Additional Zoom remediation from Apple via MRT

Apple had released an MRT update on July 12th to cover the vulnerabilities disclosed for Zoom and RingCentral , but then additional Zoom variants popped up on the radar.

To fix all of the variants, Apple has released another MRT (Malware Removal Tool) update today. This fixes the vulnerabilities found in Zoom and its various white label versions which Zoom developed for third parties:

This MRT update has the following version number:

1.46.1.1563225526

The installer package receipt associated with it is the following:

com.apple.pkg.MRTConfigData_10_14.16U4075

To verify that you have this installed, here’s a one-line command to check for the latest installed MRT installer package:

To verify that com.apple.pkg.MRTConfigData_10_14.16U4075 does install 1.46.1.1563225526, here’s a one-line command to get the version number from the latest installed MRT installer package receipt:

To assist with getting information like this for Gatekeeper, MRT and XProtect, I’ve written a script that pulls the following information for each:

  • Version number
  • Installation date
  • Installer package receipt identifier

For more information, please see below the jump.

As of Tuesday, July 16 2019, the script below is producing the following output for my Mac running macOS 10.14.5 with the latest MRT update installed:

Zhumu vulnerability and remediation

As more security researchers look into the Zoom vulnerability issue, it now appears that Zhumu (Zoom’s affiliate for China) has a client for macOS with the same local webserver vulnerability as that previously discovered for Zoom’s and RingCentral’s clients for macOS.

For those wanting to manually remediate for all three clients, the following commands can be run:

The question at this point is: how many more Zoom variants are there out there? I hadn’t previously been aware of Zhumu or of Zoom’s business relationship with this company. Are there more?

I’ve updated my fix_zoom_vulnerability script to also address the Zhumu client. For more details, please see below the jump.

The script is available below and on my GitHub repo:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/fix_zoom_vulnerability

This script is also available as a payload-free package on my GitHub repo, available for download from the payload_free_package directory available from the link above.

Checking if Apple’s Zoom remediation update has been installed on your Mac

As part of the Zoom vulnerability issue, further problems have been discovered as security researchers look into the local webserver installed by older versions of the Zoom app for macOS.

Apple has moved quickly and released an update to MRT (Malware Removal Tool) which addresses the issue by removing the local webserver. This update has the following version number:

1.45.1.1562731315

The installer package receipt associated with it is the following:

com.apple.pkg.MRTConfigData_10_14.16U4071

To verify that you have this installed, here’s a one-line command to check for the latest installed MRT installer package:

To verify that com.apple.pkg.MRTConfigData_10_14.16U4071 does install 1.45.1.1562731315, here’s a one-line command to get the version number from the latest installed MRT installer package receipt:

To assist with getting information like this for Gatekeeper, MRT and XProtect, I’ve written a script that pulls the following information for each:

  • Version number
  • Installation date
  • Installer package receipt identifier

For more information, please see below the jump.

As of Friday, July 12 2019, the script below is producing the following output for my Mac running macOS 10.14.5 with the latest MRT update installed:

Slides from the “Installer Package Scripting” session at Penn State MacAdmins 2019

For those who wanted a copy of my installer scripting talk at Penn State MacAdmins 2019, here are links to the slides in PDF and Keynote format.

PDF – https://tinyurl.com/PSUMacAdmins2019PDF

Keynote – https://tinyurl.com/PSUMacAdmins2019Keynote

Zoom vulnerability and remediation script

Zoom is a popular video conferencing suite which is used by a number of shops because it provides a consistent cross-platform experience. Recently, it was discovered that Zoom was setting up a local webserver process. This capability enabled Zoom’s client to be launched in response to clicking a URL, but it also potentially allowed someone to be forcibly connected to a Zoom call with their video camera active. This issue has been assigned the following CVE identifier:

CVE-2019-13450: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13450


Update: 7-11-2019 – Apple has released an update to remove the Zoom web server from all Macs. This update deploys silently and does not require user interaction. For more details, please see Zoom’s July 10th blog post: https://blog.zoom.us/wordpress/2019/07/10/security-update-and-our-ongoing-efforts/



Once this vulnerability was widely publicized, Zoom responded with an updated version of their Zoom client for macOS which removes the local webserver and also allows users to manually uninstall the Zoom client. They also provided the following manual remediation instructions:

I’ve taken those commands and used them to build a script to address the vulnerabilities described in CVE-2019-13450. For more details, please see below the jump.

The script is available below and on my GitHub repo:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/fix_zoom_vulnerability

This script is also available as a payload-free package on my GitHub repo, available for download from the payload_free_package directory available from the link above.

可愛さ最強クラスの小倉由菜とイチャラブ同棲バカップル体験エロVR

⇒こちらからVRエロ動画を見る

VRエロ動画情報

タイトル:【超高画質60fps】リアル同棲彼女 めちゃくちゃ可愛い小倉由菜ちゃんが僕のことを大好きでしかも超エッチ!こんな子と一緒に住んだら毎日楽しくイチャイチャしっぱなしでエッチもヤリまくりの究極ラブラブ同棲日記

出演:小倉由菜
時間:1時間 22分 48秒
ブランド:SOFT ON DEMAND
リリース:2019-07-04
カテゴリ:美少女,中出し,騎乗位,小倉由菜

紹介文:人気急上昇中のめちゃくちゃ可愛いSODstar小倉由菜ちゃんがいちゃラブVRの名手、KMPVRのウィルチンチン監督とコラボ!おぐゆなちゃんとのバカップルのような生活は思わずニヤケ顔になってしまうこと間違い無し!現時点で最高のいちゃラブVRが完成しました!天真爛漫で無邪気な由菜ちゃんが可愛すぎて恋をしてしまうでしょう。好きな人とのエッチが一番気持ち良い!鬼リピ確実ヌキすぎ注意!もう大好きが止まらない!

⇒こちらからVRエロ動画を見る

Managing macOS Mojave’s FileVault 2 with fdesetup

Since its initial release in OS X Mountain Lion 10.8.x, Apple’s main tool for managing FileVault 2 encryption has been fdesetup. With the transition from managing Core Storage-based encryption on HFS+ to managing the native encryption built into Apple File System completed, this well-developed toolset continues to be Apple’s go-to tool for enabling, configuring and managing FileVault 2 on macOS Mojave.

With its various functions, fdesetup gives Mac administrators the following options for managing FileVault:

  • Enable or disable FileVault 2 encryption on a particular Mac
  • Use a personal recovery key, an institutional recovery key, or both kinds of recovery key.
  • Enable one or multiple user accounts at the time of encryption
  • Get a list of FileVault 2-enabled users on a particular machine
  • Add additional users after FileVault has been enabled
  • Remove users from the list of FileVault enabled accounts
  • Add, change or remove individual and institutional recovery keys
  • Report which recovery keys are in use
  • Perform a one-time reboot that bypasses the FileVault pre-boot login
  • Report on the status of FileVault 2 encryption or decryption

For more details, please see below the jump.

Enabling Filevault 2 Encryption For One Or Multiple Users

fdesetup is amazingly flexible when it comes to enabling FileVault 2 encryption from the command-line. To start with the simplest method, run the following command with root privileges to enable FileVault 2 encryption:

fdesetup enable

You’ll be prompted for the username and password of the primary user, which is the account you will work with at the FileVault 2 pre-boot login screen once the encryption is turned on.

If everything’s working properly, FileVault will enable and you’ll be given an alphanumeric personal recovery.

Figure 1 Using fdesetup enable to enable FileVault 2 encryption

VERY IMPORTANT: The fdesetup-generated personal recovery key is not saved anywhere outside the machine. Make a record of it or you will not have a recovery key available to help unlock your Mac’s encryption in case of a problem.

You can also enable additional user accounts at the time of encryption, as long as the accounts are either local or mobile accounts on the Mac being encrypted. Run the following command with root privileges to enable FileVault 2 and specify the accounts you want:

fdesetup enable -user username -usertoadd other_username -usertoadd yet_another_username

You’ll be prompted for the passwords of the accounts specified. After that, you’ll be given an alphanumeric personal recovery key and FileVault will turn on. All of the accounts specified should appear at the FileVault 2 pre-boot login screen.

 

Figure 2 Using fdesetup enable to enable FileVault 2 for multiple accounts

For those who want to automate the process, fdesetup also supports importing a properly formatted plist via a standard input stream (stdin). The plist needs to follow the format below:

 

Figure 3 Plist format for fdesetup enable

Additional users can be included as needed by adding additional user information under the AdditionalUsers plist key.

