START A DISCUSSION
Login START A DISCUSSION
back Back

Is IRK deprecating?

expand collapsive

Hi folks,
Can someone provide some insight on whether we can decrypt mac using IRK on m1 chip devices. Happened to see that using IRK to unlock macs is turning obsolete.

25 November 2021

All Replies

  • Participant

    25 November 2021

    96anneette

    Participant

    I’m also trying to access an encrypted drive with only IRK. Does that work any more with catalina? checked it with a t2 equipped macbook pro nd with catalina VM. In the recovery mode the screen shows the list of users and ask to enter one of their passwords. Another way I can tap forgot passwords but then it asks me to provide a PRK or icloud account.

    Is it that I’m doing anything wrong or are these keys not supported any more? Hope someone can shed some light on this matter.

    25 November 2021

  • Participant

    25 November 2021

    ida-sol

    Participant

    Creating an IRK for mac is a thing of the past now. Over these years, the PRK gained both popularity and functionality while the IRK did not. The chief advantage of IRK to be used as the recovery key for mass deployments is now considered as a pitfall owing to the introduction of PRK escrow systems (common in modern MDM solutions). Another limitation is the danger of a compromised recovery key that will be able to unlock and access all the devices in your institution. Hence it’s always better to have a single unique key for each machine. Apple itself does not recommend the use of IRKs for institutional deployments anymore.

    25 November 2021

  • Hexnode

    25 November 2021

    Jeff

    Moderator

    Hey @Carin and @96anneette, thanks for reaching out to us!

    Starting from macOS Big Sur and for Mac with M1 chip, you cannot use the Institutional Recovery Key (IRK) for decryption. You can access Utilities in the Recovery Mode only by authenticating with the admin credentials or the Personal Recovery Key (PRK). As mentioned by @ida-sol, Apple no longer recommends using an IRK for institutional management of FileVault on Macs.

    You may also have a look at the Manage FileVault documentation for further clarity.

    Hope this answers your query.

    Thanks!
    Jeff Morrison
    Hexnode UEM

    • This reply was modified 2 years, 4 months ago by  Jeff Morrison.
    • This reply was modified 2 years, 4 months ago by  Jeff Morrison.

    25 November 2021

  • Hexnode

    25 November 2021

    Jeff

    Moderator

    @ida-sol That’s very well said! For Macs with Apple Silicon or Intel-based devices, it’s ideal to escrow the PRK into the Hexnode server instead of using an IRK.

    Looking forward to hearing more from you.

    Cheers!
    Jeff Morrison
    Hexnode UEM

    25 November 2021

Not what you're looking for? Try asking the Help Community replies

Not what you're looking for?

Try asking the Help Community replies

Trending Topics

Any remote option to suspend an ongoing OS update with scripts

Mac Is Asking For Credentials For Remote Management Profile.

PKG file installation failed. Error Code: 1001.

OneDrive not syncing with the Mac

Package installation fails with Error 1001 on macOS

Confirm action

×

This action cannot be reverted

Confirm

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .