Extension Attribute to check if Firmware password is set

GabeShack
Valued Contributor III

Hey all,
So the old Extension Attribute "EFI Password Mode" seems not to function in 10.12 and I was looking to see if anyone had created an update for it before I started to reinvent the wheel.
Old one pasted below:

#!/bin/sh
result=`nvram -p | grep security-mode | awk '{print $2}'`

if [ "$result" != "" ]; then
    echo "<result>$result</result>"
else
    echo "<result>none</result>"
fi

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools
3 REPLIES 3

cbrewer
Valued Contributor II

You should be able to replace the nvram line with "firmwarepasswd -check" and have something that'll work.

Chris_Tavenner
New Contributor II

Below is what I use, works fine in 10.12

!/bin/sh

####

firmwarePass="$(firmwarepasswd -check)";

if [ "$firmwarePass" == "Password Enabled: Yes" ]; then echo "<result>Set</result>";
else echo "<result>Not Set</result>"
fi

GabeShack
Valued Contributor III

@cbrewer @Chris.Tavenner Thanks both!
Working great now. Guess we should submit it to be updated in the JSS built in template.
Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools