FileVault Self-Destruct Trigger #12
Replies: 3 comments 1 reply
-
Hello @maltfield! Thanks for using swiftGuard and adding it to your 'similar projects', really appreciated. I took so much inspiration from your great project, so it means much to get feedback/ideas from your side 😇 Regarding a self-destruct for the macOS encryption keys, I already searched and investigated, but did not found a solution so far. But it's definitely on my agenda, as I see how important of a feature it is. If I find a working solution, I will contact you and share my findings, so you can implement into BusKill. Have a great week! And sorry for my late answer. |
Beta Was this translation helpful? Give feedback.
-
The macOS-Security-and-Privacy-Guide covers this. They appeared to take it off, but the issue below shows how to do it. |
Beta Was this translation helpful? Give feedback.
-
@Bubba8291 after reading that thread, I'm not sure if that achieves the same end? This ticket is about overwriting the FileVault master encryption key on-disk (eg in the header [or footer?] of the non-volatile filesystem storage) with random data. It appears the thread you linked-to is about just wiping the key from volatile memory? Or do I have something wrong? |
Beta Was this translation helpful? Give feedback.
-
This is a feature request to add a "self-destruct" action that will wipe the FileVault master encryption keys from the disk, rendering the entire disk contents indistinguishable from random noise and invulnerable to rubber hose cryptanalysis.
Cool project, just learned about it via korben :) I'll add a link to swiftGuard to our growing list of similar projects
Currently the BusKill app has a self-destruct trigger that wipes the (encrypted) master encryption key (and all other metadata) from the LUKS header. This renders all of the encrypted disk contents useless in less than 6 seconds.
We currently don't have a self-destruct equivalent trigger for MacOS. While BusKill works on MaOS (as well as Linux & Windows), my inability to run OS X in a VM (shame on Apple) means that it's the least-developed and least-tested platform for our software. While I'd like to develop "self-destruct" triggers on all three platforms, this limitation means it will be our last platform to develop-for.
A destructive trigger that wipes the encryption keys is the only solution to protect the laptop's data contents for victims that will be subjected to torture. This is important for very high-risk users (eg journalists working in oppressive countries).
Please implement a native "self-destruct action" that will wipe the master encryption keys from disk for all attached FileVault-encrypted disks.
Beta Was this translation helpful? Give feedback.
All reactions