Giter VIP home page Giter VIP logo

filevaultsetup's Introduction

#FileVault Setup

A simple interface for using fdesetup at login time. Supports a single user setup with an FMVI.

In the interest of clarity, this is not a key escrow utility. It is only meant to assist your users in setting up FileVault.

screenshot

##Requirements

Only runs on Mac OS X 10.8.0 or greater

##Overview

This app was designed to be called by a Mac OS X loginhook.

When run as a loginhook, there are two "modes":

  1. Optional

In optional activation mode, the user is presented with the opportunity to enable FileVault, or opt out.

  1. Enforced

In enforced mode, the user must activate FileVault to proceed with login.

The default mode is optional, but if you wish enforce FileVault activation, you may do so using MCX policy or by overriding the defaults from the command line (see below).

##Build/Download

Use Mac OS X 10.8 and Xcode (4.6 recommended) to build the app.

You can also download the pre-compiled app here...

DOWNLOAD

##Installation

You can install it anywhere, though the Applications or Utilities folder is reccommended.

##LoginHook

Once installed, you can activate the app via loginhook:

sudo defaults write com.apple.loginwindow LoginHook /Applications/FileVault\ Setup.app/Contents/MacOS/FileVault\ Setup

http://support.apple.com/kb/HT2420

Alternatively, you can create a custom launch/wrapper script that calls the app.

##Preferences

Preferences are stored in the domain: ca.sfu.its.filevaultsetup

FileVault Setup accepts four defaults:

  1. FVSDoNotAskForSetup: suppresses prompting the user to enable FileVault, default is NO/FALSE

  2. FVSForceSetup: enforces the setup and arrests login until the user accepts, default is NO/FALSE

  3. FVSUseKeychain: enforces the use of the FileVaultMaster.keychain, default is YES/TRUE

  4. FVSCreateRecoveryKey: enforces the creation of a Personal Recovery Key, default is YES/TRUE

Note: if you want to change the behaviour of the app without using MCX or defaults, you can pass FileVault Setup an argument like this...

/Applications/FileVault\ Setup.app/Contents/MacOS/FileVault\ Setup -FVSForceSetup YES

Basic Operation

FileVault Setup is just a friendly face for /usr/bin/fdesetup.

When launched via a loginhook, FileVault Setup will be operating with root priviledge -- this escalation is what allows ANY user to enable FileVault.

Conversely, when the app is launched by a console user other than root, the app simply acts as an intereface for toggling the FVSDoNotAskForSetup preference.

FileVault Setup should work for any user already authenticated at the loginwindow, but the user MUST enter their password a second time to begin the setup.

###Single User

FileVault Setup is only used for intial setup and only handles adding a single user account to the Mac's FileVault configuration.

###Personal Recovery Key

By default, FileVault Setup emits a property list containing a Personal Recovery Key to:

/private/var/root/fdesetup_output.plist

You can suppress the creation of a PRK by using:

/Applications/FileVault\ Setup.app/Contents/MacOS/FileVault\ Setup -FVSCreateRecoveryKey NO

Or setting the preference...

sudo defaults write /Library/Preferences/ca.sfu.its.filevaultsetup FVSCreateRecoveryKey -bool NO

###FileVaultMaster.keychain

By default, the app will try and use /Library/Keychains/FileVaultMaster.keychain when activating FileVault.

Read more about creating and using a FileVaultMaster.keychain ...

If you do not wish to use an Institutional Recovery key, you must suppress this behaviour.

/Applications/FileVault\ Setup.app/Contents/MacOS/FileVault\ Setup -FVSUseKeychain NO

Or setting the preference...

sudo defaults write /Library/Preferences/ca.sfu.its.filevaultsetup FVSUseKeychain -bool NO

###PRK or Keychain

Like the fdesetup utility it relies on, FileVault Setup will generate an error if you do not specify at least one of the accepted remediation mechanisms, either FVSUseKeychain or FVSCreateRecoveryKey.

The default for both these options is YES.

Attempts to simultaneouesly negate them both, like this...

/Applications/FileVault\ Setup.app/Contents/MacOS/FileVault\ Setup -FVSCreateRecoveryKey NO -FVSUseKeychain NO

Will result in an error. You MUST use at least one.

###Issues/Feature Requests

Please use GitHub to log issues or feature requests.

##Credits

Special thanks to Rich Trouton (http://derflounder.wordpress.com) for his valuable input and testing, as well as the rest of the Mac Dev Team at SFU.

filevaultsetup's People

Contributors

dayglojesus avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.