SmartCard, FileVault2, and M1 Silicon MacBooks... Oh my..

R_C
New Contributor III

I have a fun situation.

M1 macBook Pro, Enrolled into JAMF, with a 5 day deadline for Pairing a SmartCard before automatic enforcement kicks in.

The intel macBooks haven't been an issue, since once enforcement kicks in, the user can still login to FV2 using their PW and then the machine can get policies from JAMF. (Removing the configuration profile if we so choose)

The M1 macBooks appear to finally support SmartCard login at the FV2 screen, the problem with this is that we cannot use a PW or the Recovery Key from JAMF to bypass this screen. As the macBook doesn't have network connectivity while at the FV2 login screen, we cannot remove the config profile.

We tried booting into Recovery, unlocking the disk, opening terminal, and removing the folders below with no luck. 

/private/var/db/ConfigurationProfiles
/Library/Managed Preferences
 
Any suggestions? I both love and hate the FV2 support for SmartCard as it greatly simplifies login, but now means that getting past recovery has become significantly more difficult.
Also, we do have another local account on the machine for backdoor purposes, which is exempt from requiring a SmartCard.... but it's not FV2 enabled.
 
0 REPLIES 0