-
Notifications
You must be signed in to change notification settings - Fork 2
/
Generate Random Firmware Password.bash
49 lines (40 loc) · 1.6 KB
/
Generate Random Firmware Password.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/bin/bash
function logresult() {
if [ $? = "0" ] ; then
echo "$1"
else
echo "$2"
exit 1
fi
}
# verify whether a firmware password is set
echo "Checking for existing firmware password"
checkFirmwarePassword=$( /usr/sbin/firmwarepasswd -check )
# if a firmware password is already set, stop the script and report failure in Jamf Pro
if [ "$checkFirmwarePassword" != "Password Enabled: No" ] | [ -d /private/tmp/.fp ]; then
echo "A firmware password is already set. Doing nothing."
exit 0
else
echo "No firmware password set"
fi
# create obscure directory
fpdirectory="/private/var/.fp"
/bin/mkdir -p "$fpdirectory"
logresult "Creating \"$fpdirectory\" directory" "Failed creating \"$fpdirectory\" directory"
# generate random password
randpassword=$( /usr/bin/openssl rand -hex 6 )
logresult "Generating 8-character firmware passcode: $randpassword" "Failed generating 8-character firmware passcode."
# write random password to temporary file
/usr/bin/touch "$fpdirectory/$randpassword"
logresult "Writing password to file \"$fpdirectory/$randpassword\"" "Failed writing password to file \"$fpdirectory/$randpassword\""
# update Jamf Pro computer record with firmware password and set only if inventory was updated
/usr/local/bin/jamf recon && /usr/local/bin/jamf setOFP -mode command -password "$randpassword"
# set the firmware password only after a successful inventory update to Jamf Pro
if [ $? = "0" ]; then
echo "Updating Jamf Pro inventory to upload firmware password"
echo "Setting firmware password"
exit 0
else
echo "Failed setting firmware password"
exit 1
fi