For security concerns, I wonder how it would be possible for an OS X upgrade (e.g. from Mavericks to El Capitan), to reboot my Mac multiple times without asking me for my FileVault 2 password?
I mean, the whole drive is encrypted and even an OS X installer would not know the password after a reboot. In spite of that, it reboots one or more times without asking me for my password.
Therefore I suspect that Apple stores my password somewhere, either on disk, in NVRAM, or online, at least during the upgrade process. If so, wouldn't this be a serious security concern?
Can anyone shed a bit of light on this? How does it work?
Best Answer
There's an OS X feature called authenticated restart that stores the FileVault key in the SMC for the duration of the reboot. Apple acknowledges in the manpage that it does reduce FileVault security for the duration of the restart: