FileVault2 testing

Krumthi
New Contributor

So let me give you a little background first.

We are a new shop with Casper and we have been working with starting to encrypt our laptops with FileVault2 . We have got all of the setup and everything done. What I have been looking for and I haven't been able to find is ways to break FileVault to do testing on what steps are needed to get into the recovery key etc. I have a VM setup that is encrypted and I have been able to put in my password wrong several times and it allows the recovery key to get me in and it makes change the password on the account. I am pondering if there are other things that we can do to break FileVault2 and what other things that you in the wild has done. I am looking for any information that you can throw at me.

Thank you for helping me.

1 REPLY 1

nessts
Valued Contributor II

The things to look for are encrypted machines that you do not have a valid recovery key for, there are built in flags for this in the JSS. those can be remedied without decrypting and encrypting again. And there are several posts about how to do that in the JSS with built in commands.
Also, sometimes you will get encrypted but unknown status for the recovery key, that means you have to decrypt and encrypt through the JSS.

If anything else besides forgetting a password goes wrong you will likely be rebuilding the machine as it would be likely do to hardware failure.