FileVault Recovery Key Escrow¶
Summary¶
| PayloadType: | com.apple.security.FDERecoveryKeyEscrow |
|---|---|
| Supervised Only: | |
| N/A | |
| macOS: | 10.13 |
| macOS Deprecated: | |
| N/A | |
| iOS: | N/A |
| iOS Deprecated: | N/A |
| Highlander: | N/A |
Keys¶
Location¶
Location
A short description of the location where the recovery key will be escrowed. This text will be inserted into the message the user sees when enabling FileVault.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | always | N/A | N/A | N/A | N/A |
EncryptCertPayloadUUID¶
EncryptCertPayloadUUID
Required. The UUID of a payload within the same profile that contains the certificate that will be used to encrypt the recovery key. The referenced payload must be of type com.apple.security.pkcs1.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | always | N/A | N/A | N/A | N/A |
DeviceKey¶
DeviceKey
Optional. An optional string that will be included in help text if the user appears to have forgotten the password. Can be used by a site admin to look up the escrowed key for the particular machine. Replaces the RecordNumber key used in previous escrow mechanism. If missing, the device serial number will be used instead.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |