mercredi 4 mars 2015

Carbon Copy Cloner circumvents FileVault authentication?


I have a MacBook Pro on which I created a FileVault partition. To access it, I click on the .dmg file, OSX asks for the password, then it mounts the partition in a readable form. So far so good.


I use Carbon Copy Cloner to make backups of my MBP onto an external USB drive. I recently decided to test the CCC image by plugging in the USB drive and booting the MBP with the startup manager (pressing Option during startup). The backup image was offered as a startup volume, so I selected it. The machine booted, albeit slowly. So far so good.


I got to the log in screen, I logged in, and then navigated to my encrypted .dmg file. I clicked on it. Much to my astonishment and consternation, it duly mounted the partition without asking for my password.


Does this mean that (a) the "encrypted partition" on my MBP drive isn't really safe? Or (b) the CCC image somehow circumvents the authentication mechanism?


[FWIW, I'm 95% certain that the FileVault partition was NOT mounted when I ran the CCC backup. If it was mounted, I could see that as an explanation to what happened.]


Either way, it seems that something is really broken. The whole reason for encrypting the partition is to protect the contents. Just because it's on a backup drive doesn't mean it should be readable without authentication.


Can someone explain what's going on here?


UPDATE


I noticed the following in the CCC release notes:



There is a bug in OS X Yosemite's diskutil command-line utility in which it will unlock and attach a FileVault-protected volume, but not mount that volume. This contradicts past behavior as well as the documentation for this utility. This update offers a workaround to this OS X Yosemite bug.



Should I assume this is the problem? If so, what can I do to protect the data on the FileVault?





Aucun commentaire:

Enregistrer un commentaire