Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

destroyfvkeyonstandby requires additional pmset settings in order to avoid system shutdown

See original GitHub issue

I’m wondering if anyone has tried the combination of OSX Login via Yubikey (https://www.yubico.com/why-yubico/for-individuals/computer-login/mac-os-login/) with the pmset -a destroyfvkeyonstandby 1 system configuration enabled to destroy the file vault key.

I have both of these set on a machine, and when I put my computer to sleep, upon waking it later I often find that the system has turned itself entirely.

I suspect that this is because of a negative interaction between these two configurations – that removing my YubiKey during the sleep process is depriving the system of something it wants in order to stay on while the FileVault key is no longer accessible.

Similar experiences or suggestions on how to troubleshoot this are welcome.

Issue Analytics

State:
Created 7 years ago
Comments:34 (3 by maintainers)

Top GitHub Comments

2reactions

kun-zhoucommented, Aug 4, 2017

I suppose that’s where Linux excels when you want to hack things around, I am so done adjusting these setting…. But macOS and its huge trackpad is just so intuitive comparing to any Desktop Environment on Linux or PC trackpad and I am willing to sacrifice security for convenience.Just make sure keep your laptop with you most of the time.

1reaction

kun-zhoucommented, Apr 17, 2017

I am on Sierra 10.12.4 with late 2016 Macbook Pro without touchbar. It seems like my computer is still not sleeping and waking properly. Here are my settings:

System-wide power settings:
 DestroyFVKeyOnStandby		1
Currently in use:
 standbydelay         0
 standby              0
 halfdim              1
 hibernatefile        /var/vm/sleepimage
 powernap             0
 gpuswitch            2
 disksleep            10
 sleep                10
 autopoweroffdelay    28800
 hibernatemode        25
 autopoweroff         0
 ttyskeepawake        1
 displaysleep         1
 acwake               0
 lidwake              1

Here is when things go wrong on my machine. I close the lid. After 1 minute, I open the lid, it prompts me for filevault key. IF I DO NOT ENTER IT AND CLOSE THE LID AGAIN, THE COMPUTER SHUTSDOWN WHEN I OPEN THE LID ONE MINUTE LATER.

In my pmset -g log, I see the following:


Time stamp                Domain              	Message                                                                    	Duration  	Delay     
==========                ======              	=======                                                                    	========  	=====     
UUID: (null)
2017-04-17 13:51:09 -0400 Start               	powerd process is started                                                  	          
2017-04-17 13:51:09 -0400 Assertions          	Summary- [System: No Assertions] Using Batt(Charge: 73)          
2017-04-17 13:51:09 -0400 HibernateStats      	hibmode=0 standbydelay=0                                                   	          0         	
Sleep/Wakes since boot at 2017-04-17 13:51:09 -0400 :0   Dark Wake Count in this sleep cycle:1

Time stamp                Domain              	Message                                                                    	Duration  	Delay     
==========                ======              	=======                                                                    	========  	=====     
UUID: Unknown UUID
2017-04-17 13:51:09 -0400 Failure             	Sleep Failure [code:0xFFFFFFFF0400001F]:

I also see a sleep failure here.

I think apple’s pmset is pretty broken and poorly documented. I don’t know I should even trust the computer to destroy the filevault key properly during sleep and we have little control over when the computer actually enters the standbymode and destroy the filevault key.

Top Results From Across the Web

destroyfvkeyonstandby requires additional pmset settings in order to ...

destroyfvkeyonstandby requires additional pmset settings in order to avoid system shutdown. OS-X-Yosemite-Security-and-Privacy-Guide.

destroyfvkeyonstandby question - Apple Support Communities

When I power on or reboot, there's a screen with the user icons and names, and the two options at the bottom are...

pmset - Manipulate power management settings on macOS

pmset manages power management settings such as idle sleep timing, wake on administrative access, automatic restart on power loss, etc.

Sleeping mode and start up inconsistens behaviour

I have FileVault activeted. When I shut the computer and come back after two hours, sometimes the computer seems to be in "deep...

pmset Man Page - macOS - SS64.com

pmset must be run as root in order to modify any settings. See man pmset for a description of power management with more...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

destroyfvkeyonstandby requires additional pmset settings in order to avoid system shutdown

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

Alternative shasum 0e063fd87d5b0a4f68dbd35da95b2018748f88eb for InstallESD.dmg for OS X 10.10.5

dnsmasq doesn't resolve 127.0.0.1