I read a lot about FileVault and APFS in the last hours, but it still does confuse me. I learnt about 2 types of recovery keys for FileVault, personal recovery key and institutional recovery key. According to what I read the personal one does only work on the same device (if the Mac is broken, access will be impossible) and the institutional one does require an MDM, a PKI and needs to be configured before the volume is encrypted.
Isn’t there any device-independent recovery key that I can export from an unlocked volume an (und use for unlocking on any device)? I know this from Windows Bitlocker and it is very handy, because in many situation you do not have to mess around with protectors/cryptousers, TPM/T2-chips and similar device-specific things. Basically export the AES-key of the drive or something fully equivalent.
I read about a “secure token” but I did not really understand it, maybe that is what I am thinking about?