How to bypass FileVault when you restart your Mac

SecurityIconXWhen you enable FiieVault on your Mac, you greatly enhance its security by encrypting all of its drive contents. This approach makes it exceptionally difficult for any data on the drive to be recovered; however, it does require that whenever you restart your Mac, you provide the password of an account that is authorized for unlocking the drive. Unfortunately, since the OS cannot boot until you provide this password, then this effectively locks out your ability to use your Mac, including accessing it remotely.

In most cases you will likely want your Mac to be locked when restarted and require physical access to unlock it; however, if you use your Mac as a small server of sorts, or more commonly if you use Apple’s Back To My Mac feature for screen sharing, then this might not be the case. After all, the requirement to be physically at your system to unlock the drive will break your ability to connect to the system.

This may have you thinking twice about using FileVault; however, there is an approach for restarting a FileVault-secured Mac that will allow you to perform a one-time bypass of your Mac’s login window, and have the system temporarily store the drive’s unlocking keys in memory so they can be used to unlock it, allow the system to load, and allow you to gain access to your system.

To do this, you will avoid using the Apple menu or other common methods of restarting your Mac, and instead use the Terminal to run the fdesetup utility for performing this operation:

fdesetup authrestart

When run from an account that is authorized to unlock the FileVault drive, this will result in your Mac restarting normally, and is useful for enacting any change to the system from a remote location that requires you restart your system.

4 thoughts on “How to bypass FileVault when you restart your Mac

    1. gskibum

      I’m not sure what you mean by “this.” If you’re referring to FileVault 2 in general then the answer is yes.

      However if you are referring to the technique detailed in this article, then the answer would be no. If you are able to bypass the hands-on requirement to unlock the drive with a FileVault 2 enabled account then LogMeIn would be running upon log-in (if LogMeIn is installed).

      1. BowdenData

        I was referring to FileVault 2 blocking remote access via LogMeIn, so thanks for the confirmation. In hindsight, it was kind of a silly question in that if LogMeIn was able to get around FileVault 2, then it would defeat the purpose of it.

Comments are closed.