Note: All account passwords need to be supplied in cleartext.

Once the plist has been set up and properly formatted, run the following command with root privileges to enable FileVault 2 encryption and reference the account information in the plist file:

fdesetup enable -inputplist < /path/to/filename.plist

Since the accounts and passwords are in the plist file, fdesetup does not need to prompt for passwords. Instead, the alphanumeric personal recovery key is displayed and FileVault turns on. All of the accounts specified in the plist file should appear at the FileVault 2 pre-boot login screen.

 

Figure 4 Using fdesetup enable with plist to enable FileVault 2 for multiple accounts

To avoid the need to enter a password, fdesetup also has a -defer flag that can be used with the enable command option to delay enabling FileVault 2 until after the current (or next) user logs out. With the -defer flag, the user will be prompted for their password at their next logout or restart. The recovery key information is not generated until the user password is obtained, so the -defer option requires a file location where this information will be written to as a plist file.

The property list file will be created as a root-only readable file and contain information similar to what’s show below.

 

Figure 5 fdesetup enable defer recovery information plist format

Note: For security reasons, the plist file with the recovery key information should not stay on the encrypted system. Please copy it to a safe location and then securely delete this plist file from the encrypted system.

Run the following command with root privileges to defer enabling FileVault 2 and specify the account you want:

fdesetup enable -user username -defer /path/to/filename.plist

 

Figure 6 Using fdesetup enable defer with specified user to enable FileVault 2

If there is no user account specified with the -user option, then the current logged-in user will be enabled for FileVault 2. If there is no user specified and no users are logged in when the command is run, then the next user that logs in will be chosen and enabled.

If you don’t want to specify the account, run the following command with root privileges:

fdesetup enable -defer /path/to/filename.plist

 

Figure 7 Using fdesetup enable defer without specified user to enable FileVault 2

On logout, the user will be prompted to enter their account password.

 

Figure 8 User being prompted to enter password at logout for deferred enabling of FileVault 2

Once entered, FileVault 2 will be enabled and the recovery information plist file will be created.

 

Figure 9 FileVault 2 deferred enabling process

In addition to enabling FileVault 2 as part of the logout process, Apple added the ability to set a deferred enablement at login when they released OS X Yosemite. In macOS Mojave, this means that Mac admins can set a deferred enablement with the following options:

  1. Enforce FileVault 2 enablement at logout
  2. Enforce FileVault 2 enablement at login
  3. Enforce FileVault 2 enablement at both login and logout

 

Figure 10 User being prompted to enter password at login for deferred enabling of FileVault 2

To set a deferred enablement at login, the following options may be added to fdesetup‘s -defer flag:

  •  -forceatlogin max_cancel_attempts
  •  -dontaskatlogout

These additional options allow a deferred FileVault 2 enablement to be enforced at the login window, rather than waiting for a logout or restart of the Mac in question.

The -forceatlogin option must be set with an accompanying numerical value. This numerical value governs how many times the account being enabled can choose to defer having the FileVault 2 encryption process begin. For example, running the following command with root privileges will set a maximum number of ten deferral opportunities:

fdesetup enable -defer /path/to/filename.plist -forceatlogin 10

 

Figure 11 Using fdesetup enable defer forceatlogin to permit deferred enablement of FileVault 2

If the user chooses to defer, they will need to select the Don’t Enable button in the dialog window when it will appear. They will also be informed of how many more times they can log in before FileVault 2 encryption must be enabled.

 

Figure 12 User being given the option to defer FileVault 2 encryption

If immediate enforcement is desired, setting a value of zero will enforce FileVault 2 encryption at the next login. To do this, run the following command with root privileges:

fdesetup enable -defer /path/to/filename.plist -forceatlogin 0

 

Figure 13 Using fdesetup enable defer forceatlogin to enforce enablement of FileVault 2

The fdesetup commands shown above will enforce FileVault 2 enablement at both login and logout. If only enforcement at login is desired, the -dontaskatlogout option can be used. This will prevent a deferred FileVault 2 enablement to be enforced at logout. For example, running the following command with root privileges will enforce FileVault 2 encryption at the next login but not prompt the user on logout:

fdesetup enable -defer /path/to/filename.plist -forceatlogin 0 –dontaskatlogout

Figure 14 Using fdesetup enable defer forceatlogin to enforce enablement of FileVault 2 at login

An important thing to keep in mind about the –defer option is that it enables one single user account at the time of turning on FileVault 2 encryption. The –defer option does not enable multiple user accounts and cannot be used to enable accounts once FileVault 2 encryption has been turned on.

