Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: jaeremix10
jaeremix10 Author
User level: Level 1
11 points

Smart card-only authentication (Yubikey) not happening on boot up w/ macOS Big Sur

Hello,


So I recently purchased a Yubikey 5 NFC, and I am trying to make it to where I cannot log into my MacBook Air without the Yubikey. It works very well if the screen becomes locked while the laptop is already on, but on first boot, it doesn't require me to have my key at all. I can get directly into my system with just my user password, which is what I don't want.


I have referenced the two guides below to no avail. I was wondering if anyone had any input? Maybe a simple setting I'm missing in preferences? Or maybe I'm doing something wrong.


https://support.apple.com/en-us/HT208372


https://support.apple.com/guide/deployment-reference-macos/configuring-macos-smart-cardonly-apdd3d1cd57d/1/web/1.0


Thank you,


Jordan

MacBook Air 13″, macOS 11.2

Posted on Feb 26, 2021 3:00 PM

Reply

Similar questions

4 replies
User profile for user: jaeremix10
jaeremix10 Author
User level: Level 1
11 points

Feb 28, 2021 3:38 PM in response to Lindsay_B.

Hello Lindsay,


Thank you for the suggestion. I referenced the quick troubleshooting guides on Yubico's website and they unfortunately didn't help. I will submit a ticket.


For documentation purposes on this thread for anyone reading in the future, I have so far tried the following:


  1. Installed the smart-card only authentication sample profile provided by apple, and enabled smart-card only authentication for the terminal's LOGIN command (both of these can be found in the following article): Configure macOS for smart card-only authentication - Apple Support
  2. Ran the following command referenced in this article: Configuring macOS for smart card–only authentication - Apple Support
sudo defaults write /Library/Preferences/com.apple.security.smartcard enforceSmartCard -bool true


I will keep this thread posted as I progress. Thank you!


Jordan

Reply
User profile for user: jaeremix10
jaeremix10 Author
User level: Level 1
11 points

Mar 10, 2021 9:33 PM in response to jaeremix10

Hi all,


Writing this a couple weeks later. Yubico support got back to me. Apparently it was the fact that FireVault was enabled on my Mac that I couldn't login with my YubiKey at start up. FireVault is a security mechanism in macOS that keeps your entire drive encrypted until your password is entered. This cannot be bypassed at all; not even with a security key. This is why the password is necessary, unless FireVault is turned off.


You can turn it off by going to System Preferences > Security & Privacy > FireVault. This could take a while to accomplish depending on hard drive size. Personally, I just undid my key, since it is a pain to have to use it to log in every single time, but I thought I'd write it down for anyone in the future with this question.


Thanks!


Jordan

Reply
User profile for user: Lindsay_B.
Lindsay_B.
User level: Community Specialist

Feb 28, 2021 12:11 PM in response to jaeremix10

Hi there, Jordan,


Thank you for visiting the Apple Support Communities. It sounds like you need help with third party hardware manufactured by Yubico. We are happy to provide you with some direction.


Based on what you have described, we would recommend reviewing the following support articles, provided by Yubico:


Basic YubiKey Troubleshooting – Yubico


Troubleshooting the macOS Logon Tool after a system update – Yubico


If the issue continues after that, please get in touch with Yubico directly. You can do that here: Submit a request – Yubico.


Best.

Reply

Smart card-only authentication (Yubikey) not happening on boot up w/ macOS Big Sur

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up