Decrypt File Vault 2 before upgrading to ML?

Discussion in 'OS X Mountain Lion (10.8)' started by silverjam, Jul 11, 2012.

  silverjam

    Apr 25, 2012
    I usually do a fresh install so this has never worried me before but I have FV2 on my MBA and will only do an upgrade of ML when it comes out. I have heard stories that upgrading with FV2 active can cause problems. Should I decrypt (turn it off) first before undertaking the upgrade operation?

  RabidMacFan

    Jun 19, 2012
    You shouldn't have any problems going from 10.7 -> 10.8. The installer automatically handles this if you run it from the File Vault 2 encrypted drive first. Or, if you are installing from a 10.8 install disk, it will give you the option of unlocking the encrypted drive before installing.
  maril1111


    Mar 14, 2010
    True... but to be on the safe side, i would turn it off whilst upgrading and turn it on back again afterwards.. that way he definitely won't have any problems.. better be safe than sorry :)
  Bear
Sol III - Terra

    Jul 23, 2002
    Sol III - Terra
    I see two issues with turning it off and on.

    It can take several hours to a couple of days depending on the size of the disk (and what you are currently doing on the system) to decrypt it and the same to encrypt it again after the upgrade. And if the system in question is a MacBook (of some sort) then wall clock time will be even longer due to sleeping while be carried around in its bag.

    The second issue is what if something happens to the Mac while the disk is not encrypted. Specifically something that was the reason why you encrypt it in the first place?

    I will be doing my upgrade with FileVault 2 enabled.
  JohnDoe98

    May 1, 2009
    Right now on the ML GM, if you have Filevault installed it won't work. To get the installer to boot I had to turn off Filevault, so unless there is a change from GM to Final Release, you will need to turn Filevault off.
  NeoMayhem

    Aug 22, 2003
    I wasn't able to do an upgrade with FileVault turned on. No error messages or anything, but after the first reboot, my 10.7 install came back instead of the 10.8 installer.

    I ended up doing a clean install and turning on FV as soon as possible afterwards.

    10.8 is great though, seems very fast and stable.
  bogatyr

    Mar 13, 2012
    Encrypted TM backup.
    Delete partition.
    Install ML.
    Encrypt ML drive.
    Restore backup.

    Data never leaves encrypted space.

    The only reason I suggest this is that there is an issue installing ML GM with FV2 enabled.
  Cinder6


    Jul 9, 2009
    I was wondering if this was still the case. I had to disable Filevault when I installed DP4. I'm hoping it sees a fix, because I'd rather not put the wear on my Air's SSD when I go to install it on that...
  Anti-Lucifer

    Mar 9, 2012

    You can't clean install because fv2 will not allow you to erase or repartition or reformat unless you decrypt the entire drive first.

    I did both methods. First off FileVault 2 will not cause any problems. You must decrypt the volume upon startup and when you install ml with FileVault on, it will not matter. Then I did a clean install but you must decrypt the entire volume first. Then booting from ml installer, I used disk utility to wipe the drive then installed ml clean.

    FileVault 2 will not be a problem at all.
  NeoMayhem

    Aug 22, 2003
    I restored the InstallESD.dmg to a flash drive and booted from it. I then reformatted my MacBooks harddrive with disk utility, leaving it unencrypted.

    Unfortunately I was not able to get the upgrade from 10.7.4 to 10.8.0 to work with FileVault enabled. I tried several times, but gave up and did a clean install instead. It took less time to start from scratch and restore from an encrypted backup then to decrypt/encrypt the drive with my data on it.
  RabidMacFan

    Jun 19, 2012
    I upgraded to Mountain Lion 2 days after specifically turning on FileValue 2 and allowing the process to finish. I'm not sure why it's requiring some of you to decrypt first.

    Here are the steps I did for the install:

    1. Copied the Mountain Lion DMG to an SD card.
    2. Plugged the SD into the machine to be upgraded, while running OS X 10.7
    3. Ran the install program from the SD card
    4. The installer did some preparing, and eventually did a reboot. Then, it did the rest of the installation.

    I'm wondering if some of you having problems are booting off the ML install disk, rather than running it from an active 10.7 system.
  bogatyr

    Mar 13, 2012
    Boot into installer. Run disk utility. Mount the FV2 disk (select it, click unlock). Erase. Exist disk utility. Install.
  Anti-Lucifer

    Mar 9, 2012
    except you still have to decrypt the entire disk BEFORE you can erase or repartition. It's in the FILE menu of disk utility, that I know. You can unlock it but you cannot erase the entire drive unless it's decrypted.

