- Jamf Nation Community
- Products
- Jamf Pro
- Re: Extension Attribute to find the status of EFI ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2015 01:52 PM
It seems that I can no longer get the security-mode from the following methods on Yosmemite:
echo "<result>nvram -p | grep security-mode</result>"
or
echo "<result>system_profiler | grep security-mode</result>"
or
echo "<result>/Library/Application Support/JAMF/bin/setregproptool -c</result>"
I use the setregproptool placed in the JAMF/bin folder to set the EFI password using a policy at first login. The machine asks for the EFI password when option booting, but I just need the output for reporting/compliance.
Is anyone else seeing this issue?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2015 02:09 PM
You need to check the exit status of the command:
/Library/Application Support/JAMF/bin/setregproptool -cIt does not, and as far as I know has never, sent output directly to the shell when running that. The exit status ($?) will be either 0 (ON) or 1 (OFF)
#!/bin/sh
/Library/Application Support/JAMF/bin/setregproptool -c
EFIStatus=$?
if [ "$EFIStatus" == 0 ]; then
result="On"
else
result="Off"
fi
echo "<result>$result</result>"
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2015 02:09 PM
You need to check the exit status of the command:
/Library/Application Support/JAMF/bin/setregproptool -cIt does not, and as far as I know has never, sent output directly to the shell when running that. The exit status ($?) will be either 0 (ON) or 1 (OFF)
#!/bin/sh
/Library/Application Support/JAMF/bin/setregproptool -c
EFIStatus=$?
if [ "$EFIStatus" == 0 ]; then
result="On"
else
result="Off"
fi
echo "<result>$result</result>"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2015 02:10 PM
I use this:
It's based off having the setregproptool in the jamf bin folder.
!/bin/sh
/Library/Application Support/JAMF/bin/setregproptool -c
result="$?"
result = $?
if [[ "$result" == "0" ]]; then
echo "<result>Set</result>"
else
echo "<result>Not Set</result>"
fi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-08-2015 05:38 AM
According to https://jamfnation.jamfsoftware.com/discussion.html?id=13765#responseChild82487 there is a new tool built into Yosemite to do this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-31-2015 09:24 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-31-2015 09:57 AM
Yes, there is a new tool in Yosemite OS x 10.10.x, to SET and UNSET and TEST if Set
I have used it quite successfully..
Obviously this Yosemite, tool does not work with OS X 10.9.x and earlier..
The tool is called: firmwarepasswd
