FileVault 2 Escrow. Enter Cauliflower Vest

      No Comments on FileVault 2 Escrow. Enter Cauliflower Vest

So our good friends at Google open sourced a way to manage FileVault 2 keys.  Using Google’s App Engine on the backend you can now store the master key for each computer that encrypts its drive with FileVault.  Below are the highlights of their tools.

  • Force enable FileVault 2 encryption.
  • Automagically escrow the recovery keys to a Google App Engine.
  • Delegate secure access to the recovery keys.

I have just started installing the source and am going to try mucking around with the command line tools.  Once I get a good handle on how these could be used in a corporate environment I will attempt to tackle the App Engine issue.  While some organizations will love this feature I don’t see Fortune 1000 companies being excited to place their FileVault keys on Google’s infrastructure.  That said, if there is a way to create a VM that can interface with the tools that Google has created this would be a boon for Enterprise Mac Admins.

More to come…

Leave a Reply

Your email address will not be published. Required fields are marked *