Cauliflower Vest: FileVault 2 management for enterprise
Google’s MacOps team has released a new open source toolset for managing FileVault 2 for the enterprise: Cauliflower Vest.
Cauliflower Vest offers the ability to:
- Forcefully enable FileVault 2 encryption.
- Automatically escrow recovery keys to a secure Google App Engine server.
- Delegate secure access to recovery keys so that volumes may be unlocked or reverted.
http://google-opensource.blogspot.com/2012/02/cauliflower-vest-end-to-end-os-x.html
http://code.google.com/p/cauliflowervest/
Explore posts in the same categories: Deployment, Lion, OS X, Security
April 12, 2012 at 6:37 am
Hi Greg. I saw some of your comments on the cauliflower-vest group. I started a script for storing the key in AD. Not sure if you are still interested but I thought I would let you know. You can head to my website and see what I have so far. I have more work to do but it does work.
Thanks,
Chris
April 12, 2012 at 7:40 am
We don’t use AD, so this specific solution doesn’t work for me. What happens if a machine has multiple boot drives, each encrypted with FV2?
April 12, 2012 at 7:58 am
The script works with AD or OD. I haven’t tried it with multiple drives so YMMV. I am mostly using it to streamline the imaging process. It also doesn’t take into account dual directory auth.
November 13, 2012 at 6:32 pm
Hello Greg,
It’s been a few years since I last talked to you while at Disney. When you get a moment I would like to pick your brain on how you were able to bypass using the Google App Engine. You can reach me at twvotaw@mac.com
Hope all is well.
Kindest Regards,
Tim Votaw