10.13 fdesetup changerecovery -personal with wrong password deletes recovery key
Originator: | howie | ||
Number: | rdar://34633465 | Date Originated: | 9/25/2017 |
Status: | open | Resolved: | |
Product: | macOS + SDK | Product Version: | 10.13 |
Classification: | Serious Bug | Reproducible: | yes |
Area: Something not on this list Summary: On 10.13, on a FileVault protected APFS disk (upgraded from 10.12.6), changing the recovery key (-personal) and supplying the wrong password deletes the recovery key. Steps to Reproduce: - Start with a 10.12.6 system with a Filevault2 protected Disk with a personal recovery key - Install 10.13 - as root, run "fdesetup list" to verify that there is a recovery key. The user shows up as "(null)" for the recovery key. - run "fdesetup validaterecovery" to see that the recovery key is correct. - run "fdesetup changerecovery -personal" and enter an incorrect password. - run "fdesetup list" again, and see that the entry for the user "(null)" has disappeared. - run "fdesetup validaterecovery" again, to see that the recovery key no longer works. Expected Results: The changerecovery operation should be rejected due to an incorrect password. Actual Results: The recovery key is removed! Version/Build: 10.13/17A365 Configuration: MacBookPro 15, late 2013
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Still an issue Beta 5
Beta 5 Apple, srsly?! I will file a bug report too then...