It seems that I can no longer get the security-mode from the following methods on Yosmemite:

echo "<result>nvram -p | grep security-mode</result>"
or
echo "<result>system_profiler | grep security-mode</result>"
or
echo "<result>/Library/Application Support/JAMF/bin/setregproptool -c</result>"

I use the setregproptool placed in the JAMF/bin folder to set the EFI password using a policy at first login. The machine asks for the EFI password when option booting, but I just need the output for reporting/compliance.

Is anyone else seeing this issue?

Page 1 / 1

You need to check the exit status of the command:

/Library/Application Support/JAMF/bin/setregproptool -c

It does not, and as far as I know has never, sent output directly to the shell when running that. The exit status ($?) will be either 0 (ON) or 1 (OFF)

#!/bin/sh



/Library/Application Support/JAMF/bin/setregproptool -c

EFIStatus=$?



if [ "$EFIStatus" == 0 ]; then

     result="On"

else

     result="Off"

fi



echo "<result>$result</result>"

I use this:
It's based off having the setregproptool in the jamf bin folder.

!/bin/sh

/Library/Application Support/JAMF/bin/setregproptool -c
result="$?"
result = $?

if [[ "$result" == "0" ]]; then
echo "<result>Set</result>"
else
echo "<result>Not Set</result>"
fi

According to https://jamfnation.jamfsoftware.com/discussion.html?id=13765#responseChild82487 there is a new tool built into Yosemite to do this.

@mm2270 Thanks Mike. Was trying to test in Shell was not getting the desired outcome. That word for me.
@pblake Thanks for the input as well.
@spalmer Thanks for the link.

Yes, there is a new tool in Yosemite OS x 10.10.x, to SET and UNSET and TEST if Set

I have used it quite successfully..
Obviously this Yosemite, tool does not work with OS X 10.9.x and earlier..

The tool is called: firmwarepasswd

!/bin/sh

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded