Intitutional Recovery Key

hkabik
Valued Contributor

So now that booting into Recovery Mode no longer takes you to the utilities screen without the Personal Recovery Key, is Institutional Recovery now effectively dead? We had a very limited use case for it before so no big loss, but if it's no longer feasible to use the IRK get into a machine I'm going to alter our policies so it's not even created.

2 REPLIES 2

tlarkin
Honored Contributor

I doubt many Orgs are leveraging IRKs simply because one key to rule them all, so in the event that key gets leaked you must now rotate your entire fleet. PRKs are much easier to manage and rotate. It would not surprise me if IRKs go away, especially considering Macs are now encrypted at the factory level with the T2 chips.

hkabik
Valued Contributor

That's my expectation as well. I was mainly curious if it was officially dropped at this point.