fdesetup authrestart – FileVault 2’s one-time encryption bypass feature
OS X 10.8.2 included one important change to Apple’s fdesetup FileVault 2 management tool. fdesetup now has the authrestart verb, which allows a FileVault 2-encrypted Mac to restart and bypass the FileVault 2 pre-boot login screen. Instead, the Mac reboots as a unlocked system and goes straight to the regular login window.
When you run the fdesetup authrestart command, it asks for a password or recovery key. The password must be an account that has been enabled for FileVault 2 (i.e. an account that shows up at the FV2 pre-boot login screen.) After that, it puts an unlock key in system memory and reboots. On reboot, the reboot process automatically clears the unlock key from memory.
To show what this looks like, I’ve made a short video showing the process
Note: The video has been edited to artificially reduce the amount of time needed for the process. Run time of the pre-edited video was 4 minutes.
Nice new feature, but I don’t get it – for which situation should this be helpful?
And for installers that require post-reboot steps (i.e. DeployStudio)
Replying to Marcel: If you are doing after-hours maintenance on a number of machines, and would like to have them actually reboot into the OS vs. having them all stuck on the pre-boot screen (at which point you will have no remote access to them whatsoever).
Thanks for this tip Rich. This helps out if you do network profiles (AD or OD accounts) and want to have them log in, rather than a local account. Previously, if you don’t use this solution, you would have to login as one of the local accounts, then log out to the get the Name and password prompt(if that is your choice – it is for us and more secure environments) as opposed to list of users.
getting below error
lolluprasad:~ lollu$ fdesetup authrestart
Error: You must provide an action. Use ‘fdesetup help’ for help, or use the man page.
Something I discovered today: this will error out if you attempt it on a Mac that is still encrypting; wait for the encryption to finish, then it should work as expected.
authrestart is dependent on the OS being 10.8.2+ and is also hardware dependent. Tested it on 3 different platforms and one virtualized machine. Only an iMac12,1 and virtualized system both on 10.8.3 worked.
So Apple installed FileVault on my computer without my permission or knowledge (via auto updates). I was told at least one other person has had this issues so I know I’m not crazy. Anyhow, now I am locked out of my computer and cannot retrieve at least two years of files. Is there any hope beyond wiping the computer and losing everything? I feel like there has to be some genuis hacker out there who can help.
How do you make this work remotely if the reboot is precipitated by a system update?
I bought in iMac from someone on Craigslist – when I boot it up, it goes to that final screen in the video. I guess I’m not exactly sure how to get around that? Did I just waste money?