Open Radar

 
Summary:

It looks like you can upgrade a FileVault-encrypted Mac from 10.8.4 to 10.9 DP, similar to the way that you could upgrade a 10.7.x Mac to 10.8.x Mac.
 
I have the process of upgrading from 10.7.x to 10.8.x documented here in this blog post:
 
http://derflounder.wordpress.com/2012/07/28/upgrading-your-filevault-2-encrypted-mac-to-mountain-lion/

Steps to Reproduce:

Here’s the procedure I used:
 
1. Logged into my FileVault 2 encrypted Mac
 
2. Verified that it was encrypted.
 
3. Launched Install OS X 10.9 Developer Preview.app from /Applications

4. Selected my boot drive and let it proceed with the upgrade.
 
5. The upgrade restarted the Mac.
 
6. The FileVault 2 pre-boot login screen appeared and I logged in.

7. The upgrade automatically proceeded after the FileVault 2 login screen
 
8. After the upgrade process finished, the Mac restarted.

Here's the point where the 10.8.x -> 10.9 upgrade procedure diverged from the 10.7.x -> 10.8 upgrade procedure.

Expected Results:

1. The FileVault 2 pre-boot login screen appears and I have to log in.

2. The login process delivers me into my account.

3. I verify that I'm now on 10.9 DP

Actual Results:

1. The Mac booted and bypassed the FileVault 2 pre-boot login screen

2. I logged in at the regular login screen

3. Once into my account, I then verified I was now on 10.9 DP

4. I re-verified that I was still encrypted.

Regression:

Notes:

Why and how is the FileVault 2 pre-boot login screen being bypassed?

Based on my experience with fdesetup authrestart, it seems that Something is storing an unlock key Somewhere and it's unlocking the encrypted drive after the 10.9 OS install finishes. 

This seems like a security risk to me, as I'm not being asked to authorize the storage of the unlock key (the way I am with fdesetup authrestart.) Instead, it's just happening without my input.

Test environment: All testing done in a 10.9 DP VM running in VMware Fusion 5.0.3.