    At least that is what I have tried without success
  NewbieCanada

    Oct 9, 2007
    I haven't done upgrades with FileVault2 active, but I've done reinstalls and internet recovery. No issues.
  bogatyr

    Mar 13, 2012
    I erased it after unlocking it today when I installed it on my personal laptop. Same method I used on my work laptop yesterday and same as I just posted. Make sure you change the file system to a non-encrypted version.
  Anti-Lucifer

    Mar 9, 2012
    thanks for the info -

    I had only one problem with mountain lion's filevault 2 feature. I have an external FW800 drive that is encrypted with FV2. I mounted it, then went in to the disk utility to unlock and repartition only to have it error out. I didn't get the error message in time but the drive will not mount at all in ML after that. I had to plug it into my mac mini running Lion and using disk utility I was able to repartition. This may be a bug with ML

    The FW800 external drive was encrypted in LION's FV2 previously.
  JohnDoe98

    May 1, 2009
    There's your answer. If you try and install it from the disk that has FileVault on it, it won't work. If you do it on another drive, then that's fine.


    How do you boot into the installer with FileVault turned on? That's the problem, it won't let you do that.
  NeoMayhem

    Aug 22, 2003
    You can erase an encrypted drive at anytime. To partition without erasing, you are correct, it must be decrypted first.

    Attached Files:

  bogatyr

    Mar 13, 2012
    Hold down ALT with a bootable drive (USB or SD) inserted in the system when you power it on. Works for me without issue.

    Alternatively you could use system recovery (CMD-R) at boot, then use the disk utility in that.
  JohnDoe98

    May 1, 2009
    I was talking about using the built-in drive exclusively. With FileVault on you can't install ML. Booting to a USB is changing the subject, and Disk Utility won't do bugger all for you.
  21. silverjam, Jul 11, 2012
    Last edited: Jul 11, 2012

    silverjam thread starter

    Apr 25, 2012
    Well as the thread starter... I think the question is sort of answered. There seems to be a number of suggestions that FV will cause issues, even though some have said it won't. So I have disabled file vault in anticipation of ML. That is not so much of a problem for me as I have two MBA's and a MM Server with a SSD in it so it only took 35 mins or so to decrypt the Macs.

    I'll just borrow my next door neighbours guard dogs to keep the house safe with FV2 is off.

    Thanks, Silver
  silverjam thread starter

    Apr 25, 2012
    On a slightly separate note but in relation to the above comments, If you are wanting to wipe your SSD drive properly and restore it to factory state before you do a fresh install of ML you can do a Flash Firmware Secure Erase. This is not an overwrite (as over writing does not work properly on SSD's). This is a linux command sent to the Nand Controller to reset the Nand Cells to Zero. I explain how to do it here:

    It has worked on the MBA 2010, 2011 and MM Server 2011 and MM (OCZ Agility 3).

    It sounds deep but is actually very simple. You also end up with a great linux boot disk that works on Macs that allows you to do all of the above issues like erasing an encrypted disk etc etc. I use it more for reseting my SSDs in my MBAs when I do a fresh install.

    If you don't understand why a SSD won't allow for secure erase with over writing then google the FAST Paper that was done on this subject.

    Stay cool.

  TheMaJa
Rostock, Germany


    Apr 6, 2009
    Rostock, Germany
    I never should have read this thread.

    As suggested here I turned off FV2 before upgrading from 10.7.4 to 10.8 GM. By upgrade I mean I installed 10.8 over 10.7.4 with the installer from the App Store. No problems during the installation/upgrade process.

    But now I can't turn on FV2 again :-(. Shortly before the required reboot an error pops up: "FileVault failed. Could not write start file." Konsole says: "CoreStorage conversion failed with mainError: -69853".

    Before someone asks, yes I have a recovery partition on my Macintosh HD drive.

    I think it was a big mistake to deactivate FileVault. Now I don't know what to do to get it back.

    I have
    - a Time Machine backup of my 10.7.4 system (not touched by 10.8)
    - a SuperDuper clone of my 10.7.4 Macintosh HD drive on an USB disk

    What's the best way to get an FileVault encrypted 10.8?

    Any hints welcome!
  NeoMayhem

    Aug 22, 2003
    I would do a clean install of 10.8 and then use the Migration Assistant to import your files/settings from one of your backups after you turn on FV2.
  coughalot

    Jul 6, 2011

    I use FV2 and went:

    10.7.4 -> DP4 -> GM via the App Store (DEV).

    No problems.

