OS X 10.10.3 breaks firmware password

I've never seen afp548 be blocked from here, and usually when something is blocked it states so in the page load. In this case I'm just getting the "Safari can't open the page" error. Strange. I'm going to try from outside the network.

Edit: Ok, something with the network here. Got it loaded on an external connection.
Anyway, looks like it may in fact be the Recovery HD update causing this. Wonderful. I have to say, I've about given up on Apple at this point. It just seems they can't get any update out anymore without some pretty major issues.

Sorry this is a looooong thread but I don't see any answers. It's not 10.10.3 rather it's the 'OS X Yosemite Recovery Update 1.0' per the following Apple KB https://support.apple.com/en-us/HT6647 AKA com.apple.pkg.RecoveryHDUpdate.14D131

Note it happens only if you have FileVault + EFI enabled, if you just run the 10.10.3 update everything is fine.

We made a workflow that basically works around it but requires EFI be disabled until the computer is updated.

1. Extension attribute to report EFI status (Yes/none)
2. Smart group to for EFI = no
3. Smart group for Not Yosemite
4. Smart group for Has installed com.apple.pkg.RecoveryHDUpdate.14D131
5. Smart group called EFI and Recovery Update for that contains members of both EFI =no and Has installed com.apple.pkg.RecoveryHDUpdate.14D131
6. Policy to set EFI to none (BUG: you have to save the policy as command with the password first then change it to none and save again) scoped to all computers, excluding the following groups: EFI = none, Not Yosemite, Has installed com.apple.pkg.RecoveryHDUpdate.14D131.
7. Policy to enable EFI scoped to the smart group EFI and Recovery Update

Sorry for the fuzzy directions, hopefully they're enough for you guys to decipher. Anything that I should clarify?

I decided to confront this today, expecting startup volume issues after installing the Recovery HD Update, but I wasn't able to replicate it. I verified EFI Password was enabled, and as a control updated with softwareupdate -ia, to ensure an prescribed Apple method works. After a successful install and reboot, I uploaded the packages into Casper, and applied packages onto a second client. I nervously expected it not find to the Recovery volume at restart, but it started successfully into EFI Login framework to decrypt the volume.

I performed these on Mac mini (Late 2014). I'm going to try it on a system of different model and vintage, to see if it makes a difference.

After some testing I cam to the conclusion that the culprit is definitely the Recovery Update that is supplied with the patch.

I find it much of a hassle to figure a way out to upgrade everybody at the moment (as mentioned by iordonez for example.

I'll wait for 10.10.4 to see if apple made some changes to the process.

On a side note @loceee, what mods have you done to Margarita to get it to show the downloads and what looks like the OS it apples to ? Wanna share :) ?

@loceee, dont worry I found your git repo !!

So 10.10.4 is out, any news on the update process from 10.10.2? Is this altered or..?