Hi, A user logs in to the file vault, and DisableFDEAutoLogin is false. The file vault login succeeds, but the login to the selected user fails. The user gets the login screen again. If the user puts an invalid password to try and login again, the loginwindow:FDESupport plugin will change the user's password to the invalid one.

Hi, I have a set of plugins which are registered for login. One of them is a custom ui view for the login screen. The scenario: 1.DisableFDEAutoLogin is false. 2.The User logs in to the file vault login screen. 3.The security plugins are activated, and working. 4.We get any kind of an error from the plugins, and therefore the login fails. 5.We get a native login screen, after the denial of authorization. 6.In case that DisableFDEAutoLogin is true, I do get the custom login screen, after the file vault login. My question: Why dont I see the custom login screen, after the auto login fails? Cheers Sivan

Hi, I have a bundle with my custom lock screen which is a subclass of SFAuthorizationPluginView. I have implemented : override func view(for viewType: SFViewType) -> NSView? and override func buttonPressed(_ inButtonType: SFButtonType), as required in apple's documentation. I have replaced the default UI in the system.login.screensaver.plist with my mchanism. (the custom plist is in the end of this post) When I lock the screen, I get a black screen with the mouse hovering over. I can see in my logs that my view is loaded and the overriden function view(for viewType: SFViewType) is called. When I change the authenticate.plist to display my custom UI, it is displayed properly. Why do I get a black screen when activating the lock screen, but do get my UI when authentication is needed? What I am missing with the lock screen? Here is the system.login.screensaver.plist: ################################################################## <key>class</key> <string>evaluate-mechanisms</string> <key>comment</key> <string>The owner or any administrator can unlock the screensaver, set rule to &quot;authenticate-session-owner-or-admin&quot; to enable SecurityAgent.</string> <key>created</key> <real>711292439.260325</real> <key>mechanisms</key> <array> <string>MyBnndle:LockScreen</string> </array> <key>modified</key> <real>717407094.6108691</real> <key>shared</key> <true/> <key>tries</key> <integer>10000</integer> <key>version</key> <integer>1</integer> cheers, sivan

Hi, Is there a way to restrict calls to a launch daemon? Can I allow only my app to use my daemon? cheers, sivan

Hi, I am trying to enable a smart card reading on my mac M1 with Ventura. I tried csrutil disable, and then sudo security authorizationdb smartcard enable. I get - NO (-60005). any ideas why? cheers sivan

Hi, I have a mac with M1 pro. I installed libfido2 with homebrew. I took the static libarary - libfido2.a and added to a xcode project (simple app). In this project I am just trying to test the libfido2, to see if its working. When building I get : Undefined symbols for architecture arm64: "_BN_CTX_end", referenced from: _es256_pk_to_EVP_PKEY in libfido2.a(es256.c.o) _es256_pk_from_EC_KEY in libfido2.a(es256.c.o) any ideas why, and how to fix this? cheers

Hi, Is there a way to run a security/authorization plugin for the file vault login? I can edit the system.login.console and insert my plugin, but this doesn't apply to file vault login. Does Apple support this use case? cheers, sivan

Hi, I have an authorization plugin for macOS. It uses Core BLE to authenticate the login user with a near by mobile phone. The BLE session is denied since Monterey 12.3. This Security Agent Plugin for macOS is using the CBPeripheralManager and implementing the CBPeripheralManagerDelegate. Since Monterey 12.3, I get the CBManagerState.unauthorized when trying to access BLE. Its a new behavior. Anybody with insights on this? cheers