Open Radar

 
This is a duplicate of rdar://20025715

Summary:
When creating a NetRestore volume, the machine in question will not have the latest EFI patch that corrects the Thunderstrike vulnerability. The machine will only receive the patch from the following delta/combo update.

This is due to the fact that Firmware Updates are now longer issued through SUS environments outside of delta/combo updates.

Steps to Reproduce:
Steps to Reproduce:
1. Download OS X Yosemite (latest at this time is 10.10.2) from the Mac App Store.
2. Open System Image Utility.
3. Select the Install OS X Yosemite (10.10.2, 14C109) source.
4. Select NetRestore image, click Continue.
5. Leave the default settings, create a dummy admin user to allow the process to continue.
6. Choose a target destination for the final output image and start the build.
7. Deploy to a client machine that has not had 10.10.2 installed previously.

OR 
1. Use this same process with OS X Yosemite 10.10.0 and the EFI patch will not apply.

Expected Results:
EFI patch should be applied post since this is somewhat expected behavior with bit-based imaging.

Actual Results:
EFI will not be patched until next combo/delta update. If a new NetRestore image is created, the following machines will be impacted.

Version:
10.10.0/10.10.2

Notes:
Combo/Delta updates also contain FirmwareUpdate.pkg

The package does not have any sanity checks and only installs a receipt. There is no packageinfo.

Configuration:
This will not occur when using NetInstall or through the Mac App Store application.