Enabling Filevault 2 Encryption Using One Or Multiple Recovery Keys

Another capability of FileVault 2 in macOS Mojave is the ability to use the alphanumeric personal recovery key, an institutional recovery key using /Library/Keychains/FileVaultMaster.keychain, or both kinds of recovery key at the same time.

As seen in the earlier examples, fdesetup will provide the alphanumeric personal recovery key by default. To use the institutional recovery key, the -keychain flag needs to be used when enabling encryption:

fdesetup enable –keychain

The alphanumeric personal recovery key is displayed, but the encryption will also use the /Library/Keychains/FileVaultMaster.keychain institutional recovery key. In case recovery is needed, either recovery key will work to unlock or decrypt the encrypted drive.

 

Figure 15 Using fdesetup enable keychain to enable encryption with both recovery key types

If you want to specify that only the FileVaultMaster.keychain institutional recovery key be used, both the -keychain and -norecoverykey flags need to be used when enabling encryption:

fdesetup enable -keychain –norecoverykey

 

Figure 16 Using fdesetup enable keychain norecoverykey to enable encryption with only the institutional recovery key

Note: On macOS 10.14.5, there is a bug with this command where a personal recovery is generated even though the -norecovery flag is specified.

Figure 16a Using fdesetup enable keychain norecoverykey to enable encryption with only the institutional recovery key mojave bug

 

fdesetup is also capable of creating an institutional recovery key, using the -certificate flag to import an existing FileVault 2 public key. Once imported, fdesetup will automatically create a FileVaultMaster.keychain file to store the public key and save the keychain to /Library/Keychains.

The public key will need to be available as a DER encoded .cer certificate file. Once the certificate is available, the following command can be run with root privileges to enable FileVault 2, automatically create the institutional recovery key with the supplied public key and store it as /Library/Keychains/FileVaultMaster.keychain:

fdesetup enable -certificate /path/to/filename.cer

 

Figure 17 Using fdesetup enable certificate to enable encryption with an imported certificate

To specify that only the FileVaultMaster.keychain institutional recovery key be used, add the -norecoverykey flag to the command:

fdesetup enable -certificate /path/to/filename.cer -norecoverykey

 

Figure 18 Using fdesetup enable certificate norecoverykey to enable encryption with only the imported certificate

It is also possible to include the public key data in a plist file, which allows the use of a plist to set up the institutional recovery key. The plist needs to follow the format below:

Using the public key’s DER encoded certificate file, the public key data for the plist can be obtained using the base64 tool by using the following command:

base64 /path/to/filename.cer > /path/to/filename.txt

At this point, you would copy the data string contained in the text file and place it into the Certificate value area of the plist file. You would store either the password of an existing FileVault 2-enabled user or (if available) an existing personal recovery key in the Password key in the plist.

 

Figure 19 Plist format with institutional public key data

 

Disabling Filevault 2 Encryption

In contrast to all of the various options available for enabling FileVault 2 using fdesetup, the command to turn off FileVault 2 encryption is the following:

fdesetup disable

 

Figure 20 Using fdesetup disable to turn off FileVault 2s encryption

Adding Additional Users After Filevault 2 Has Been Enabled

Once FileVault 2 has been enabled, you can add additional users using fdesetup. To do so, you will need to a) wait until the FileVault 2 encryption has completed and b) provide both the username and password of a previously enabled account as well as the password of the account you want to add. The following command run with root privileges will enable a user account named otheruser:

fdesetup add -usertoadd otheruser

 

Figure 21 Using fdesetup add usertoadd to enable additional accounts

For those who want to automate the process, fdesetup also supports importing a properly formatted plist via a standard input stream (stdin). The plist needs to follow the format below:

When adding additional users using a plist file, the top level Username key is ignored, and the Password key value should either be an existing FileVault user’s password or the recovery key. Additional users can be added as needed by adding additional user information under the AdditionalUsers plist key.

Note: All account passwords need to be supplied in cleartext.

