You can see this primarily in the timing of when the system boots-without FileVault the system will load a few background processes and take a second or two to display the login window, but with FileVault enabled the system will almost immediately show the login window. This prompt, which is stored on a separate hidden partition, looks like the standard OS X login window (with some nuance differences), but is a different process altogether.
When you enable FileVault, the system will initially mirror your account password to the FileVault volume's EFI login prompt. The way OS X sets up these passwords to appear the same may seem a bit convoluted, but these passwords are in fact different and are treated differently by the system. The password reset features Apple provides are for the account password in the operating system, and not for the FileVault password or encryption keys. Without FileVault enabled this is definitely the case, but if you have FileVault enabled these password reset routines will not work.
MacFixIt reader Fred recently wrote in with such a concern: If I have FileVault enabled on my Mac, what prevents someone from restarting with Command-R held down, and then use the "resetpassword" command to change the password and log into the system? However, given Apple supplies password resetting utilities that can change an administrative password even without being logged in, you might be concerned this will allow a bad guy to simply reset your password, bypass FileVault, and get to your encrypted files. FileVault is OS X's built-in data encryption technology, and when enabled, as with an unencrypted OS X volume you simply enter your account credentials to get into your system.
0 kommentar(er)
