Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: [Fed-Talk] Does FileVault2 support CAC/PIV at boot up yet? instead of user name and password? thank you

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Does FileVault2 support CAC/PIV at boot up yet? instead of user name and password? thank you

Subject: Re: [Fed-Talk] Does FileVault2 support CAC/PIV at boot up yet? instead of user name and password? thank you
From: "Rowe, Walter (Fed)" <email@hidden>
Date: Wed, 20 Jun 2018 14:01:48 +0000
Thread-topic: [Fed-Talk] Does FileVault2 support CAC/PIV at boot up yet? instead of user name and password? thank you

Is CryptoTokenKit accessed via Keychain or directly? Does it require things
like a CRL? Would PIV/CAC support at reboot require certificates to be
populated in a pre-boot accessible Keychain? Would it have access to a current
CRL? I’m not certain how keys for unlocking APFS are managed in the Preboot, or
how PIV/CAC/CRLs would be maintained and associated with specific users (along
with the requisite USB support mentioned in the prior messages).

Walter
--
Walter Rowe, Acting Chief
Infrastructure Services Division
OISM / NIST / US Dept of Commerce
Email: email@hidden<mailto:email@hidden>
Office: 301.975.2885
Mobile: 202.355.4123

On Jun 20, 2018, at 9:39 AM, Carib Mendez
<email@hidden<mailto:email@hidden>> wrote:

Currently there is still no way to use CAC/PIV at boot up. The current
prevailing solution seems to be to create a local user account that has the
ability to decrypt the drive but not without the ability to login to the
system. For the end user the steps then become:
• Use the File Vault password to unlock the drive
• The system will then boot to the regular login window
• They insert their CAC/PIV and login like regular.

Hopefully with the creation of the tokenKit framework and the native PIV
support it provides to macOS, we might see some PIV support for FileVault in
the future.

On Jun 19, 2018, at 06:14 PM, "Jacob, Raymond A Jr. CIV SPAWARSYSCEN-ATLANTIC,
59530" <email@hidden<mailto:email@hidden>> wrote:


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list
(email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list
(email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
https://na01.safelinks.protection.outlook.com/?url=https://lists.apple.com/mailman/options/fed-talk/walter.rowe%40nist.gov&data=02|01|email@hidden|e90581725fa449463c2208d5d6b33e65|2ab5d82fd8fa4797a93e054655c61dec|1|0|636650987693398715&sdata=0iGj1I82LoQzIG6bHsTm+Z2ewYjvVLw/9BWYsvhJxD8=&reserved=0

This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>Re: [Fed-Talk] Does FileVault2 support CAC/PIV at boot up yet? instead of user name and password? thank you (From: Carib Mendez <email@hidden>)

Prev by Date: Re: [Fed-Talk] Does FileVault2 support CAC/PIV at boot up yet? instead of user name and password? thank you
Next by Date: Re: [Fed-Talk] Does FileVault2 support CAC/PIV at boot up yet? instead of user name and password? thank you
Previous by thread: Re: [Fed-Talk] Does FileVault2 support CAC/PIV at boot up yet? instead of user name and password? thank you
Next by thread: Re: [Fed-Talk] Does FileVault2 support CAC/PIV at boot up yet? instead of user name and password? thank you
Index(es):
- Date
- Thread