November 28, 2011
Just made a fix for filevault2 issue i described earlier.
By default this kernel forbids booting into single-user-mode for everyone, if firevault 2 protection is enabled.
But you can allow one user (e.g. admin or yourself) to boot system to single-user-mode.
to do this, boot into osx typing password for that account at efi login screen.
then run this command:
ioreg -l -w0 -p IODeviceTree | grep efilogin-unlock-ident
you will get result like:
| | “efilogin-unlock-ident” = <"4B012BC6-A948-2893-3454-B345307B8234">
copy the value – 4B012BC6-A948-2893-3454-B345307B8234
andd insert it into /Library/Preferences/SystemConfiguration/com.apple.Boot.plist under name suallow, just like in example bellow:
So, now only the user you choosed can boot single user mode when FV2 enabled, and nobody else.
Now your files can be almost fully secured.