feat(cli): add Find My Mac check to prevent script execution#15
Conversation
Added a check for Find My Mac token in NVRAM to prevent script execution if it's active.
bsojka
changed the title
|
Thank you very much @maumeerally for highlighting this issue, and sincere apologies that it took this long for me to review it. Investigating this turned out to be quite a rabbit hole — I spent many hours testing, repeatedly wiping a test device, enabling and disabling Activation Lock, and refining the script. As a result, I now have a more comprehensive update to both the script and documentation in progress. While the NVRAM check you proposed may have limited applicability on newer Apple Silicon machines, it helped surface an important aspect of the problem that I had not covered in the initial release. I’ll follow up with additional changes shortly. |
I fixed a small formatting issue (shfmt) to get CI passing before merge.
|
🚀 [bumper] Bumped! |
2 participants
Added a check for Find My Mac token in NVRAM to prevent script execution if it's active.
Description
Added a check for Find My Mac token in NVRAM to prevent script execution if it's active.
Motivation and Context
A Mac cannot be added to ABM if Find My Mac is active - it will fail and potentially cause data loss on a Mac as it automatically reverts to a deactivated state (losing the SecureTokens and Volume Ownership - as they are tied to a Mac's activation state) when attempting to add the Mac to ABM.
How has this been tested?
Real life hardship.
Are there any related PR?
No
Types of changes
The change attempts to check if Find My Mac is active in the NVRAM and will abort the script with warning before any damage can be done.