Help

Enabling EFI/Boot password

Mkh
New Contributor III

Posted on ‎10-25-2019 06:14 AM

Hey everyone,

I'm pretty new to JAMF here, how can enable EFI password on my fleet ?

0 Kudos
Reply
16 REPLIES 16

DBrowning
Valued Contributor II

Posted on ‎10-25-2019 06:23 AM

New Policy>> EFI Password Payload.
d3ab241decc44dbfab31ba9c91b9cdc2

0 Kudos
Reply

Mkh
New Contributor III

Posted on ‎10-28-2019 08:45 AM

Great .. how can I get the list of machines that have Firmware password set ?

0 Kudos
Reply

DBrowning
Valued Contributor II

Posted on ‎10-28-2019 10:04 AM

Make an extension attribute with this:

#!/bin/sh

#Get Status
firmwareStatus=$(firmwarepasswd -check)

#Pull out final word
status=$(echo "$firmwareStatus" | awk '/Enabled:/ {print $NF}')

echo "<result>$status</result>"
0 Kudos
Reply

larry_barrett
Valued Contributor

Posted on ‎10-28-2019 10:30 AM

Possible outputs are Yes and No ^

0 Kudos
Reply

Mkh
New Contributor III

Posted on ‎11-08-2019 02:14 AM

Thanks a million

0 Kudos
Reply

MacJunior
Contributor III

Posted on ‎01-31-2021 02:29 AM

any updated version of check a script that would work with Big Sur on intel machines?

0 Kudos
Reply

DBrowning
Valued Contributor II

Posted on ‎02-01-2021 05:32 AM

@MacJunior The EA I posted above still works in Big Sur on Intel Macs.

Reply

MacJunior
Contributor III

Posted on ‎02-01-2021 06:51 AM

true, when I execute the script on a machine has a firmware password it shows me the status "Yes" but I when add it to an extension attribute and create a smart group to show me the macs with EFI password nothing shows up.
Seems I'm doing something wrong here.

0 Kudos
Reply

DBrowning
Valued Contributor II

Posted on ‎02-01-2021 06:57 AM

@MacJunior safe to assume you are waiting for the next recon/inventory to come in? If you run recon/inventory on a machine, is it showing up in your Computer Record?

0 Kudos
Reply

alessio_tedesco
New Contributor III

Posted on ‎02-01-2021 07:13 AM

Hi @DBrowning I tried setting up an extension attribute as you provided up here but seems like it is not working, attaching the screenshot. same result in catalina and bigsur. Nothing won't populate even after jamf recon.

EDIT: After waiting a while and after a Recon it actually populated correctly.

Reply

MacJunior
Contributor III

Posted on ‎02-01-2021 07:20 AM

I executed "jamf recon" from terminal and waited a bit, rebooted and still the the smart group shows me nothing !

ec347eac1f2f46cda30737606242f4f7

0e35bbd0735e4e5fbf5fa2fa8c77c8c1

0 Kudos
Reply

MacJunior
Contributor III

Posted on ‎02-03-2021 08:09 AM

Anybody managed to fix it ? still can't see Macs that have FV enabled !

0 Kudos
Reply

mschroder
Valued Contributor

Posted on ‎02-03-2021 08:21 AM

Try
echo "<result>$status</result>"

0 Kudos
Reply

MacJunior
Contributor III

Posted on ‎02-04-2021 12:09 AM

Still nothing, does it work for you @mschroder ?? if yes could you share the extension attribute page and the smart group ?

0 Kudos
Reply

mschroder
Valued Contributor

Posted on ‎02-04-2021 01:00 AM

Well, you have a 'sudo' in a place where it makes no sense. DBrowning has the complete and correct script in his post. Please note that if you run this outside of Jamf you need to run it with sudo privileges. When from the MDM it already has sudo privileges.

Once you fixed the EA check you get the proper result in the inventory for the device on which you tested. When that is OK check the smart group, you might have problems there as well.

Reply

MacJunior
Contributor III

Posted on ‎02-04-2021 02:17 AM

You are correct @mschroder I missed your point that when you run a script via MDM it doesn't need sudo privileges cuz it's already have them.

Thanks

0 Kudos
Reply