2.11 Ensure EFI Version Is Valid and Checked Regularly - integrity-check

Information

In order to mitigate firmware attacks Apple has created an automated Firmware check to ensure that the EFI version running is a known good version from Apple. There is also an automated process to check it every seven days.

Rationale:

If the Firmware of a computer has been compromised the Operating System that the Firmware loads cannot be trusted either.

Solution

If EFI does not pass the integrity check you may send a report to Apple. Backing up files and clean installing a known good Operating System and Firmware is recommended.

See Also

https://workbench.cisecurity.org/files/3573