Setting or Removing an EFI Password

To ensure the security of managed computers, you can use a policy to set or remove an Open Firmware/EFI password.


Target computers with an Intel processor.


On Mac computers with Apple silicon, enable FileVault to require users to enter a password on start up from macOS recovery or a different startup disk.

  1. In Jamf Pro, click Computers at the top of the sidebar.
  2. Click Policies in the sidebar.
  3. Click New .
  4. Use the General payload to configure basic settings for the policy, including the trigger and execution frequency.
  5. Select the EFI Password payload and click Configure.
  6. Do one of the following:
    • To set an Open Firmware/EFI password, select Set Password, and then enter and verify the password.

    • To remove an Open Firmware/EFI password, select Remove Password, and then enter and verify the current password.

  7. Use the Restart Options payload to configure settings for restarting computers.
  8. Click the Scope tab and configure the scope of the policy.
  9. (Optional) Click the Self Service tab and make the policy available in Self Service.
  10. (Optional) Click the User Interaction tab and configure messaging and deferral options.
  11. Click Save .

The policy runs on computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.