Forked from talkingmoose/Generate Random Firmware Password.bash
Created
September 14, 2020 19:03
-
-
Save sjha967/1983dbd562cbd6300469d192ee9a488b to your computer and use it in GitHub Desktop.
Generate a randome EFI firmware password for each Mac and store in Jamf Pro. Note: This will be completely visible to all Jamf Pro users whose permissions allow access to Computers. Create an extension attritute with the first script.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
function logresult() { | |
if [ $? = "0" ] ; then | |
echo "$1" | |
else | |
echo "$2" | |
exit 1 | |
fi | |
} | |
# verify whether a firmware password is set | |
echo "Checking for existing firmware password" | |
checkFirmwarePassword=$( /usr/sbin/firmwarepasswd -check ) | |
# if a firmware password is already set, stop the script and report failure in Jamf Pro | |
if [ "$checkFirmwarePassword" != "Password Enabled: No" ] | [ -d /private/tmp/.fp ]; then | |
echo "A firmware password is already set. Doing nothing." | |
exit 0 | |
else | |
echo "No firmware password set" | |
fi | |
# create obscure directory | |
fpdirectory="/private/var/.fp" | |
/bin/mkdir -p "$fpdirectory" | |
logresult "Creating \"$fpdirectory\" directory" "Failed creating \"$fpdirectory\" directory" | |
# generate random password | |
randpassword=$( /usr/bin/openssl rand -hex 6 ) | |
logresult "Generating 8-character firmware passcode: $randpassword" "Failed generating 8-character firmware passcode." | |
# write random password to temporary file | |
/usr/bin/touch "$fpdirectory/$randpassword" | |
logresult "Writing password to file \"$fpdirectory/$randpassword\"" "Failed writing password to file \"$fpdirectory/$randpassword\"" | |
# update Jamf Pro computer record with firmware password and set only if inventory was updated | |
/usr/local/bin/jamf recon && /usr/local/bin/jamf setOFP -mode command -password "$randpassword" | |
# set the firmware password only after a successful inventory update to Jamf Pro | |
if [ $? = "0" ]; then | |
echo "Updating Jamf Pro inventory to upload firmware password" | |
echo "Setting firmware password" | |
exit 0 | |
else | |
echo "Failed setting firmware password" | |
exit 1 | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "<result>$( ls /private/var/.fp )</result>" | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment