A new routine in High Sierra runs automatically weekly and checks the firmware of the Mac that is installed on to check for modifications that may jeopardize the security of the machine.
First spotted by The Eclectic Light Company blog on Sunday the "eficheck" routine in High Sierra compares the computer's ID and the installed firmware against Apple's database of known-good firmware revisions. Should the checksum fail, the user will be invited to send a report to Apple.
The new utility was coded by was coded by Apple engineers Corey Kallenberg, Xeno Kovah, and Nikolaj Schlej. Kovah issued a series of Tweets about the feature that have since been deleted.
The report sent to Apple excludes data stored in NVRAM. Apple will then look at the transmitted data to evaluate if there has been a malware attack — but what happens after that is not clear. Also unclear is what impact that this may ultimately have on 4,1 Mac Pro owners who have flashed the firmware on the computer to make it appear to be the 5,1 Mac Pro or for Hackintosh owners — but it appears at present that the dialog is no more than a one-time hassle.
According to Kovah's thread, the message will only be displayed once and not impact usability in any way. Should a user choose to send the report or dismiss the message, it will not be presented again unless the firmware changes.
AppleInsider has confirmed that the routine exists in the "gold master" of macOS High Sierra. Additionally, we have spoken to sources within Apple not authorized to speak for the company that the reports disseminated by the engineer over the weekend are accurate.
Apple's macOS 10.13 High Sierra update will debut on Monday. The update contains a number of improvements like Apple File System (APFS) implementation, migration from H.264 to H.265, and Metal 2, alongside other refinements.