OS X: Macs that support authenticated restart with FileVault
Learn about Macs that can be used with the authenticated restart feature of the fdesetup command line utility. This utility allows you to restart a Mac using Screen Sharing or Remote Login (SSH), even when FileVault is enabled on the remote Mac.
On supported Macs with OS X Mountain Lion v10.8.2 and later, you can use the fdesetup command to perform an authenticated restart (authrestart). This allows you to restart a FileVault-enabled system without requiring an unlock during the next startup. Note: Macs running OS X Mavericks should update to v10.9.1 or later to perform an authenticated restart.
- This command works with drives encrypted using FileVault.
- Authenticated restart only works for the next startup after using these commands. You must use the commands again if you want to restart a second time without unlocking.
The following Terminal command restarts a Mac with FileVault enabled:
sudo fdesetup authrestart
- MacBook Air (Late 2010) and later
- MacBook (Late 2009) and later
- MacBook Pro (Mid 2009) and later
- Mac mini (Mid 2010) and later
- iMac (Late 2009) and later
- Mac Pro (Late 2013)
- MacBook Air (Mid 2009) and earlier
- MacBook (Mid 2009) and earlier
- MacBook Pro (Early 2009) and earlier
- Mac mini (Late 2009) and earlier
- iMac (Mid 2009) and earlier
- Mac Pro (Mid 2012) and earlier
- Xserve (all models)
Note: You can use the following command on OS X Mavericks to determine whether the system supports the authenticated restart option:
Using authrestart reduces FileVault protections temporarily. When used, the system stores an additional copy of an unlock key in both system memory and (on supported systems) the System Management Controller (SMC). These additional keys are removed once the disk is unlocked on the next startup. For more information about authenticated restart with FileVault, refer to the fdesetup man page.