iATKOS L2: filevault2 security issue [ FIX IT ]


This article describes an issue about Apple’s FileVault 2 technology and  Mac OS X 10.7.2 update. Prior versions of FileVault 2 in Mac OS X 10.7.1 and 10.7.0 do not exhibit this behavior.
- Here is compiled (from sources) 10.7.2 kernel and a source patch
 - By default this kernel forbids booting into single-user-mode for everyone, if firevault 2  protection is enabled.
- But you can allow one user (e.g. admin or yourself) to boot system to single-user-mode.to do this, boot into osx typing password for that account at efi login screen.
Then run this command:ioreg -l -w0 -p IODeviceTree | grep efilogin-unlock-ident
you will get result like:
| | “efilogin-unlock-ident” = <"4B012BC6-A948-2893-3454-B345307B8234">
copy the value – 4B012BC6-A948-2893-3454-B345307B8234
And insert it into /Library/Preferences/SystemConfiguration/com.apple.Boot.plist under name suallow, just like in example bellow:

Kernel Flags
suallow=4B012BC6-A948-2893-3454-B345307B8234

So, now only the user you choosed can boot single user mode when FV2 enabled, and nobody else.
Now your files can be almost fully secured.