So our good friends at Google open sourced a way to manage FileVault 2 keys. Using Google’s App Engine on the backend you can now store the master key for each computer that encrypts its drive with FileVault. Below are the highlights of their tools.
- Force enable FileVault 2 encryption.
- Automagically escrow the recovery keys to a Google App Engine.
- Delegate secure access to the recovery keys.
I have just started installing the source and am going to try mucking around with the command line tools. Once I get a good handle on how these could be used in a corporate environment I will attempt to tackle the App Engine issue. While some organizations will love this feature I don’t see Fortune 1000 companies being excited to place their FileVault keys on Google’s infrastructure. That said, if there is a way to create a VM that can interface with the tools that Google has created this would be a boon for Enterprise Mac Admins.
More to come…