Shirt Pocket Discussions

Shirt Pocket Discussions (https://www.shirt-pocket.com/forums/index.php)
-   General (https://www.shirt-pocket.com/forums/forumdisplay.php?f=6)
-   -   Catalina and FileVault recovery workflow (https://www.shirt-pocket.com/forums/showthread.php?t=7210)

jwhitley 01-08-2020 04:14 PM
Catalina and FileVault recovery workflow
 
I'd like to clarify the recovery workflow when using SuperDuper! with Catalina and a FileVault-encrypted external drive. Scenario:
  1. Do the Catalina-era song-and-dance to create a bootable, FileVault-encrypted backup using SuperDuper.
  2. The original system including the T2 chip is lost/damaged/etc, now permanently inaccessible.
  3. Restore the encrypted backup to a new system. ? ?? ???

Consider this statement from Apple Support:

Quote:
The advanced encryption technology integrated into the T2 chip provides line-speed encryption, but it also means that if the portion of the T2 chip containing your encryption keys becomes damaged, you might need to restore the content of your drive from a backup.
Given that, is it possible to actually perform the restore in step #3 above? Unfortunately, I don't have a second T2-equipped Mac to test with. It's not clear whether iCloud recovery or a local recovery key will even work to decrypt the drive on another T2-equipped system.

If recovery in the above scenario is no longer possible, this should be emphasized to Catalina users in the strongest possible terms. Bootable encrypted backups would no longer serve as data-loss insurance against system damage or loss.

dnanian 01-08-2020 04:15 PM
That's referring to the internal SSD, which is controlled by the T2, not the external backup.

jwhitley 01-08-2020 04:28 PM
Quote:
Originally Posted by dnanian (Post 34600)
That's referring to the internal SSD, which is controlled by the T2, not the external backup.
Thanks Dave. For posterity, I dug up the relevant Apple Platform Security page Internal volume encryption when FileVault is turned on. Most of the linked page is obviously directed at internal device policy, but at the end it makes this explicit call-out:

Quote:
Note: Encryption of removable storage devices doesn’t utilize the security capabilities of the Apple T2 Security Chip, and its encryption is performed in the same manner as Mac computers without the T2 chip.

dnanian 01-08-2020 04:30 PM
Yes, that's where I got the info originally. :)


All times are GMT -4. The time now is 07:46 PM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.