Thursday, October 12, 2017

APFS and Institutional Recovery Keys

Rich Trouton:

This recovery key model has continued to be used on Apple File System (APFS), starting with macOS High Sierra 10.13.0, with one important difference:

  • You can encrypt an APFS boot drive using an IRK.
  • You cannot unlock or decrypt an encrypted APFS boot drive using an IRK.


The issue appears to be that a necessary function has not been added to the diskutil command line tool. For FileVault 2 on macOS Sierra and earlier, the command to unlock using an IRK is shown below[…]

Comments RSS · Twitter

Leave a Comment