I've been doing a bit of research about FileVault and APFS recently, but it still confuses me. I learned about the two types of recovery keys for FileVault, personal recovery key and institutional recovery key. According to what I read, the personal one only works on the same device (if the Mac is broken, access will be impossible) and the institutional one requires an MDM, a PKI, and needs to be configured before the volume is encrypted.
Is there any device-independent recovery key that I can export from an unlocked volume and use for unlocking on any device?
Windows Bitlocker has this function and it is very handy, because in many situation you do not have to mess around with protectors or cryptousers, TPM/T2-chips and similar device-specific mechanisms. One basically exports the AES-key of the drive or something fully equivalent.
I read about a "secure token" but I did not really understand it. Could this be what I am thinking about?
Asked by dsfsdfdsf23
(31 rep)
Jun 24, 2021, 02:39 PM
Last activity: Apr 6, 2025, 02:23 PM
Last activity: Apr 6, 2025, 02:23 PM