Firmware Password Manager 2.5 - New Release
Firmware Password Manager is a Python script to help MacAdmin programmatically manage the firmware passwords of their Mac systems. The firmware password is one of the three interlocking methods used to secure Mac systems. The other two are: using strong passwords (and password policy) on user accounts and FileVault to apply full disk encryption (FDE). Strong account passwords are always the first line of defense. FDE effectively scrambles the information written a storage device and renders it unreadable by unauthorized persons. Using all three methods can make a Mac system unusable should it be lost or stolen.
New features include:
This allows the user to select and remove the firmware password and set no firmware password.
The configuration file allows you to easy modify the Firmware Password Manager options for your environment needs.
Ported to Python 3
The script has been ported from Python 2 to Python 3.7+.
.Added JAMF Controller Script and Skeleton Key
Skeleton Key was written to add a GUI to the firmwarepasswd command and Firmware Password Manager and give it multiple ways to obtain the keylist file.
The controller script makes it easy for Jamf Admins to integrate Firmware Password in their infrastructure. It directs the automated configuration and launch of FWPM. It contains the new and old firmware passwords, the logic to error check and create an obfuscated keyfile and configuration file, and launches FWPM.
Firmware Password Manager will work with any client management system, for example, popular options like Jamf Pro and Munki, or multiple others.
If you are interested in checking it out see our GitHub repository:
Thanks for the replies. I'm going need a paint by numbers demonstration. I'm installing the binary and capturing with composer then deploying through JSS? I've tried to watch a few Utah Marriott videos looking for a how to demo but they only seem to mention release notes etc.
I'm having an issue with fwpm v2.5. I was hoping someone here could point me in the correct direction.
In our university we set passwords via a JAMF policy, using the JSS FWPM controller script.py script, leaving all flags to default.
Removing a firmware password is offered as a self-service policy. To remove the firmware password, we use a 2d copy of the controller script but now use the flag 'use_fwpw': False. This removes the firmware password and the nvram hash without any issues.
The problem we are seeing is as soon as we run the policy that sets a firmware password again after a reboot, the policy fails. The error code in /var/log/fwpm_controller.log does not show much info;
2020-12-18 01:22:33,998 - INFO - fwpm controller launched. 2020-12-18 01:22:33,998 - INFO - fwpm controller version 1.0 2020-12-18 01:22:34,006 - INFO - prepare_keyfile: activated 2020-12-18 01:22:34,006 - INFO - sanity check new. 2020-12-18 01:22:34,006 - INFO - sanity check previous. 2020-12-18 01:22:34,007 - INFO - Sanity check successful. 2020-12-18 01:22:34,008 - INFO - launching fwpm. 2020-12-18 01:22:35,578 - CRITICAL - Command '['/usr/local/fwpm/firmware_password_manager', '-c', '/tmp/cfg.cfg']' returned non-zero exit status -9
After a factory reset the script runs again without any issues. Is there anything we can do to troubleshoot this issue?