Cauliflower Vest - An app for managing FileVault 2 from Google
Bizzare name, but potential quite useful if you want to setup FileVault 2 on a large number of Mac's.
Project Page / Discussion List
We are thrilled to announce the open source release of Cauliflower Vest, a solution that we’ve developed to automate enabling FileVault 2 and escrowing recovery tokens.
FileVault 2 is a major, welcome addition to Mac OS X starting with Lion, as full disk encryption is an important part of securing your computer and its data. While the new FileVault 2 offering is very well suited to consumers, some enterprises may require additional features that are not provided out of the box. For example, FileVault 2 encryption is initiated voluntarily by users, lacks enforcement, and, by default, escrows recovery keys to Apple’s central server. It also relies on individual Apple IDs, which cannot be managed as a group.
Cauliflower Vest bridges these feature gaps by allowing enterprise Mac admins to:
- Forcibly enable FileVault 2 encryption.
- Automatically escrow recovery keys to a secure Google App Engine server.
- Securely access recovery keys so that volumes may be unlocked or reverted.
This release includes a GUI client to easily enable encryption, an escrow service, and a web UI for management. Also provided is a standalone CLI tool to automatically initiate encryption and generate a recovery key without requiring any user actions.
Employees at Google self-enable FileVault 2 using Cauliflower Vest - it’s tested and ready to help you make FileVault 2 part of your enterprise.
We are releasing this source code today as part of our commitment to share Google's unique IT approach with the world, including future releases of Simian and more.
For more information, please visit the Cauliflower Vest project page
and join the discussion list
, via Wired