Mac OS X Updates Bypass FileVault 2
With Apple’s release of OS X 10.9.1, it looks like the automated FV 2 unlock process that Apple built into the Mavericks install process has been included with OS X updates. […] During the upgrade process, an unlock key is being put into the SMC by the update process to unlock the encrypted volume at boot. The reboot process then automatically clears the key from the SMC. This process is similar to how fdesetup authrestart works, except that the user is not being prompted to authorize it.
I’d rather the minor inconvenience of entering my password after a software update has restarted my Mac than automate the process and potentially create a window of vulnerability.
The problem is that 10.4.6 was the first time a Apple Software Update ever required a second restart. People who had shutdown their computers after the first restart were confused when their Macs failed to boot the next time they were turned on, and instead restarted a second time. Even worse was the fact the second restart often took several minutes to complete, causing impatient users to hold down the power button on their machines potentially corrupting Mac OS X.
The reason Apple is automatically unlocking FileVault 2 in Mavericks is to avoid the potential confusion a second restart would cause on today’s even larger and less prepared Macintosh user community.
I don’t think this fully explains what’s going on here. Macworld says:
The swap happens before you get to the login window, and the system restarts almost immediately afterwards, thus avoiding the potential conflicts.
Brand seems to be saying that FileVault needs to be unlocked so that the installation can be completed and the Mac restarted again. That’s fine; it restarts before the login window. However, Trouton’s video shows that, after the update, his Mac is left in a logged in state. Why?
1 Comment RSS · Twitter
I completely agree with the line of questioning you are asking. The purpose of my post was not to make excuses for Apple, but to explain a possible reason behind the break in FileVault’s security. As I said before it is hard to trust a closed-source operating system vendor like Apple with your security. We just don’t have all of the facts behind FileVault’s implementation or Apple’s commitment towards our privacy.