Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Akimz01

macrumors newbie
Original poster
Jun 17, 2020
4
0
Hi to all,

I have the following problem that makes me going nuts. I have spent 3 days in trying to get this issue out of my way. Without success.
Now I have searched here for a thread but didn't find what I was looking for, for a Guide...

I am currently using macOS High Sierra (10.13.5) on a MacBook Pro (late 2013) with macOS Extended (Journaled, encrypted).
For security purpose I have activated FileVault with Disk Password to enter before boot up. This is for me the most secure option (please correct me if I am wrong).
Now I tried many times to install a new Version of Mojave on my cleaned up SSD. After it was installed I was asked for the Disk Password to unlock the drive. Followed by the usual setup (answering some questions) macOS Mojave was running well. I restarted MBP and I wasn't ask for the Disk Password to unlock the Drive. Instead the MBP booted up and asked me the account password. The same problem I have with macOS Catalina. After installing and setup of the macOS the MBP didn't ask me for the Disk Password anymore.
It seems that I don't have the knowledge to get it work to be asked for the Disk Password every time I boot up the MBP.
Is someone able to show me or direct me to an easy-to-understand guide? I know Mojave and Catalina working on APFS (instead of extended journaled, encrypted).
Is there a way to make it work?

Thank you guys for your help and great patience with me. I am not a tech guy

greetings
Akim Alexei
 
Last edited:
it's not clear to me what problem you are having. Upgrading or installing MacOS will work fine as long as you know the encryption key.
 
it's not clear to me what problem you are having. Upgrading or installing macOS will work fine as long as you know the encryption key.

Thank you for your response. I have edit the post and hope that I made it more clear (my thoughts jumped in a sudden and I left out something).
It is a problem when I install macOS Mojave or Catalina after cleaning up and formatting the drive.
I have the password (that I have set) when I formatted the SSD.
The problem is that my MBP doesn't ask me for the Disk Password (that I have setup during formatting the SSD) after install and setup of Mojave or Catalina.

I want to be asked to enter the Disk Password before boot up (that I have setup during formatting the SSD).
Instead, after the setup, when I switch on the MBP it will continue to boot up the system until to the user account password.
 
Last edited:
Thank you for your response. I have edit the post and hope that I made it more clear (my thoughts jumped in a sudden and I left out something).
It is a problem when I install macOS Mojave or Catalina after cleaning up and formatting the drive.
I have the password (that I have set) when I formatted the SSD.
The problem is that my MBP doesn't ask me for the Disk Password (that I have setup during formatting the SSD) after install and setup of Mojave or Catalina.

I want to be asked to enter the Disk Password before boot up (that I have setup during formatting the SSD).
Instead, after the setup, when I switch on the MBP it will continue to boot up the system until to the user account password.
I am going to speculate here.

It might the difference between HFS+ based FileVault and APFS FileVault. HFS+ used Core Storage to implement FileVault. For APFS, encryption is included. It might be the case that the separate disk password was a Core Storage feature.

DS
 
I am going to speculate here.

It might the difference between HFS+ based FileVault and APFS FileVault. HFS+ used Core Storage to implement FileVault. For APFS, encryption is included. It might be the case that the separate disk password was a Core Storage feature.

DS


I have read it before somewhere (I think, but I don't understand).
But what is the difference in details? Is it the same level of security as in High Sierra under extended journaled vs. Mojave or Catalina under APFS?

For me it's a higher security to enter physically a Disk Password before booting up any system.

Please correct me if I am wrong, I just see black and white and don't understand what going on at the background of a system.

Is it the same level of security but just a new type of implementation?
 
Last edited:
install a new Version of Mojave on my cleaned up SSD

This might be the rub.

Apologies if missed it, but, have you verified that FileVault is actually on? If you wiped the SSD before installing, that "turned off" FileVault.
 
Apologies if missed it, but, have you verified that FileVault is actually on? If you wiped the SSD before installing, that "turned off" FileVault.

I have checked the FileVault and its on
[automerge]1592513337[/automerge]
What is exactly missing on my Screen is the following immediately after I on the MBP.

WhatsApp Image 2020-06-18 at 22.31.39.jpeg


It is a screenshot from my MBP with High Sierra installed when I boot up
 
Last edited:
I have checked the FileVault and its on
[automerge]1592513337[/automerge]
What is exactly missing on my Screen is the following immediately after I on the MBP.