 

Figure 22 Plist format for fdesetup add

Once the plist has been set up and properly formatted, run the following command with root privileges to add additional users by referencing the account information in the plist file:

fdesetup add -inputplist < /path/to/filename.plist

 

Figure 23 Using fdesetup add inputplist to enable accounts

Listing Current Filevault 2 Users

To list all accounts enabled for FileVault 2, run the following command with root privileges:

fdesetup list

All accounts will be listed with both the accounts’ username and UUID

 

Figure 24 Using fdesetup list to show enabled accounts

Removing Users From The List Of Filevault 2 Enabled Accounts

You can remove users from the list of FileVault enabled accounts by using either their username or the account’s UUID. To remove the account using the username, run the following command with root privileges:

fdesetup remove -user username_goes_here

Figure 25 Using fdesetup remove with username

To remove the account using the account’s UUID, run the following command with root privileges:

fdesetup remove -uuid UUID_here

 

Figure 26 Using fdesetup remove with UUID

In both cases, successful removal of the account will not produce any additional output. If the account being removed is not currently enabled for use with FileVault 2, an error message will be displayed.

 

Figure 27 fdesetup remove error when specified account is not FileVault 2 enabled

 

Managing Individual And Institutional Recovery Keys

fdesetup in macOS Mojave includes the ability to change, add and remove both personal and institutional recovery keys. This gives Mac admins much greater ability to manage recovery keys, including the capability to quickly update or remove compromised personal and/or institutional recovery keys in the event of a data breach or other problem.

You can add or change recovery keys using fdesetup changerecovery. To change to a new personal key, run the following command with root privileges:

fdesetup changerecovery -personal

You’ll be prompted for the password of an existing FileVault 2-enabled user or the existing personal recovery key. Once entered, a new personal recovery key will be generated and displayed. The former personal recovery key will no longer work.

 

Figure 28 Using fdesetup changerecovery to change to a new personal recovery key

 

Note: To be prompted for the personal recovery key, leave the username blank when prompted for username. The next prompt will be for the current recovery key.

Figure 28a Using fdesetup changerecovery to change to a new personal recovery key using current PRK

 

For those who want to automate the process, fdesetup also supports importing a properly formatted plist via a standard input stream (stdin). The plist needs to follow the format below:

 

Figure 29 Plist format for fdesetup changerecovery personal

You would store either the password of an existing FileVault 2-enabled user or the existing personal recovery key in the Password key in the plist.

Once the plist has been set up and properly formatted, run the following command with root privileges to change to a new personal recovery key and reference the password or recovery key in the plist file:

fdesetup changerecovery -personal -inputplist < /path/to/filename.plist

 

Figure 30 Using fdesetup changerecovery personal with inputplist

You can also export the recovery key to a plist file using the -outputplist verb. To use a plist to import a plist with authentication credentials and export the new recovery key to a separate plist, run the following command with root privileges to change to a new personal recovery key, reference the password or recovery key in the plist file and export the recovery key to a new plist file:

fdesetup changerecovery -personal -inputplist  /path/to/new_recovery_key_filename.plist

Figure 30a Using fdesetup changerecovery personal with inputplist and outputplist

 

In the event that the Mac in question does not have a personal recovery key, running the commands above will add a personal recovery key instead of changing an existing one.

To change to a new institutional recovery key, you will need to have the new public key available. If you have a new institutional public key available as a DER encoded certificate file, you can run the following command with root privileges to replace the current institutional key:

fdesetup changerecovery -institutional -keychain -certificate /path/to/filename.cer

 

Figure 31 Using fdesetup changerecovery to change to a new institutional key

If an institutional keychain is being used on this Mac, you will see a message that an existing FileVault Master keychain was found and moved. The reason for this is that, as part of this process, the current institutional key’s /Library/Keychains/FileVaultMaster.keychain file is replaced with a new /Library/Keychains/FileVaultMaster.keychain file that includes the new institutional recovery key’s public key.

 

Figure 32 fdesetup changerecovery warning that an existing keychain has been found and moved

While the former institutional key’s /Library/Keychains/FileVaultMaster.keychain was moved and not deleted, the former institutional recovery key will no longer work.

For those who want to automate the process, fdesetup also supports importing a properly formatted plist via a standard input stream (stdin). The plist needs to follow the format below:

 

Figure 33 Plist format for fdesetup changerecovery institutional

fdesetup changerecovery -institutional -keychain -inputplist < /path/to/filename.plist

In the event that the Mac in question does not have an institutional recovery key, running the commands above will add an institutional recovery key instead of changing an existing one.

