People who have followed this blog will know that I like zero touch. Unfortunately, firmware updates usually require physically touching a computer. In the absence of a scriptable robot that can go around to users’ desks pressing buttons, this process is hard to automate. Thankfully, firmware updates are relatively infrequent compared to other Apple Software Updates.
Using an Extension Attribute in the Casper Suite, I have been able to achieve the following goals…
- Automate Apple Software Updates without continually running Software Update on computers that only have firmware updates available.
- Generate a list of computers that require firmware updates. This list is given to technicians as a work list of computers to visit and run the firmware updates on.
Here’s the script to use in the Extension Attribute (I call it “Available FWUs”)…
# Populate "Firmware Updates Available" extension attribute
# Get firmware update count
fwupdcount=`softwareupdate -l | grep -c -e Firmware -e firmware -e EFI -e SMC`
The fourth line is looking for available software updates with names that contain the terms “Firmware”, “firmware”, “EFI”, and “SMC”. This covers all of the firmware updates I can find on apple.com/support. If additional terms become needed in the future, one can add ” -e <desiredTerm>” to the command between “SMC” and the final backtick.
The result will be an integer. An Advanced Search for computers with Available FWUs more than 0 will give you the firmware update work list. I use a Smart Computer Group containing computers with Available SWUs more than 0 and Available FWUs less than 1 as the scope for an automated Software Update policy.
I hope this is helpful!
Note: Recent Apple firmware updates haven’t been requiring manual interaction. This process may not be needed if your environment consists solely of new hardware.