- Jamf Nation Community
- Products
- Jamf Pro
- Re: Firmware Password Manager 2.5 - New Release
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Firmware Password Manager 2.5 - New Release
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-25-2020 10:57 AM
Firmware Password Manager 2.5 - New Release
Firmware Password Manager is a Python script to help MacAdmin programmatically manage the firmware passwords of their Mac systems. The firmware password is one of the three interlocking methods used to secure Mac systems. The other two are: using strong passwords (and password policy) on user accounts and FileVault to apply full disk encryption (FDE). Strong account passwords are always the first line of defense. FDE effectively scrambles the information written a storage device and renders it unreadable by unauthorized persons. Using all three methods can make a Mac system unusable should it be lost or stolen.
New features include:
Removed Flags
This allows the user to select and remove the firmware password and set no firmware password.Configuration File
The configuration file allows you to easy modify the Firmware Password Manager options for your environment needs.Ported to Python 3
The script has been ported from Python 2 to Python 3.7+..Added JAMF Controller Script and Skeleton Key
Skeleton Key was written to add a GUI to the firmwarepasswd command and Firmware Password Manager and give it multiple ways to obtain the keylist file.
The controller script makes it easy for Jamf Admins to integrate Firmware Password in their infrastructure. It directs the automated configuration and launch of FWPM. It contains the new and old firmware passwords, the logic to error check and create an obfuscated keyfile and configuration file, and launches FWPM.
Firmware Password Manager will work with any client management system, for example, popular options like Jamf Pro and Munki, or multiple others.
If you are interested in checking it out see our GitHub repository:
Labels:
- Labels:
-
Configuration
-
Jamf Pro
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-24-2020 06:03 AM
I'm struggling with this... Just need the script, config file, and pexpect? Script complains it can't find pexpect.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-03-2020 08:13 AM
There is a binary included in the github repo. I would suggest starting there, instead of attempting to use the python source. The binary includes all of the dependencies.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-04-2020 09:00 AM
@estes Did you see @todd.mcdaniel 's response above?
There is a binary included in the GitHub repo. I would suggest starting there, instead of attempting to use the python source. The binary includes all of the dependencies.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-05-2020 05:13 AM
Thanks for the replies. I'm going need a paint by numbers demonstration. I'm installing the binary and capturing with composer then deploying through JSS? I've tried to watch a few Utah Marriott videos looking for a how to demo but they only seem to mention release notes etc.
Thanks gentlemen.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-12-2020 01:15 PM
Hello @estes :
Sorry, we are "really" busy right now but will add it to my todo's to create step-by-step instructions for FWPW set up in Jamf Pro. And let you know when it's available, probably post to our blog and maybe, update the GitHub repository.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-12-2020 01:18 PM
I appreciate that you've created this and made it available. Thanks again.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-18-2020 01:47 AM
I'm having an issue with fwpm v2.5. I was hoping someone here could point me in the correct direction.
In our university we set passwords via a JAMF policy, using the JSS FWPM controller script.py script, leaving all flags to default.
Removing a firmware password is offered as a self-service policy. To remove the firmware password, we use a 2d copy of the controller script but now use the flag 'use_fwpw': False. This removes the firmware password and the nvram hash without any issues.
The problem we are seeing is as soon as we run the policy that sets a firmware password again after a reboot, the policy fails. The error code in /var/log/fwpm_controller.log does not show much info;
2020-12-18 01:22:33,998 - INFO - fwpm controller launched. 2020-12-18 01:22:33,998 - INFO - fwpm controller version 1.0 2020-12-18 01:22:34,006 - INFO - prepare_keyfile: activated 2020-12-18 01:22:34,006 - INFO - sanity check new. 2020-12-18 01:22:34,006 - INFO - sanity check previous. 2020-12-18 01:22:34,007 - INFO - Sanity check successful. 2020-12-18 01:22:34,008 - INFO - launching fwpm. 2020-12-18 01:22:35,578 - CRITICAL - Command '['/usr/local/fwpm/firmware_password_manager', '-c', '/tmp/cfg.cfg']' returned non-zero exit status -9
After a factory reset the script runs again without any issues. Is there anything we can do to troubleshoot this issue?
