Mac Management: A Profile Broke FileVault 2

Been racking my brain for the past week. FileVault 2 enables file with an institutional recovery key, but as soon as you log in again after the reboot, it’ll freeze at either the 50% or 75% in the progress bar. HOWEVER, you can successfully authenticate when booting with Safe Mode.

At first I thought it was our AV solution that installed unsigned extensions and SIP was somehow involved. However I ruled that out after testing. Finally I thought to test my profiles (there’s ~23 of them) and found that one in particular breaks FileVault.

The culprit is:

com.apple.loginwindow
Forced
mcx_preference_settings
AdminMayDIsableMCX

Obviously this isn’t the whole profile. I just included the main parts.

In Googling I also found one other person experiencing this issue (see here). As of yet I don’t know why this key breaks FV. Time to do more research.