0

My girlfriend's Macbook Air gave off a loud, electrical pop! and instantly became an expensive metallic paperweight with a slight odour of burnt things (though that may have been High Sierra). Apple have (finally) agreed to repair it without charging the cost of a newer, better laptop, but asked for her username and password to recover the data (if that turns out to be possible). Filevault v2 was enabled. The representative said it was policy to reset the laptop during/upon repair.

This raises several questions with me:

  • If the laptop is repairable, why would it need the reset?
  • Is this a normal request? I can understand that if you are desperate for data recovery you may take this option but why would it be asked prior to repair? I was under the impression Apple were the new kings of privacy.
  • Would swapping out the HD for another be an option? If the repair is successful then I could swap back in the original. (I'm assuming Filevault relies on a TPM chip or something similar, and that nothing vital to Filevault was damaged, I'm still researching how it works).

Maybe I'm missing something or just paranoid but I told her not to give this information. Is my advice flawed? Right now this means she will not get any of her data back and she only has ~20% backed up so she has a kind of Hobson's choice on offer.

ian
  • 1,302
  • 11
  • 21
  • I'm confused about what your question is and you appear to confuse a few things. In order to do *file recovery* getting the username and password is normal. In order to *repair*, you yourself said that they can repair without the credentials, so what's the problem? Right now, the data is "gone". What's worse for you? Availability or disclosure? – schroeder Dec 31 '17 at 11:59
  • @schroeder Since the repair may obviate the need for the data recovery I'm surprised it was asked for prior to undertaking the repair and thus not knowing if it's required. – ian Dec 31 '17 at 12:18
  • 1
    the HD might be tied to the CPU, encryption-wise, so in order to reach the data on a new system, it needs to be manually decrypted first, then copies, then re-encrypted on the new system. lastly, mac probably has online access to her stuff anyway, no need to be paranoid when you're compromised anyway... – dandavis Dec 31 '17 at 16:29
  • @dandavis Yes, I was thinking that about being tied to the hardware too but I've yet to find the right technical document to confirm it. She's not using iCloud. – ian Dec 31 '17 at 18:56
  • 1
    Just a tip: I have personally removed a FileVault 2 encrypted SATA drive from a 2011 MBP and mounted it on an external SATA dock connected to a MacBook Air. All that was needed to mount it was the password it was encrypted with. I suspect you could do the same with a dock for the MacBook Air's drive. – Alexander O'Mara Dec 31 '17 at 20:44
  • 1
    I'm voting to close this question as off-topic because its a discussion of a particular company's policies and can easily become too broad and opinionated. – Eric G Jan 05 '18 at 03:51
  • @EricG How is one to discuss company policies that affect information security when the company in question produces a closed-system operating system, the only one using Filevault? – ian Jan 06 '18 at 01:40
  • @AlexanderO'Mara I wondered if that was possible too but it turns out that Apple are using a proprietary connector for their flash drives so I'd need to purchase a specialist dock to try that or get hold of a second Air. Thanks for trying to help, it's much appreciated, and may help others. – ian Jan 06 '18 at 03:10

0 Answers0