FV Recovery Key Redirection 10.13

New Contributor III

Hi there,

We make use of the script written by Sam Fortuna to redirect invalid or missing personal keys into the JSS. We get a few instances of this each month, usually coinciding with AD password resets.

In testing 10.13 on my machine I've noticed that the escrow has stopped working, so I'm getting prompted for key regeneration every check in. Has anyone else managed to get this working on High Sierra? This was a Mac that was already encrypted on 10.12, then upgraded.

I have tried adding a new config profile with the new payload under Security & Privacy, but the key still doesn't get submitted to the JSS. The config profile is scoped to 10.13 machines only, and the old config profile with the FV Redirection payload has been removed.

Any ideas?



Valued Contributor II

@rich.thomas Sounds related to the bug we're seeing. (See: fdesetup changes in macOS 10.13 (17A360a): Exit Code 136.)

New Contributor III

Hi @dan.snelson,

That certainly looks like the same thing, thanks! I'll pop ion a bug report and see what happens!