.\"Copyright (c) 2014 Apple, Inc. All Rights Reserved.
.\"The contents of this file constitute Original Code as defined in and are 
.\"subject to the Apple Public Source License Version 1.2 (the 'License'). 
.\"You may not use this file except in compliance with the
.\"License. Please obtain a copy of the License at 
.\"http://www.apple.com/publicsource and read it before using this file.
.\"
.\"This Original Code and all software distributed under the License are 
.\"distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 
.\"EXPRESS OR IMPLIED, AND APPLE
.\"HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY 
.\"WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
.\"QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 
.\"specific language governing rights and limitations under the License."
.\"
.\" Use the following line to view the manpage. Replace man_page with the path to the manpage to view.
.\"/usr/bin/nroff -mandoc man_page | less
.Pp
.Dd April 19, 2019
.Dt FIRMWAREPASSWD 8
.Os "OS X"
.Sh NAME
.Nm firmwarepasswd
.Nd tool for setting and removing firmware passwords on a system
.Sh SYNOPSIS
.Nm
.Op Fl setpasswd
.Op Fl setmode Ar mode [-allow-oroms]
.Op Fl mode
.Op Fl check
.Op Fl delete
.Op Fl verify
.Op Fl unlockseed
.Op Fl disable-reset-capability
.Op Fl enable-reset-capability
.Op Fl h
.Pp
.Sh DESCRIPTION
The 
.Nm 
command is used to add or remove firmware passwords from a system as well as check status and other options.
.
The 
.Nm 
command requires root privileges to run.
.Pp
A list of flags and their descriptions:
.Bl -tag -width indent 
.It Fl setpasswd
Prompts to add a new firmware password or change and existing password if one exists.
.It Fl setmode Ar mode [-allow-oroms]
Set the mode to "command" or "full".  "Command" will prompt for the firmware password if the user attempts to boot from a different volume.  "Full" will prompt on every startup (not recommended).  Optional "allow-oroms" flag will permit option roms execution, that is denied by default once firmware password is set.
.It Fl mode
Displays the current mode if one is set.
.It Fl check
Displays whether or not a firmware password is set.
.Pp
.It Fl delete
Prompts for password and clears both password and the mode if correct.
.It Fl verify
Prompts for password and displays success if correct.
.It Fl unlockseed
Generates a firmware password recovery key.  Note: Machine must be stable for this command to generate a valid seed.  No pending changes that need a restart.  NOTE: Seed is only valid until the next time a firmware password command runs.
.It Fl disable-reset-capability
Disables firmware password reset using unlockseed.
.It Fl enable-reset-capability
Enables firmware password reset using unlockseed.
.It Fl h
Displays a list of all the commands available in the firmwarepasswd tool, with explanatory information.
.Pp
.El
.Pp
.Pp
.\".Sh EXAMPLES        \" Document any examples needed (none)
.Sh FILES
.Bl -tag -width "/usr/sbin/installer" -compact
.It Pa /usr/sbin/firmwarepasswd
.Pp
.El
.\".Sh SEE ALSO        \" Document any related topics (none)
.\" List links in ascending order by section, alphabetically within a section.
.\" Please do not reference files that do not exist without filing a bug report
.\" .Sh BUGS              \" Document known, unremedied bugs
.\" .Sh HISTORY           \" Document history if command behaves in a unique manner