Home > FileVault 2, MacIT Conference 2014 > Slides from the FileVault 2 Session at MacIT 2014

Slides from the FileVault 2 Session at MacIT 2014

For those who wanted a copy of my FileVault 2 talk at MacIT 2014, here are links to the slides in PDF and Keynote format.

PDF: http://tinyurl.com/macit14fv2PDF

Keynote slides: http://tinyurl.com/macit14fv2keynote

  1. Matt Cahill
    March 27, 2014 at 12:42 am

    Hi Rich,
    Thanks for posting these slides, as always they are extremely helpful!
    We are having an issue here that is due to us using puppet for config management. Puppet can change an account’s password from underneath filevault leaving the two “accounts” out of sync password wise.
    ‘fdesetup sync’ sounds like it should be the perfect solution but it doesn’t seem to sync the password, so as a result I am using an expect script to remove the account and re-add it as a work around. This is obviously a bit more complicated in Mavericks as only a filevault account can add another user.
    Do you know of any way to force a password sync?

    Many thanks,

    Matt

    p.s.
    I’ve tried the *.efires trick to no avail too.

  2. March 27, 2014 at 9:36 am

    Reblogged this on sea-swoon and commented:
    FileVault 2

  3. March 27, 2014 at 11:45 pm

    Matt,

    As far as I’m aware, the way Puppet updates password is by accessing the relevant account’s plist and changing the password hash to match the desired hash for the new password. (General idea is described as part of this Puppet bug report: http://projects.puppetlabs.com/issues/12833). The password update process that Apple uses for the FileVault 2 pre-boot login screen requires the password to be changed in a way that opendirectoryd is aware of the change (as that’s how the update process gets run.)

    Swapping the hash is not something that opendirectoryd is in the loop for, so that password update process for FileVault 2 does not run when the password is changed via a hash swap. The opendirectoryd module that does this update is named FDESupport. When the update process for a user is successful, you should see something like this in /var/log/opendirectoryd.log:

    Module: FDESupport - Updated passphrase for 8796F4D2-970A-4E12-B71D-B9C6CD8FD596
    
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 159 other followers

%d bloggers like this: