A way to bypass it _should_ be possible, but will entail having the System volume of the volume group to have different properties than the Data part.
Otherwise the OS will fail to load. (on Apple Silicon Macs, macOS is fully booted already when you input the password, so if you encrypt macOS...)
On older Macs, a Preboot UEFI application application prompts you for the password prior to booting.
What you can do as a workaround:
Create a second account which you'll only use to unlock the drive and then run sudo fdesetup add -usertoadd unlockUser and then sudo fdesetup remove -user PrimaryUser.
That'll give the rights to unlock the drive only to that unlock user.
You can also use sudo fdesetup removerecovery -personal to destroy the ability of the recovery key to unlock the drive.
Does this mean that every user account has their own data volume or that every user account has their home folder encrypted on a per-file basis? Or neither?
What is the privacy implications of two users (both with administrator accounts) sharing an Apple Silicon Mac?
Was carried over from iOS.
A way to bypass it _should_ be possible, but will entail having the System volume of the volume group to have different properties than the Data part.
Otherwise the OS will fail to load. (on Apple Silicon Macs, macOS is fully booted already when you input the password, so if you encrypt macOS...)
On older Macs, a Preboot UEFI application application prompts you for the password prior to booting.
What you can do as a workaround:
Create a second account which you'll only use to unlock the drive and then run sudo fdesetup add -usertoadd unlockUser and then sudo fdesetup remove -user PrimaryUser. That'll give the rights to unlock the drive only to that unlock user.
You can also use sudo fdesetup removerecovery -personal to destroy the ability of the recovery key to unlock the drive.