Removing Individual And Institutional Recovery Keys

You can remove recovery keys using fdesetup removerecovery. To remove the current personal recovery key, run the following command with root privileges:

fdesetup removerecovery -personal

You’ll be prompted for the password of an existing FileVault 2-enabled user or the existing personal recovery key. Once entered, the personal recovery key will be removed from the system. The former personal recovery key will no longer work.

 

Figure 34 Using fdesetup removerecovery to remove a personal recovery key

Note: To be prompted for the personal recovery key, leave the username blank when prompted for username. The next prompt will be for the current recovery key.

Figure 34a Using fdesetup removerecovery to remove a personal recovery key using current PRK

For those who want to automate the process, fdesetup also supports importing a properly formatted plist via a standard input stream (stdin). The plist needs to follow the format below:

You would store either the password of an existing FileVault 2-enabled user or the existing personal recovery key in the Password key in the plist.

 

Figure 35 Plist format for fdesetup removerecovery

Once the plist has been set up and properly formatted, run the following command with root privileges to remove the current personal recovery key and reference the password or recovery key in the plist file:

fdesetup removerecovery -personal -inputplist < /path/to/filename.plist

 

Figure 36 Using fdesetup removerecovery personal with inputplist

To remove institutional recovery keys, run the following command with root privileges:

fdesetup removerecovery -institutional

You’ll be prompted for the password of an existing FileVault 2-enabled user, or a personal recovery key if one is available. Once entered, the institutional recovery key will be removed from the system and will no longer work.

 

Figure 37 Using fdesetup removerecovery to remove an institutional recovery key

Note: To be prompted for the personal recovery key, leave the username blank when prompted for username. The next prompt will be for the current recovery key.

Figure 37a Using fdesetup removerecovery to remove an institutional recovery key with current PRK

 

The removal of the institutional key can also be automated using a properly formatted plist via a standard input stream (stdin). The plist is the same as the one used for removing the personal key.

Once the plist has been set up and properly formatted, run the following command with root privileges to remove the institutional recovery key and reference the password or recovery key in the plist file:

fdesetup removerecovery -institutional -inputplist < /path/to/filename.plist

 

Figure 38 Using fdesetup removerecovery institutional with inputplist

It is possible to use fdesetup removerecovery to remove one or both recovery keys on a particular Mac. Once the recovery keys are removed, the only way to unlock the FileVault 2 encryption is by using the password of an enabled account. That said, you could use fdesetup changerecovery to add one or both types of recovery keys back to the encrypted Mac.

Recovery Key Reporting

To go along with the ability to manage recovery keys, fdesetup in macOS Mojave enables Mac admins to detect which types of recovery keys are in use on a particular Mac. To check if a personal recovery key is in use, run the following command with root privileges:

fdesetup haspersonalrecoverykey

If FileVault 2 is using a personal recovery key, this command will return true. Otherwise it will return false.

 

Figure 39 Using fdesetup haspersonalrecoverykey

To check if an institutional recovery key is in use, run the following command with root privileges:

fdesetup hasinstitutionalrecoverykey

If FileVault 2 is using an institutional recovery key, this command will return true. Otherwise it will return false.

 

Figure 40 Using fdesetup hasinstitutionalrecoverykey

 

One-Time Filevault 2 Encryption Bypass

 

fdesetup in macOS Mojave has the authrestart verb, which allows a FileVault 2-encrypted Mac to restart, bypass the FileVault 2 pre-boot login screen, and goes straight to the OS login window. To restart and bypass the FileVault 2 pre-boot login screen, run the following command with root privileges:

fdesetup authrestart

When you run the fdesetup authrestart command, it asks for the password of an existing FileVault 2-enabled user or a personal recovery key.

 

Figure 41 Using fdesetup authrestart

Note: To be prompted for the personal recovery key, leave the username blank when prompted for username. The next prompt will be for the current recovery key.

Figure 41a Using fdesetup authrestart with current PRK

 

Once authenticated, the authrestart process puts an unlock key in system memory and reboots. On reboot, the reboot process automatically clears the unlock key from memory.

It’s also possible to automate this process by importing the authentication via a properly formatted plist. The plist needs to follow the format below:

 

Figure 42 Plist format for fdesetup authrestart

You would store either the password of an existing FileVault 2-enabled user or a personal recovery key in the Password key in the plist.

