• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen

  • Subject: Re: [Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen
  • From: "Link, Peter R." <email@hidden>
  • Date: Fri, 10 Feb 2012 15:23:51 -0800
  • Acceptlanguage: en-US
  • Thread-topic: [Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen
Not exactly. I worked with Rich Trouton on this and you can create an encrypted volume using the command line without enabling any users. You get the same kind of passphrase entry prompt you get when mounting an external drive encrypted using FileVault-2. Unfortunately, you still only get 8 lines of banner text, which is also used for the screen saver (only shows three lines). Once you create your FileVault-2 encrypted volume using the command line (you can watch its progress through the Security/Filevault system preference), you can always enable specific users any time you want.

What this procedure does is initially not show users but only the disk password. Organizations might not like this but all this does is unlocks the drive. You still have to enter a username and password to get to data.

I had to mess around a couple times to get the process down but start by setting up a FileVault keychain, escrow it using established procedures, then encrypt your volume and everything should work fine.

>diskutil cs convert disk0s2 -passphrase
enter passphrase twice
replace disk with HFS volume as shown using diskutil list.


On Feb 10, 2012, at 4:45 AM, Kyle Comboy wrote:

> No.  A "file vaulted" user has to provide credentials in order to boot
> which is why the list shows.
>
> -Kyle
>
> On Feb 10, 2012, at 7:36 AM, Robert Jacobson <email@hidden> wrote:
>
>>
>> Does the pre-boot login screen always show a user list; i.e. is there a
>> way to set it to require username entry (like you can for the normal
>> login screen)?
>>

Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden




 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen (From: "Trouton, Rich R" <email@hidden>)
 >Re: [Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen (From: Robert Jacobson <email@hidden>)
 >Re: [Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen (From: Kyle Comboy <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen
  • Next by Date: [Fed-Talk] Death of signatures
  • Previous by thread: Re: [Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen
  • Next by thread: Re: [Fed-Talk] Setting a text-only login banner at the FileVault 2 pre-boot login screen
  • Index(es):
    • Date
    • Thread