Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

  • Print
  • + Share This
From the author of

Automating fdesetup authrestart in 10.9.x or Later

One of the more interesting functions in Apple's fdesetup tool is the authrestart verb, which allows a FileVault 2–encrypted Mac to restart and bypass the FileVault 2 pre-boot login screen. Instead, the Mac reboots as an unlocked system and goes straight to the regular login window.

When you run the fdesetup authrestart command, it asks for a password or a personal recovery key. If using a password, the password must be an account that has been enabled for FileVault 2. After that, it puts an unlock key in system memory and reboots. The reboot process automatically clears the unlock key from memory.

For those who want to automate this process, Apple added some functionality to fdesetup authrestart in OS X 10.9.x to support importing the authentication via a properly formatted plist. The plist needs to follow the format shown below (see Figure 37):

<?xml version=”1.0” encoding=”UTF-8”?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN”
”http://www.apple.com/DTDs/PropertyList-1.0.dtd”><plist version=”1.0”>
<dict>
<key>Password</key>
<string>password</string>
</dict>
</plist>
Figure 37

Figure 37 Plist format for use with fdesetup authrestart.

Store either the password of an existing FileVault 2–enabled user or the existing personal recovery key in the Password key in the plist file.

Once the plist file has been set up and properly formatted, run the following command with root privileges to run the authrestart process and reference the password or recovery key in the plist file for authentication (see Figure 38):

fdesetup authrestart -inputplist < /path/to/filename.plist
Figure 38

Figure 38 Running fdesetup authrestart and referencing authentication from a plist file.

When the command runs, it puts an unlock key in system memory and reboots the Mac to the OS login window. As part of the Mac's restart, the reboot process will automatically clear the unlock key from memory.

  • + Share This
  • 🔖 Save To Your Account