Working on partitioning MBPs running 10.9 with filevault 2 encryption with a fstab script (thanks Ben Toms) pointing /Users to Users HD that is encrypted during imaging (thanks Deflounder) and using jridgwell's Unlock https://github.com/jridgewell/Unlock to mount the encrypted Users HD when the user logs in. So far got it working.
Here is the problem. All of our users are admins (hopefully we can take that away) but in the meantime I am looking for a way to not allow them to use the "show password" feature of the System Keychain. This allows them to see the password used to encrypt the Users HD. Any ideas on how to not allow this?
Also, I don't really understand why Apple refers to FV2 as "whole disk encryption", it seems more to me as "volume based encryption". Maybe I am not encrypting it correctly? Is it possible to encrypt the WHOLE disk?