I guess you know the blog of Rich Trouton? I can repair Macintosh HD, but it apparently becomes damaged again on subsequent attempts to enable FileVault. What stops me from setting up an institutional key is the potential for a single point of failure as reported above. You can also use the recovery key associated with an institutional key to authenticate the removal of that institutional key. Post was not sent – check your email addresses! The Ultimate Mac Security Guide: Notify me of new comments via email.

Uploader: Dulkis
Date Added: 10 July 2009
File Size: 38.38 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 55327
Price: Free* [*Free Regsitration Required]

FileVault Failed. The given disk is in us… – Apple Community

Using a DER encoded certificate file that contains the public key, the public key data for the plist can be obtained using the gjven tool by using the following command:.

You can optionally store your recovery key with Apple. Before OS X The Ultimate Mac Security Guide: Your email address will not be published.

James — Have you ever found a iflevault to this? Making it a technical requirement that the FileVaultMaster. Email required Address never made public. After trying to enable FileVault: I then copied the modified keychain to a Mac with a fresh install of Yosemite, and when I clicked Continue, the Mac reboots nearly right away.


There are two main types of recovery keys available: After restarting, Mac OS X will start encrypting all the data on your disk. To remove institutional recovery keys, run the following command:.

After trying to enable FileVault: This is the reason why you needed to set the Master Password before encrypting and why it was also important to use the same FileVaultMaster. Michael Dornisch 1. If you want to use an institutional recovery key on FileVault 2 encrypted Macs, you will need to ffilevault and configure a FileVaultMaster keychain. A typical security option is setting up a security question.

If you want to specify that sue the FileVaultMaster.

It will suffice when you leave your computer on at home, or grab a drink in the library, but someone with the prerequisite knowledge and a bit of time could still access your data.

Thanks for all of your time and effort on testing and documenting this.

Please see this post: Treat this as your password, it is just as powerful. After start-up, the entire drive is unlocked by logging in with an authorised user account. These tests are executed on a MacBook Air from around the time Lion launched. This gives Mac admins much greater ability to manage recovery keys, including the capability to quickly update or remove compromised institutional recovery keys in the event of a data breach or other problem. Write it down and double check it!


Have you used FileVault, or do you use another security solution? See this post for more details.

Using FileVault

You can post the contents of a public key to a public billboard without compromising the security of the encrypted volume. Once the recovery keys are removed, the only way to unlock the FileVault 2 encryption is by using the password of an enabled account.

To change to a new institutional recovery key, you will need to have the new public key available. For ease of deployment, you can package the FileVaultMaster. Copy the keychain with no private key to the new mac and place it here: Once authenticated, the institutional key is removed from the system and will no longer work.

Fill in your details below or click an icon to log in: After this, your Mac will prompt you to restart your computer.

Author: admin