Cauliflowervest and Apple MDM FileVault Escrow Redirect

19 views
Skip to first unread message

John Lockwood

unread,
Oct 27, 2017, 11:46:18 AM10/27/17
to cauliflowervest-discuss
Apple compatible MDM solutions e.g. Profile Manager and JAMF now support a mechanism whereby not only is FileVault encryption mandated (as before) but the personal recovery key is escrowed to a server designated by the MDM system in the profile.

It is not explicitly defined but one could presume that it is taking the pre-existing iCloud escrow solution and 'redirecting' it to your own compatible server e.g. Profile Manager or JAMF.

This means that no additional client needs to be installed on a Mac and also means it potentially would be possible for a Cauliflowervest server to act as a suitable recipient server.

I would be fairly confident this is not currently possible with the existing Cauliflowervest server but would there be any likelihood of this capability being added?

Since Cauliflowervest currently relies on the ancient and deprecated loginhook mechanism this might kill two birds with one stone.

Maxim Ermilov

unread,
Oct 27, 2017, 6:19:09 PM10/27/17
to cauliflower...@googlegroups.com
Hi,

> would there be any likelihood of this capability being added?

It's an interesting idea but not something we're planning on doing at the moment.
Pull requests are always welcome;)

> since Cauliflowervest currently relies on the ancient and deprecated loginhook mechanism 

periodical check can be used instead.

_____
Maxim

_____
Maxim

--
You received this message because you are subscribed to the Google Groups "cauliflowervest-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cauliflowervest-discuss+unsub...@googlegroups.com.
To post to this group, send email to cauliflowervest-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/cauliflowervest-discuss.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages