First stage bootloaders such as BIOS (Basic Input/Output System) and UEFI (Unified Extensible Firmware Interface) or second stage bootloaders such as GNU GRUB (GNU GRand Unified Bootloader) and iBoot, generally provide the ability to configure a bootloader password as a security measure. This password restricts access to the computer’s firmware settings and, in some cases, the boot process.

When a bootloader password is set, it is stored in a non-volatile memory within the firmware. Upon powering on the system (and the bootloader settings being selected) the bootloader prompts the user to enter the password before allowing access to the firmware settings, thereby preventing unauthorized users from altering system settings or booting from unauthorized devices.

Sections

ID	Name	Description
PR011	Boot Order Manipulation	A subject accesses BIOS or UEFI to manipulate the boot order of a target computer to boot from an external device in order to access the target computer's file system without needing to interact or authenticate with the Operating System of the target computer.
ME016	System Startup Firmware Access	A subject has the ability to access the system startup firmware of a target system.
ME016.001	Target Disk Mode Access	A subject has the ability to put the target system into “Target Disk Mode” (MacOS).
IF002.007	Exfiltration via Target Disk Mode	When a Mac is booted into Target Disk Mode (by powering the computer on whilst holding the ‘T’ key), it acts as an external storage device, accessible from another computer via Thunderbolt, USB, or FireWire connections. A subject with physical access to the computer, and the ability to control boot options, can copy any data present on the target disk, bypassing the need to authenticate to the target computer.

References