Apple regularly rolls out security updates to make sure your devices are properly protected against online attacks and hardware tampering. With the release of High Sierra in 2017, Apple also launched a new security feature called the Mac EFI security check. This feature scans your Mac’s Extensible Firmware Interface, or EFI firmware, against Apple’s database of good firmware.
The EFIcheck utility usually resides in this directory:/usr/libexec/firmwarecheckers: eficheck. The tool runs once a week to check if your EFI firmware is included in the approved list and if it has been tampered with or corrupted. As long as there’s nothing wrong with your EFI firmware, you’ll probably never even notice that this tool is running in the background.
But if the scan encounters the incorrect firmware for that Mac’s model, then an EFI-check warning message will appear. The error message reads:
Your computer has detected a potential problem.
Click “Send to Apple” to submit a report to Apple.
Another version of the warning says:
Firmware changes detected
Click Send to report to Apple.
Click Ignore to skip sending the information.
Click Reveal in Finder to see the information that will be sent.
You will be given three choices:
- Show Report – This option will open the eficheck.dump file.
- Don’t Send – This will ignore the warning and let you proceed with your activities.
- Send to Apple – This sends the report to Apple so the support team can analyze the data and offer suggestions.
What is an eficheck.dump file? The eficheck.dump file is where all the results of the eficheck are listed for easy checking and sharing. This is useful for those who need help analyzing the results of the eficheck or want to send the results to Apple Support.
When you see this warning message, it means that there is something wrong with your Mac’s EFI firmware. Here are some of the scenarios that often result in an Eficheck error:
- Hardware replacement
- Tampered firmware
- Virus or malware infection
- Hackintosh computer
- Outdated firmware
How to Fix a Mac EFI Security Check Error?
The EFI security check warning can be caused by something as minor as a glitch or by something as complicated as firmware inconsistencies. Here are the steps you can take when you encounter an error with the Mac EFI security check.
Step #1: Send the Report to Apple.
The first thing you need to do when you get the EFI warning message is to send the report to Apple. This will help Apple’s engineers to understand what is happening to your Mac and offer suggestions on what you need to do. It might take some time, though, before Apple gets back to you regarding your report. For the meantime, you can proceed with the steps below and see if this error goes away.
Step #2: Uninstall Recent Software Changes.
If the warning message popped up after you installed an update or a third-party program, it is possible that the new installation somehow affected your EFI firmware. Try uninstalling the app you just installed by dragging it to the Trash.
If you installed an update, though, you can only restore from a backup since Apple does not offer a way to uninstall system updates.
Step #3: Clean Up Your System.
EFI firmware problems can also arise due to a virus or malware infection. Some malicious software is designed to attack the firmware of the device they infected, causing multiple problems. Run your antivirus software to scan your device for any malicious software and follow the instructions to delete the infected files.
While you’re at it, delete all your junk files as well to give your system some breathing space. You can use an app such as Mac repair app to get rid of all trash files in a single click.
Step #4: Reset EFI Check Preferences.
Another possible reason why you’re getting the Mac EFI security check warning is because of corrupted preferences of the EFIcheck utility. To reset these preferences, you need to delete the .plist file associated with this tool. It will automatically generate a new .plist file once the tool is relaunched.
To delete the EFIcheck .plist file, follow the steps below:
- In the Finder menu, click Go.
- Hold the Option key, then click the Library folder that appears.
- Navigate to the Preferences folder.
- In the search box at the upper-right corner of the window, type in EFIcheck, then hit Enter. This will show you all the .plist files associated with the EFIcheck utility.
- Select all the .plist files from the search results, then drag them to the Trash to delete them.
- Close the window and restart your Mac.
Step #5: Install all EFI Updates.
If you have outdated EFI firmware, you’ll most probably encounter this warning message. You can update your firmware by clicking Software Update under the Apple menu. A progress bar will appear while your Mac checks for available software updates. Click on the Install button to install them on your Mac, then restart your computer for the changes to apply.
If your Mac failed to find new firmware updates, you can manually check Apple’s website for direct links to new updates. Download the updates available for your Mac model and install them manually on your computer. Reboot your computer for the update to be completed.
Step #6: Run an EFI Check Manually.
EFI checks are scheduled to run once every week. To check if the warning has disappeared, you need to run an EFI check manually using Terminal. To do this, launch Terminal under the Utilities folder and type in the EFI command you want to use.
Here are some of the commands you can choose from and what they mean:
- eficheck –generate-hashes – This will check the system’s installed firmware and save the hashes into a hash file.
- eficheck –integrity-check – This will scan your system and automatically determine the firmware version you are running and report any discrepancies.
- eficheck –integrity-check -h [path to EFIcheck directory] – This will compare the installed EFI firmware against Apple’s expected measurements for that specific device.
Step #7: Visit an Apple Service Center.
If the warning message doesn’t disappear after following the steps above, you might need to visit the nearest Apple Service Center to have your Mac checked.
The EFI check utility is one of Apple’s security features designed to protect your Mac’s firmware from unauthorized tampering. The tool runs silently in the background every week, and you’ll only notice it when you get the warning message. When you do, just follow the steps above to get rid of it.