Cauliflower Vest: FileVault 2 management for enterprise

Google’s MacOps team has released a new open source toolset for managing FileVault 2 for the enterprise: Cauliflower Vest.

Cauliflower Vest offers the ability to:

  • Forcefully enable FileVault 2 encryption.
  • Automatically escrow recovery keys to a secure Google App Engine server.
  • Delegate secure access to recovery keys so that volumes may be unlocked or reverted.

http://google-opensource.blogspot.com/2012/02/cauliflower-vest-end-to-end-os-x.html

http://code.google.com/p/cauliflowervest/

Cauliflower Vest: FileVault 2 management for enterprise

4 thoughts on “Cauliflower Vest: FileVault 2 management for enterprise

  1. Hi Greg. I saw some of your comments on the cauliflower-vest group. I started a script for storing the key in AD. Not sure if you are still interested but I thought I would let you know. You can head to my website and see what I have so far. I have more work to do but it does work.

    Thanks,
    Chris

    1. We don’t use AD, so this specific solution doesn’t work for me. What happens if a machine has multiple boot drives, each encrypted with FV2?

      1. The script works with AD or OD. I haven’t tried it with multiple drives so YMMV. I am mostly using it to streamline the imaging process. It also doesn’t take into account dual directory auth.

  2. Tim Votaw says:

    Hello Greg,

    It’s been a few years since I last talked to you while at Disney. When you get a moment I would like to pick your brain on how you were able to bypass using the Google App Engine. You can reach me at twvotaw@mac.com

    Hope all is well.

    Kindest Regards,
    Tim Votaw

Comments are closed.