570: Mac Security

darranwest · January 21, 2021, 3:15pm

I use a Logitech keyboard connected to my Mac Mini via Bluetooth. Like you I found that I could not unlock the machine when it restarted. You can use a terminal command to unlock FileVault when rebooting so that it gets you back to the normal user login screen. At this point your Bluetooth keyboard will work. If you have screen sharing enabled you can run this from a remote machine and once the reboot has taken place you can access the standard login screen from the remote machine.

The terminal command to use is

sudo fdesetup authrestart

This will ask you for your password and then restart the Mac. It will store your password in memory while rebooting and unlock FileVault. This will get you back to the standard login screen, at which point you can use your Bluetooth keyboard. If you are connected to your Mac through screen sharing you can also log back in at this point.

I have this configured through Keyboard Maestro with my login password saved in Keychain. When run KM closes all open programs, gets the password from Keychain, opens terminal and runs the fdsetup command. It then pastes in the password and presses enter for me to restart my Mac. I have one of the smaller Stream Decks and can run all of this by pressing one button.

If you use KM and would like more details about the routine I have setup please let me know.

mrichardson03 · January 21, 2021, 4:17pm

I appreciate the offer, but I gave up on it a while ago and just plugged in via USB. The simplest solution wins for now.

darranwest · January 21, 2021, 4:41pm

No problem. There are times in life where the path of least resistance is the best one to take

aardy · January 21, 2021, 4:46pm

I use the Logitech dongle rather than bluetooth and this does allow you to use the keyboard to unlock the machines at reboot

darranwest · January 21, 2021, 5:53pm

I did use the dongle for a time but I kept having issues with the keyboard not responding. No matter where In placed the keyboard in relation to the dongle I would still get intermittent errors where keystrokes were not always picked up. After persevering with this for a few weeks I started to use Bluetooth and the problem has never returned. The only issue was unlocking FileVault at startup. However, once I found out this could be done through terminal to get back to the standard sign in screen, I stopped trying to look for what caused the problem with the dongle.

ibuys · January 21, 2021, 7:19pm

I’m crying here… this is hilarious.

webwalrus · January 21, 2021, 7:24pm

Until Apple remedies this clear and obvious threat to user safety, I refuse to buy another Apple product.

webwalrus · January 21, 2021, 7:34pm

Hey, I have it on good authority that you could crack open the case and de-solder / re-solder the RAM chips built into your Mac’s motherboard in less than 10% of the time it takes to do your obligatory code audit on Chromium. If only Apple hadn’t built the thing with a T2, users would have total freedom to replace their hard drives.