time the row of data was last changed in the database

Why Should I Collect Mac Startup Security Settings?

The settings reported in the device property can help administrators better understand the security posture of a Mac. For example, a Mac with Secure Boot off may be at greater risk of being infected by malware that changes the master boot record (MBR).

End-User Privacy Consideration

Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.

The data collected only contains the status of the Mac's startup and boot settings. It does communicate sensitive data like firmware passwords, or the names of any internal or external volumes.

When you use Kolide to list Mac Startup Security Setting data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed directly by employees.

Share this story:

Related Device Properties:

New
Mac SIP Settings
security, integrity, boot-security, operating-system, hardware
New
Windows Update Settings
updates, operating-system, security
New
Windows Pending Updates
updates, operating-system, security
View full list of Kolide's Device Properties
Book A Demo
Book A Demo