How can I protect Single User Mode to require a password?

macos single-user

I once read that you can modify a file on the computer to make Single User Mode behave differently, called "boot.rc" or something similar. Is it possible to modify the behavior of SUM? Since physical access would compromise all security (except FileVault) is it possible to prevent SUM from running bash and immediately boot into the GUI (or at least into something which requests a password) so potential hackers would have no way to gain root access without a password?


Solution 1:

You can add a firmware password, which will need to be entered before the Mac can be booted into Single User Mode (or from external media). Boot with ⌘R to enter Recovery, then select Firmware Password Utility from the Utilities menu to set it up.

Solution 2:

Another option is to enable FileVault 2. It makes entering single user mode require the login password of an account that is allowed to unlock the disk.

Related

How to install Xcode 6? [duplicate]
Export an email from Outlook to PDF?
Apple ID for employees having no credit card
Closing 128 new Preview documents without saving
Unable to run 'display notification' using osascript in a tmux session
How do I convert .dmg to .img?
What's the difference between the OS X version and build numbers?
Macbook Pro (Early 2015) bluetooth issues after waking from sleep
How to find offending Finder Extension?
App Files on Mac OS X - Visual Studio Code
Does Apple's World Travel Adapter Kit work in India?
How to force Mail.app to ask for Gmail password?