Apple OS updates for Mavericks automatically bypass FileVault 2 login screen

Rich Trouton:

With Apple’s release of OS X 10.9.1, it looks like the automated FV 2 unlock process that Apple built into the Mavericks install process has been included with OS X updates.

During the upgrade process, an unlock key is being put into the SMC by the update process to unlock the encrypted volume at boot. The reboot process then automatically clears the key from the SMC. This process is similar to how fdesetup authrestart works, except that the user is not being prompted to authorize it.

I still don’t see the point of this feature within Mavericks, especially when used with Filevault 2. Is it really necessary to bypass having the user authenticate again after an OS upgrade or update?

I’d rather the minor inconvenience of entering my password after a software update has restarted my Mac than automate the process and potentially create a window of vulnerability.

Update: Thomas Brand has a great explanation of why OS X has this behaviour.

Leave a Reply

Your email address will not be published. Required fields are marked *