This won't help you today but maybe if Jamf implemented this:

https://www.jamf.com/jamf-nation/feature-requests/6626/configuration-profile-for-firmware-efi-password-management-starting-high-sierra

Try

result=$(/usr/sbin/firmwarepasswd -check)

You could also use awk to pull out the “No”

You should also have a double equal sign in your if statement.

I think the missing = sign in the if/then statement might be the problem, and you should also surround $result in double quotes since the variable might contain spaces.
But I would suggest using bash's regex match operator for this. For example:

if [[ "$result" =~ "No" ]] ; then

The =~ basically means if what is on the right is contained in $result on the left, or if it has that string as part of it's pattern. Since the word "No" will show up in the result, or not if an EFI password is set, you can just check for that word and not the entire result line. Hope that helps.

Hi @jhaff

Maybe this can help you out!

#!/bin/sh

# Check if Firmware password is configured and turn it on
/Library/Application Support/JAMF/bin/setregproptool -c
Result="$?"

if [[ "$Result" == "1" ]]; then
/Library/Application Support/JAMF/bin/setregproptool -m 'command' -p 'PUTYOUREFIPASSWORDHERE'
fi

Not sure if this is working on 2018 models, going to find out in 2 weeks. maybe someone else can confirm ?

Many thanks! I think m.donovan's suggestion worked to get the proper output into the variable. Many thanks! mm2270 going to use the regular expression operator... ;)

I tried all sorts of formats and conditionals: double equal, quotes, no quotes, double brackets vs. single, regular expressions. I was driving myself nuts!

Thanks for the quick help.