I have to say I am intimidated by High Sierra. First, because of APFS and other factors, we can no longer just do imaging as usual even in environments that are not compatible with the whole DEP mechanism. Secondly, the automatic firmware check/updates that happens during upgrades can be tricky to deal with and troubleshoot.
With that being said, I am just now beginning to dip my toe into High Sierra testing. My first test was just a standard upgrade using the MAS downloaded installer (for 10.13.1) and it seemed to go well on a MBA. My next test was to use the excellent script for OS upgrades via Self Service found in this discussion. That script worked so well for my Sierra upgrades that I figured I'd give it a go with High Sierra. After I modified the script to work with the High Sierra installer name, I then uploaded the installer app and the new script via Casper Admin and created a policy to deploy via Self Service. My first attempt on another MBA didn't work. I got the dreaded "An error occurred while verifying firmware" error during the install process. My first thought was that because of our highly restrictive proxy and firewalls, the firmware download was being blocked. I was looking at a worst-case scenario since our security teams have flat out refused to permit all the proper communications that I need with Apple's servers. (I consider myself to be extremely lucky that they even allowed APNS communication.)
However, my first attempt was done while the computer was on WiFi. I thought maybe I might have better luck plugged in on Ethernet (the network configurations are slightly different). Still no luck. I got the same error about the firmware. I then Googled the error and got all kinds of possible causes. the one that seemed to be mentioned more than others was a possible problem with the EFI partition. I ran the various diskutil verifydisk and diskutil repairdisk commands only to find that there were still errors and it wiped out my EFI partition completely which broke FileVault. HOWEVER, not all was lost. I booted up the MBA into Target Mode and connected a Thunderbolt cable to it and my iMac. Once I mounted the volume on my desktop, I used the RecoveryPartitionInstaller pkg I created for my 10.12.6 Macs and directed the installer to the Macintosh HD mounted via Target Mode. That fixed my EFI partition and upon a reboot, FileVault functionality was restored. After doing that, I tried the High Sierra upgrade policy via Self Service and it worked!
I share this information because there are 2 takeaways from this:
1) I'm sure many others will eventually encounter this same firmware issue. I'm not saying this is the definitive cure for all instances of the dreaded Firmware error, but this is one that definitely worked for me.
2) I can confirm that the Self Service script that I mentioned above DOES work with High Sierra.
Now I eventually I will have to figure out the best way to image new Macs and to re-image older Macs since our firewalls and proxy block Internet Recovery. Then there's the whole matter of the EmbeddedOS with the TouchBar. UGH.
