Following upgrade of 10.9 DP, the FileVault 2 pre-boot login window is bypassed

Number:rdar://14148042 Date Originated:6-13-2013
Status:Closed Resolved:11-8-2013
Product:OS X Product Version:13A603
Classification:Security Reproducible:Yes

It looks like you can upgrade a FileVault-encrypted Mac from 10.8.4 to 10.9 DP, similar to the way that you could upgrade a 10.7.x Mac to 10.8.x Mac.
I have the process of upgrading from 10.7.x to 10.8.x documented here in this blog post:

Steps to Reproduce:

Here’s the procedure I used:
1. Logged into my FileVault 2 encrypted Mac
2. Verified that it was encrypted.
3. Launched Install OS X 10.9 Developer from /Applications

4. Selected my boot drive and let it proceed with the upgrade.
5. The upgrade restarted the Mac.
6. The FileVault 2 pre-boot login screen appeared and I logged in.

7. The upgrade automatically proceeded after the FileVault 2 login screen
8. After the upgrade process finished, the Mac restarted.

Here's the point where the 10.8.x -> 10.9 upgrade procedure diverged from the 10.7.x -> 10.8 upgrade procedure.

Expected Results:

1. The FileVault 2 pre-boot login screen appears and I have to log in.

2. The login process delivers me into my account.

3. I verify that I'm now on 10.9 DP

Actual Results:

1. The Mac booted and bypassed the FileVault 2 pre-boot login screen

2. I logged in at the regular login screen

3. Once into my account, I then verified I was now on 10.9 DP

4. I re-verified that I was still encrypted.



Why and how is the FileVault 2 pre-boot login screen being bypassed?

Based on my experience with fdesetup authrestart, it seems that Something is storing an unlock key Somewhere and it's unlocking the encrypted drive after the 10.9 OS install finishes. 

This seems like a security risk to me, as I'm not being asked to authorize the storage of the unlock key (the way I am with fdesetup authrestart.) Instead, it's just happening without my input.

Test environment: All testing done in a 10.9 DP VM running in VMware Fusion 5.0.3.


Bug closed on November 7th, 2013

Apple closed this bug with "State:Behaves correctly". Follow-up email stated that the behavior is a new feature in OS X Mavericks.

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!