| ▲ | pseudalopex 4 days ago | ||||||||||||||||
> Tahoe now escrows your FileVailt key to the iCloud keychain, even if that is something you explicitly opted out of before. Yes and no according to Glenn Fleishman. Storing FileVault recovery keys in iCloud Keychain wasn't a choice before. The old iCloud recovery method wasn't end to end encrypted. But iCloud Keychain is. So calling it escrow is debatable. And old recovery keys aren't added to iCloud Keychain. But new recovery keys are stored in iCloud Keychain if enabled.[1] [1] https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-... | |||||||||||||||||
| ▲ | adastra22 4 days ago | parent [-] | ||||||||||||||||
I can confirm that old recovery keys are added to the iCloud Keychain, even if you explicitly opted out of iCloud recovery before. This is exactly what happened to me when I upgraded my systems to macOS 26 yesterday. iCloud Keychain is NOT the same security as a hardcopy written down recovery key, which is what I used before. This is absolutely a forced change in security policy that was not communicated or opted into by the user. | |||||||||||||||||
| |||||||||||||||||