Wednesday, January 17, 2018

macOS High Sierra remote reboot encrypted drive

When you reboot a macOS computer with an encrypted drive, you must login to unlock the volume before the boot process can complete. This creates a problem if you are working remotely.

The solution is to add a key temporarily in memory to make it through the reboot process.

Is FileVault on? If off, you don’t have to do any of this.

$ sudo fdesetup status
FileVault is On.

Does your hardware support authrestart? If not, this doesn’t help.

$ fdesetup supportsauthrestart

Turn on authrestart, but don’t reboot yet.

$ sudo fdesetup authrestart -delayminutes -1

The old prompt wants a recover key or an admin password? confusing question. This was changed in the current OS to ask for a username of a user who is authorized to unlock the drive.

Enter a password for '/', or the recovery key: # enter the admin password, or the internal drive key

The new version asks for a username and then a password

$ sudo fdesetup authrestart -delayminutes -1
Enter the user name:support
Enter the password for user 'support':

other useful commands

list of users who are able to unlock a FileVault volume.

$ sudo fdesetup list