Once the plist has been set up and properly formatted, use the following command with root privileges to run the authrestart process and reference the password or recovery key in the plist file for authentication:

fdesetup authrestart -inputplist < /path/to/filename.plist

 

Figure 43 Using fdesetup authrestart with inputplist

fdesetup authrestart is not supported by all Macs. To verify if a specific Mac supports authrestart, run the following command with root privileges:

fdesetup supportsauthrestart

If the Mac supports fdesetup authrestart, this command will return true. Otherwise it will return false.

 

Figure 44 Using fdesetup supportsauthrestart

Reporting On Filevault 2 Encryption Or Decryption Status

fdesetup can report on FileVault 2 encryption or decryption status. Running the following command with root privileges will display the current state:

fdesetup status

 

Figure 45 fdesetup status reporting decryption status

Figure 46 fdesetup status reporting encryption status

Figure 47 fdesetup status reporting encryption is enabled

Figure 48 fdesetup status reporting encryption is disabled

一条みおVRエロ動画-本番禁止の美人人妻ヘルス嬢とヴァーチャル中出しエロ体験

⇒こちらからVRエロ動画を見る

VRエロ動画情報

タイトル:【匠・4発射×4中出し】連続射精!顔だけで選んだ人妻ヘルス嬢が大当たり!!横浜に実在する絶対本番禁止のヘルス嬢に生中出し!! 一条みお

出演:一条みお
時間:1時間 5分 55秒
ブランド:KMPVR-bibi-
リリース:2018-08-09
カテゴリ:人妻・風俗・中出し

紹介文:横浜に実在する人妻専門のハコヘルの期待の新人『みおちゃん』が凄い!!
どエロい人妻は何回射精してもサービスが止まらなく、素股からの生挿入!!しかも最後は、どっぷり中出し!!
まずは、即尺で1発!!休憩あとまもなくさらに1発!!おまんこ見ながら射精!69で再び射精!!騎乗位で中出し!!
対面座位でも、バックでも中出し!最後は正常位でどっぷり中出し!!こんなヘルス嬢がいるなら指名しまくりたい!!

⇒こちらからVRエロ動画を見る

舌を徹底的にフューチャーしたエロVR動画-絡みつく神舌をヴァーチャル体験

⇒こちらからVRエロ動画を見る

VRエロ動画情報

タイトル:【匠】神舌をリアルに感じながらイチャラブ生中出しセックスしよ!! 神宮寺ナオ

出演:神宮寺ナオ
時間:1時間 17分 56秒
ブランド:KMPVR-bibi-
リリース:2018-06-13
カテゴリ:舌,神宮寺ナオ,中出し

紹介文:神宮寺ナオちゃんの「神舌」で仕事に疲れたあなたを徹底的に癒してくれる!!
仕事帰りのナオちゃんが心配してくれて舌で癒してくれて当然ムラムラしてそのままSEX!!カワイイ寝巻きに着替えていちゃいちゃしたら第二回戦でベロベロされながらどっぷり中出し!!
指なめもたーっぷり入ってるので「神舌」を堪能してください!!

⇒こちらからVRエロ動画を見る

紗倉まなちゃんのコスプレ七変化-スーパーアイドルが魅せる究極VRエロ動画

⇒こちらからVRエロ動画を見る

VRエロ動画情報

タイトル:【超高画質60fps】僕の彼女はスーパーアイドル紗倉まな コスプレ七変化

出演:紗倉まな
時間:1時間 50分 14秒
ブランド:SOFT ON DEMAND
リリース:2019-06-07
カテゴリ:美少女,コスプレ,中出し,紗倉まな

紹介文:日本を代表するえろ屋ことSODstar紗倉まなちゃんが僕の彼女になってHQ超高画質でリアルにいちゃラブ体験!ねっとりキス、甘い囁きはもちろんオナニー見せつけ、オナサポ、パンチラダンス、マッサージに淫語手コキ、フェラ、乳首舐めそして様々な体位で濃密中出しセックス!たっぷり7つのコスチュームでまなちゃんの魅力が詰まった永久保存版VR!最高にエロい紗倉まなの腰の動き、激しいグラインドをリアル体感せよ!

⇒こちらからVRエロ動画を見る