+3Greetings!
We use FileVault through Jamf Pro and we also have a mixed bag of Intel and Apple Silicon laptops. As far as our Jamf Protect Complaince report, ALL of the Apple Silicon machines show as "Pass" and ALL of the Intel machines show as "Fail". I've been poking around online trying to figure that one out, but can't seem to find anything.
Has anyone else experienced this phenomenon and found a fix?
Thank you
Best answer by Jordy-Thery
Do you have a remediation in place to set the FileVault key to be destroyed on hibernate for Intel? That's not a default setting...
/usr/bin/pmset -a standbydelaylow 900
/usr/bin/pmset -a standbydelayhigh 900
/usr/bin/pmset -a highstandbythreshold 90
/usr/bin/pmset -a hibernatemode 25
Would be the commands to set it. Look at "8.10. Enable Hibernate Mode (Intel)" from the macOS Security Compliance Project if you are leveraging that.
+11Do you have a remediation in place to set the FileVault key to be destroyed on hibernate for Intel? That's not a default setting...
/usr/bin/pmset -a standbydelaylow 900
/usr/bin/pmset -a standbydelayhigh 900
/usr/bin/pmset -a highstandbythreshold 90
/usr/bin/pmset -a hibernatemode 25
Would be the commands to set it. Look at "8.10. Enable Hibernate Mode (Intel)" from the macOS Security Compliance Project if you are leveraging that.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.