Help

Firmware Locking Not Working

Go to solution
damienbarrett
Valued Contributor

Posted on ‎05-03-2013 01:13 PM

I'm testing locking firmware on machines in conjunction with Casper Imaging 8.7. I'm following the instructions in the Administrator's Guide (page 269).

- Netboot to my imaging environment
- In Casper Imaging, select "Custom Install" and under the "Accounts" section, have it add a firmware password.

Once I do this, I can see the command in the left telling me it's going to do it, but when the machine images then reboots, there's no firmware password set. The Imaging Logs show no errors.

Question: does Casper Imaging rely on a Recovery Partition to be present for this to work?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎05-03-2013 03:55 PM

Hmm. That setting doesn't work anymore by itself. It once did on older OSes (correction, older Mac models), but now you need to use the setregproptool that is embedded inside the Firmware Password Utility. The documentation really should be updated to include the new instructions, which you can find here:
https://jamfnation.jamfsoftware.com/article.html?id=58

I don't think you must have a Recovery HD present, but you have to get that tool from somewhere and have it on dropped onto the system you've just imaged. See the KB above, it explains it further.

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
mm2270
Legendary Contributor III

Posted on ‎05-03-2013 03:55 PM

Hmm. That setting doesn't work anymore by itself. It once did on older OSes (correction, older Mac models), but now you need to use the setregproptool that is embedded inside the Firmware Password Utility. The documentation really should be updated to include the new instructions, which you can find here:
https://jamfnation.jamfsoftware.com/article.html?id=58

I don't think you must have a Recovery HD present, but you have to get that tool from somewhere and have it on dropped onto the system you've just imaged. See the KB above, it explains it further.

0 Kudos

Go to solution
damienbarrett
Valued Contributor

Posted on ‎05-03-2013 04:13 PM

Ah, there's the missing info! You're correct, the documentation needs to be updated. I had assumed (yes I know; never assume) that JAMF had updated their tool in Casper Imaging 8.x to include the ability to firmware lock the new hardware. This is not the case, clearly. At least there's a KB (thanks for the link) that will give me a workaround.

I'll make sure that this firmware tool binary is on my base image and write an after-imaging startup policy to set the firmware password up first boot. Thanks!

0 Kudos