Help

Report "Secure Boot" status?

donmontalvo
Esteemed Contributor III

Posted on ‎07-24-2018 12:13 PM

Is there a way (yet) to report Secure Boot status, for example "Full Security" vs "No Security"?

Looked through System Profiler, didn't see anything...we need to flag computers that are not set to our desired "Full Security" setting.

@dan.kubley

84e0cfb70a0a4e95b8cb7cc53d74c141

--
https://donmontalvo.com
5 REPLIES 5

dgreening
Valued Contributor II

Posted on ‎07-24-2018 12:23 PM

We really need a way to manage these settings!!!

0 Kudos

gachowski
Valued Contributor II

Posted on ‎07-24-2018 01:17 PM

I opened a ticket, for config profile control of "SIP" before it was released to the public ... Apple eng said I was nuts and current they are saying use a firmware password.

C

0 Kudos

dan_kubley
New Contributor III
New Contributor III

Posted on ‎07-24-2018 03:27 PM

Hi @donmontalvo ,
We currently have the ability to report on System Integrity Protection:
Enabled under the Security section of an inventory record. As to Secure Boot, that would be a feature request. Please file that if you so desire.

0 Kudos

Look
Valued Contributor III

Posted on ‎07-24-2018 03:51 PM

Given it's a whole new hardware subsystem that might have it's own storage who knows...
But given SIP status is stored in NVRAM (csr-active-config), it might be worth looking at nvram -p to see if there are any security settings included now.
If the behaviour was the same as SIP they would only show if they had been changed from the default setting.

0 Kudos

dfarnworth_b
New Contributor III

Posted on ‎05-15-2019 09:13 AM

Try this if you're still looking: Secure Boot EA

0 Kudos