Archive

Archive for October, 2017

Slides from the “APFS and the Jamf Admin” session at Jamf Nation Conference 2017

October 25, 2017 1 comment

For those who wanted a copy of my APFS talk at Jamf Nation Conference 2017, here are links to the slides in PDF and Keynote format.

PDF – http://tinyurl.com/jnuc2017pdf

Keynote – http://tinyurl.com/jnuc2017key

Resizing a macOS VM’s APFS boot drive to use all available disk space

October 18, 2017 1 comment

A while back, I wrote a post on how to resize the boot drive of an existing virtual machine. However, that guidance only applies to a boot drive that uses HFS+ for its filesystem.

Now that Apple File System (APFS) is available and the default file system on macOS High Sierra, a different procedure must be used in order to resize the APFS-formatted boot drive of an existing virtual machine. For more details, see below the jump.

Read more…

Unlocking or decrypting using an institutional recovery key does not work with encrypted APFS boot drives on macOS High Sierra 10.13.0

October 10, 2017 7 comments

As part of Apple’s FileVault 2 encryption, Apple has provided for the use of recovery keys. These keys are a backup method to unlock FileVault 2’s encryption in the event that the usual method of logging using a user’s account password is not available.

There are two main types of recovery keys available:

1. Personal recovery keys (PRK) – These are recovery keys that are automatically generated at the time of encryption. These keys are generated as an alphanumeric string and are unique to the machine being encrypted. In the event that an encrypted Mac is decrypted and then re-encrypted, the existing personal recovery key would be invalidated and a new personal recovery key would be created as part of the encryption process.

Screen Shot 2017 10 10 at 5 24 11 PM

2. Institutional recovery keys (IRK) – These are pre-made recovery keys that can be installed on a system prior to encryption and most often used by a company, school or institution to have one common recovery key that can unlock their managed encrypted systems.

Screen Shot 2017 10 10 at 12 48 16 PM

This recovery key model has continued to be used on Apple File System (APFS), starting with macOS High Sierra 10.13.0, with one important difference:

  • You can encrypt an APFS boot drive using an IRK.
  • You cannot unlock or decrypt an encrypted APFS boot drive using an IRK.

 

Update 11-3-2017: This has been fixed in macOS 10.13.1. For information on how to unlock and decrypt an encrypted APFS boot drive using an IRK, please see the link below:

Unlock or decrypt an encrypted APFS boot drive from the command line


 

For more details, see below the jump.

Read more…

%d bloggers like this: