Apple: SSH and FileVault

(keith.github.io)

507 points ingve | 1 comments | 18 Sep 25 20:15 UTC | HN request time: 0.205s | source

Show context

cjensen ◴[19 Sep 25 01:07 UTC] No.45296864[source]▶

>When FileVault is enabled, the data volume is locked and unavailable during and after booting

This is incorrect. Macs do only a tiny partial boot before showing the login. The real work is done after the machine is unlocked.

When using OpenCore on a Hackintosh, the unlock login is almost instantly presented after OpenCore completes its part of startup. Only after the unlock does MacOS startup really do anything.

It's awesome that someone has managed to get ssh to do the unlock, but saying the data volume is "locked... after booting" is going too far.

replies(4): >>45296982 #>>45297056 #>>45297387 #>>45297876 #

unloader6118 ◴[19 Sep 25 02:37 UTC] No.45297387[source]▶

>>45296864 #

You are confused. There are no "partial boot". This is fully booted in "before first unlock" state. Apple's public document always call it that way.

replies(1): >>45297509 #

dishsoap ◴[19 Sep 25 03:01 UTC] No.45297509[source]▶

>>45297387 #

In the past it used to work the way the parent comment is describing. The confusion is understandable. Apple basically got rid of macos and replaced most of it with things from ios in 2020, a lot changed.

replies(1): >>45303332 #

1. dcrazy ◴[19 Sep 25 16:13 UTC] No.45303332[source]▶

>>45297509 #

Your comment is overbroad as written, but it is close to true about the boot chain. The Apple Platform Security Guide [1] says: “When a Mac with Apple silicon is turned on, it performs a boot process much like that of iPhone and iPad.”

[1]: https://support.apple.com/guide/security/boot-process-secac7...

↑