Re: [Fed-Talk] Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
Re: [Fed-Talk] Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
- Subject: Re: [Fed-Talk] Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
- From: "Blumenthal, Uri - 0553 - MITLL" <email@hidden>
- Date: Wed, 20 Jun 2018 14:56:56 +0000
- Thread-topic: [Fed-Talk] Shawn Geddis, Can you help a brother out? issue: Macs at my office are going away because PIV/CAC authorization not supported at boot up i.e. like bitlocker.
On 6/20/18, 10:51, "Fed-talk on behalf of Jacob, Raymond A Jr. CIV
SPAWARSYSCEN-ATLANTIC, 59530" <fed-talk-bounces+uri=email@hidden
on behalf of email@hidden> wrote:
Shawn:
Macs at my office are going away because PIV/CAC authorization not
supported at boot up i.e. like bitlocker.
That's a pity - here we seem to be OK with password-unlocked FV2, and PIV/CAC
login to the OS when it's up and running.
PS: I think the next battle front is TPM vs SEP but that fight is for
another day.
We consider Yubikey 4 Nano (touch-enabled policy) as a "poor-man-substitute"
for the built-in TPM. Until SEP is more mature and undergoes enough testing,
this approach seems best. It works fine as a substitute for derived
credentials. ;-)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden