fdesetup authrestart – FileVault 2’s one-time encryption bypass feature

OS X 10.8.2 included one important change to Apple’s fdesetup FileVault 2 management tool. fdesetup now has the authrestart verb, which allows a FileVault 2-encrypted Mac to restart and bypass the FileVault 2 pre-boot login screen. Instead, the Mac reboots as a unlocked system and goes straight to the regular login window.

When you run the fdesetup authrestart command, it asks for a password or recovery key. The password must be an account that has been enabled for FileVault 2 (i.e. an account that shows up at the FV2 pre-boot login screen.) After that, it puts an unlock key in system memory and reboots. On reboot, the reboot process automatically clears the unlock key from memory.

To show what this looks like, I’ve made a short video showing the process

Note: The video has been edited to artificially reduce the amount of time needed for the process. Run time of the pre-edited video was 4 minutes.