JAMF have a great article on deploying the binary needed to set a firmware password on 2010+ Macs via the Casper Suite, here.
I recently had a chance to play with it, but found that the below command (which is used by the following EA to check EFI Password status) often returns nothing or just 0 after running. Regardless if an EFI password is set or not.
sudo /Library/Application\ Support/JAMF/bin/setregproptool -c
So below is a different version of the before linked Extension Attribute, using “expect” & maybe a inelegant check.. but hey, if it works!