Help

Firmware password has to be removed before imaging?

nadams
New Contributor III

Posted on ‎03-04-2016 11:54 AM

I was attempting to reimage a Macbook Air which had a firmware password set. I know the password and got past the prompt to get to the Netboot options. Booted into Casper Imaging and selected my workflow options. Image was restored to the device, but on reboot, the laptop came up to a flashing folder icon as if there was nothing on the boot device.

I tried imaging several times with different options, and had no luck. Tried it on another laptop and the image was good, and it was then that I realized that the other laptop didn't have a firmware password set. Went back to the original laptop and booted into recovery and removed the firmware password completely. After that, I re-applied the image and everything was successful.

Is it a requirement of Casper Imaging that the firmware password be removed? Is there any way to image with the firmware password set?

0 Kudos
Reply
12 REPLIES 12

lwindram
Contributor

Posted on ‎03-04-2016 12:10 PM

I would guess that the startup disk is not being properly set after the imaging process. The flashing folder indicates that OS X can't locate a bootable disk at the specified location. Try booting to the recovery partition and setting the startup disk to the Macintosh HD.

We do a lot of imaging and all of our devices have firmware passwords, so I can assure you that imaging with an EFI password is possible.

0 Kudos
Reply

bpavlov
Honored Contributor

Posted on ‎03-04-2016 12:20 PM

You can also hold OPTION while booting. Find the bootable volume and hold CTRL when you press ENTER to make that the default startup volume.

0 Kudos
Reply

nadams
New Contributor III

Posted on ‎03-04-2016 12:32 PM

@lwindram @bpavlov I held down option to get back into the boot list, and selected the EFI partition. This allowed it to boot normally. I restarted it, and now it's back to a flashing folder w/ the question mark. Doesn't look like the default boot drive is being set by Casper Imaging.

This still only appears to happen on laptops with a firmware password set. I made sure to select the option to boot from target device after imaging.

0 Kudos
Reply

nadams
New Contributor III

Posted on ‎03-04-2016 12:39 PM

Okay, I think the issue is this - when you image, Casper Imaging sees the partition being called "Macintosh HD", and when the image process is complete, it sets the target boot volume to "Macintosh HD". However, with the firmware password set, the device name appears in the boot list as "EFI Partition".

As soon as I removed the firmware password, the laptop booted normally, and when I checked the boot device list by holding down "option", the drive was once again named "Macintosh HD"

0 Kudos
Reply

bpavlov
Honored Contributor

Posted on ‎03-04-2016 12:41 PM

when you use the option key method, hold CTRL when you select the partition when you select the volume (this will make it the default volume). Or when you boot into the OS itself, in Sys Prefs -> Startup disk preference pane, select the OS volume so it boots to it every time.

0 Kudos
Reply

rdwhitt
Contributor II

Posted on ‎03-04-2016 12:43 PM

Out of curiosity, what version are you running and what does your imaging log say?

We have firmware passwords and Casper Imaging always (well most of the time) works without a hitch. Currently we're on 9.81.

0 Kudos
Reply

bpavlov
Honored Contributor

Posted on ‎03-04-2016 03:23 PM

I just re-imaged a computer with a firmware password and it booted fine.

0 Kudos
Reply

apizz
Valued Contributor

Posted on ‎03-04-2016 04:43 PM

@bpavlov I didn't know about holding down Control. Good to know!

0 Kudos
Reply

pblake
Contributor III

Posted on ‎03-04-2016 05:22 PM

What OS are you dropping? I believe in 10.11 the bless command changed, that may be preventing that reboot from booting to the correct drive.

0 Kudos
Reply

Aziz
Valued Contributor

Posted on ‎03-04-2016 06:29 PM

We have an EFI password on all of our machines. Casper Imaging has no problems imaging and rebooting to the correct partition.

But, there was a time for us where the machines weren't rebooting to the correct drive. We used the following to set the startup-disk during imaging.

#!/bin/bash
nvram -c
sudo systemsetup -setstartupdisk /Volumes/"Macintosh HD"/System/Library/CoreServices

Works on 10.11.x El Capitan.

0 Kudos
Reply

CasperSally
Valued Contributor II

Posted on ‎03-07-2016 04:52 AM

Starting in 9.81 there was a bug in JSS where I had to add a bless script that runs 'after' before machine reboots to production

see this thread for info
https://jamfnation.jamfsoftware.com/discussion.html?id=17397

0 Kudos
Reply

nadams
New Contributor III

Posted on ‎03-08-2016 10:02 AM

@CasperSally It actually looks like it may have been fixed in 9.82. My JSS was on 9.82, but I was still using the 9.81 version of Casper Imaging. I just updated my NBI to 9.82 and did a test image of a password-protected laptop and it seems to have worked fine. Granted, this was only one test, so I will have to try a few more times before I'm satisfied that it's fixed :)

And here I thought it wouldn't be a big deal to leave Casper Imaging on 9.81 to save time in rebuilding the NBI :)

0 Kudos
Reply