search

cybertunnel / Filevault-Reissue

This application prompts end users for username and password to automatically reissue a recovery key.
GNU General Public License v3.0
33 stars 4 forks source link

readme

Swift 5.0 macOS 10.13 macOS 10.14 macOS 10.15 macOS 10.16 macOS Dark Mode

License: GPL v3 Current Filevault-Reissue Version

Filevault-Reissue

Filevault-Reissue's goal is to provide a sleek and elegant UI for reissuing Apple's Filevault recovery key.

In Action

Prompt User Sees

Filevault Reissue Prompt

More Information Dialog

Filevault Reissue Info Dialog

Filevault Reissue Key Display

Silent Reissue

Filevault-Reissue has the ability to silently reissue the recovery key if a administrator username and password is provided.

Ex: /path/to/filevault --admin-usernames=uniadmin,localadmin --admin-passwords=supers3cret,monkeybones123

The above example will try to authenticate to Filevault using both uniadmin and localadmin with both of the provided passwords supers3cret and monkeybones123. Keep in mind you may need to properly escape special characters.

Quick Start

  1. Download latest version from the Releases
    • We only have Betas right now
  2. Sign & Notarize the app for best results.
  3. Configure preferences for the following keys:
Key Name Description Type Example
viewTitle This is the text displayed to the end user, usually set to the company's name String Acme Corporation
viewInstructions This is the text displayed to the end user, usually a blurb around why this is occuring and why they should care String Our management server does not have a valid recovery key for this device. Please enter the username and password you use to unlock this machine after your system reboots.
viewLogoPath This is the logo that is displayed to the end user. Usually the company logo. String /var/tmp/companyLogo.png
suppressRecoveryKey This will prevent the user from seeing the new recovery key when issued. True / False False
successAlert If suppressRecoveryKey is true, you can set this to show an alert after the key is rotated witout it being shown. By default, no alert is shown and the app will quit. Truse / False True
successKeyMessage If the successAlert key is set, you can customize the success message. By default, the message is "Successfully reissued the recovery key on this machine." String Your key has been reissued!
usernamePlaceholder This is what will hold the place of the username field. Usually input a generic username that matches your scheme. String johnsmith
passwordPlaceholder This is what will hold the place of the password field. Feel free to be creative according to your company policy String P@$5\/\/0rcl
moreInformationText This is the text a user will be presented with if they click on the "More Information" button on the window String Acme uses the recovery key in our management servers to securely and safely enable your machine to unlock in the event your device has trouble unlocking.
  1. Edit postinstall in installer/scripts/ with your administrative accounts and passwords.
    • --admin-usernames should look like --admin-usernames="ladmin,itadmin,john"
    • --admin-passwords should look like --admin-passwords="SuperMonkey123","Password"
  2. Run the build.sh script in installer/ to build the package
  3. Sign the package
  4. Deploy
  5. Drink coffee and watch results

Release History

The release history is available here.

Getting Help

This project does not have a dedicated channel on the MacAdmins Slack instance, but you can directly message me under the username @cybertunnel. As always, if you have an issue, please open an issue in this repository so I can allocate time to resolve the issue, or add the feature requested.

Contributing

I cybertunnel have been working on this project for the company I currently work for. I have spent these past few months making it more customizable and stable for general use.

Please feel free to fork and contribute.