How to Bypass a FileVault Password On a Per Boot Basis with Mac OS X

Mar 6, 2015 - 12 Comments

FileVault Using FileVault full disk encryption is one of the better ways to protect your Mac and personal documents from prying eyes and password resets, but if you’re troubleshooting a Mac with FileVault, either your own or someone else’s, it’s kind of annoying to have another layer of passwords necessary to enter before you’ll be able to get in. Additionally, for situations where you’re performing remote management or administration tasks through SSH or Remote Login, if you were to need to reboot the remote Mac to install an OS X update, you wouldn’t be able to enter the necessary FileVault password, right? Well, yes, unless you temporarily bypass FileVault with an authorized restart.


Using Authenticated Restart allows you to bypass entering a FileVault password on a per-boot basis. In other words, it does not disable FileVault for more than the specific reboot, which can be really helpful for remote management purposes.

Issuing an Authenticated Restart requires using the Terminal and the fdesetup command and you will need the admin password. You can always check to see if FileVault is enabled by using a variation of fdesetup as well. Here’s the command to use:

sudo fdesetup authrestart

Once you enter the admin password the Mac will reboot directly from the command line, but rather than a standard sudo shutdown -r command and boot, you’re basically pre-authorizing the restart to bypass FileVault on the next system start.

Do note that not all Macs have this feature and allow temporary FileVault bypass this way, it’s mostly fairly new machines that do. You can check manually with the following command string:

fdesetup supportsauthrestart

If “true” is echoed back, you’re good to go. If it says “false”, you’ll probably want to skip the reboot otherwise the Mac will be unavailable until the FileVault password has been entered manually in person.

According to Apple, the list of Macs that do support FileVault authenticated restart are as follows:

  • MacBook Air (Late 2010) and later
  • MacBook (Late 2009) and later
  • MacBook Pro (Mid 2009) and later
  • Mac mini (Mid 2010) and later
  • iMac (Late 2009) and later
  • Mac Pro (Late 2013)

So the next time you’re doing some remote management, system updates, troubleshooting, or whatever else, keep this in mind.

Do keep in mind this only applies to FileVault security, there is no way to remotely bypass a hardware-based firmware password that has been set on a Mac.

Heads up to LifeHacker for the excellent tip find.

.

Related articles:

Posted by: Paul Horowitz in Command Line, Mac OS, Tips & Tricks

12 Comments

» Comments RSS Feed

  1. anonymous says:

    So I can get into someone else’s mac even if they have file vault?

  2. Fei says:

    how to make this permanent?
    Due to power failure?

  3. Rudi says:

    Security hole?!

  4. Kavinz says:

    Testing out this trick from ssh worked just fine

  5. kazuba says:

    Helpful for remote troubleshooting great tip

  6. MacMedix says:

    Doesn’t seem to work on OSX 10.8.5 Mtn Lion; Mac Mini Late 2012. (FileVault not in use on this Mac, so I’m guessing wrong OSX)

    ~ root# fdesetup supportsauthrestart
    Error: You must provide an action. Use ‘fdesetup help’ for help, or use the man page.
    ~ root# fdesetup status
    No conversion in progress
    ~ root# fdesetup version
    fdesetup: Version 1.35

  7. yyzguy says:

    Is it really “bypassing” filevault, or more likely, storing and using the credentials for the next boot, and then (hopefully), clearing the stored credentials.

    • gihe says:

      Yes, exactly. As described. Bypass Filevault on the next boot, Filevault stops storing the credentials temporarily after that.

      • DeusExMachina says:

        “Yes, exactly.”
        It can’t be both. If it is storing the credentials, it is not bypassing FileVault, it is merely bypassing the authorization process.
        This is an important distinction.

Leave a Reply

 

Shop on Amazon.com and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks

News

iPhone / iPad

Mac

Troubleshooting

Shop on Amazon to help support this site