Scoping EFI Password Mode between older and newer Macs

New Contributor III

I would like to scope machines based on EFI status Mode so that I can I easily target machines requiring "Set Open Firmware / EFI Password" I see they're two EA available to report EFI status.
One is for older Pre-2011 hardware which is calling nvram
`nvram -p | grep security-mode | awk '{print $2}'`

And the other is for newer hardware mid-2011 and later which calls "setregproptool -c" binary.

  1. I'm curious to see how are others addressing this issue or willing to share some ideas.
  2. Can I have these two EA Co-exist without causing any issues?

Thank You.


Valued Contributor II

Pretty sure once you copy setregproptool to the correct location, you can just use one policy to set the firmware password for old and new models.