Comment by Noaidi
21 hours ago
The same is true for Apple laptops! Take a look in your Passwords app and you will see it automatically saves and syncs your laptop decryption key into the cloud.
So all the state needs to get into your laptop is to get access from Apple to your iCloud account.
The iCloud Keychain is end-to-end encrypted.[0] Apple can't decrypt it.
That said, when setting up FileVault, you have the option to escrow your recovery key with Apple. If you enable that, Apple can get the recovery key.
[0] https://support.apple.com/en-us/102651
From the linked Apple page...
"For additional privacy and security, 15 data categories — including Health and passwords in iCloud Keychain — are end-to-end encrypted. Apple doesn't have the encryption keys for these categories, and we can't help you recover this data if you lose access to your account. The table below includes a list of data categories that are always protected by end-to-end encryption."
The FileVault keys are stored in the iCloud Keychain and Apple does not have access to them, full stop :-)
> Apple does not have access to them
Unless they are given a warrant, then they magically have access to your encrypted data.
https://www.businessinsider.com/apple-fbi-icloud-investigati...
If they can get access to your icloud, they can get access to your laptop if you store your decryption key in your keychain.
2 replies →
It does it without asking! Not opt in! It is put in your password keychain automatically.