Where does OS X keep the FileVault password during reboots in an upgrade?

macos security password filevault

Solution 1:

There's an OS X feature called authenticated restart that stores the FileVault key in the SMC for the duration of the reboot. Apple acknowledges in the manpage that it does reduce FileVault security for the duration of the restart:

On supported hardware, fdesetup allows restart of a FileVault-enabled system without requiring unlock during the subsequent boot using the authrestart command.

WARNING: FileVault protections are reduced during authenticated restarts.

In particular, fdesetup deliberately stores at least one additional copy of a permanent FDE (full disk encryption) unlock key in both system memory and (on supported systems) the System Management Controller (SMC). fdesetup must be run as root and itself prompts for a password to unlock the FileVault root volume. Use pmset destroyfvkeyonstandby to prevent saving the key across standby modes. Once authrestart is authenticated, it launches reboot(8) and, upon successful unlock, the unlock key will be removed.

Related

Machine Learning on external GPU with CUDA and late MBP 2016?
Terminal login hangs
How can I pair my Magic Trackpad with multiple Macs?
Why do I have to drag my new apps into the application folder?
How do you type a true minus sign (not a hyphen) on a Mac?
Is there a Mac OS X equivalent of the Linux iwconfig command?
Copy and pasting between host and VM
XCode 6 on Yosemite crashing in fullscreen mode when build & running app on device
How can I disable Universal Clipboard on macOS and iOS?
How can I add Trash icon to the sidebar in Mac OS X Lion?
Stolz-Cesàro Theorem
Prove: $\int_0^1 \frac{\ln x }{x-1} d x=\sum_1^\infty \frac{1}{n^2}$