Overview

Cauliflower Vest is an end-to-end Mac OS X FileVault 2 recovery key escrow solution. While stock OS X FileVault 2 is consumer focused, the goal of this project is to provide enterprise features.

Cauliflower Vest offers the ability to:

• Forcefully enable FileVault 2 encryption.
• Automatically escrow recovery keys to a secure Google App Engine server.
• Delegate secure access to recovery keys so that volumes may be unlocked or reverted.

Components:

• A Google App Engine based service which receives and securely escrows FileVault 2 recovery keys.
• A GUI client running on the OS X user machines, which enables FileVault 2 encryption, obtains the recovery key, and sends it to the escrow service.
• A CLI tool, csfde, which activates FileVault 2 encryption, which may be used independently of the GUI client.

Getting Started

Full source is available for all components.

To get started, begin with the Introduction wiki page.

Office Hours

The Cauliflower Vest engineering team will host office hours every other Monday from 11am to 1pm Eastern Time. Office hours are available as a video conference via Google+ Hangout, or on the irc network freenode. Feel free to use or not use a webcam for the hangout.

Join the Google+ Hangout (with Extras) here:

https://talkgadget.google.com/hangouts/extras/talk.google.com/google-corpeng

We will simultaneously be present on freenode in:

#google-corpeng

Our next office hours will be on Monday June 4 2012, skipping Monday May 21. We meet every alternating following Monday.

Feel free to join and/or email the discussion list with questions at cauliflowervest-discuss@googlegroups.com. To reach only engineers on the project, email cauliflowervest-eng@googlegroups.com.

Thanks to Dorothy Marczak for the logo.