View attachment 925100

It is a screenshot from my MBP with High Sierra installed when I boot up
You might be able to what you want using the command line diskutil.

In a terminal window, use man diskutil to see all of the options. The diskutil apfs encryptVolume command has an option for a -user disk.

This would require turning off FileVault first. And it appears that the diskutil command would have to be done to both the system and data volumes. Needless to say, this a VERY risky approach and could render the system unable to boot.

If you use the diskutil apfs list command with FileVault active you can see the current state.
Code:
xxxx: zzz$ diskutil apfs list
APFS Container (1 found)
|
+-- Container disk1 3BEAE5D6-797A-4B0B-B86E-0DE7437ADB3B
    ====================================================
    APFS Container Reference:     disk1
    Size (Capacity Ceiling):      500068036608 B (500.1 GB)
    Capacity In Use By Volumes:   255426904064 B (255.4 GB) (51.1% used)
    Capacity Not Allocated:       244641132544 B (244.6 GB) (48.9% free)
    |
    +-< Physical Store disk0s2 58F4147A-1E3B-4808-AB9E-6662BFABC7C9
    |   -----------------------------------------------------------
    |   APFS Physical Store Disk:   disk0s2
    |   Size:                       500068036608 B (500.1 GB)
    |
    +-> Volume disk1s2 7808D72D-9C79-4996-BD9D-0A73876FF5C7
    |   ---------------------------------------------------
    |   APFS Volume Disk (Role):   disk1s2 (Preboot)
    |   Name:                      Preboot (Case-insensitive)
    |   Mount Point:               Not Mounted
    |   Capacity Consumed:         85520384 B (85.5 MB)
    |   FileVault:                 No
    |
    +-> Volume disk1s3 0256B625-8294-4038-8816-546629693DBC
    |   ---------------------------------------------------
    |   APFS Volume Disk (Role):   disk1s3 (Recovery)
    |   Name:                      Recovery (Case-insensitive)
    |   Mount Point:               Not Mounted
    |   Capacity Consumed:         528502784 B (528.5 MB)
    |   FileVault:                 No
    |
    +-> Volume disk1s4 B45C2266-58E2-403B-8E2D-9CF4280AEE45
    |   ---------------------------------------------------
    |   APFS Volume Disk (Role):   disk1s4 (VM)
    |   Name:                      VM (Case-insensitive)
    |   Mount Point:               /private/var/vm
    |   Capacity Consumed:         3222294528 B (3.2 GB)
    |   FileVault:                 No
    |
    +-> Volume disk1s5 65B255B6-EB33-4BCE-A6C8-B62A5BE88BF6
    |   ---------------------------------------------------
    |   APFS Volume Disk (Role):   disk1s5 (Data)
    |   Name:                      Catalina HD - Data (Case-insensitive)
    |   Mount Point:               /System/Volumes/Data
    |   Capacity Consumed:         240232296448 B (240.2 GB)
    |   FileVault:                 Yes (Unlocked)
    |
    +-> Volume disk1s6 A36114C6-61B1-4C82-B113-C051EB3B5109
        ---------------------------------------------------
        APFS Volume Disk (Role):   disk1s6 (System)
        Name:                      Catalina HD (Case-insensitive)
        Mount Point:               /
        Capacity Consumed:         11196669952 B (11.2 GB)
        FileVault:                 Yes (Unlocked)


And this shows who is eligible to unlock the volumes.
Code:
xxxx: zzz$ diskutil apfs listUsers disk1s6
Cryptographic users for disk1s6 (4 found)
|
+-- 139F8D13-E58E-4C7A-954E-52694D73F9B0
|   Type: Local Open Directory User
|
+-- 5CC3155A-DFE6-4C4F-A725-97660907961E
|   Type: Local Open Directory User
|
+-- B002745A-E411-4673-8FE1-DFDF3090BB0E
|   Type: Local Open Directory User
|
+-- EBC6C064-0000-11AA-AA11-00306543ECAC
    Type: Personal Recovery User

When using the system preferences method to enable FileVault, there is an prompt to identify which additional users are eligible to unlock the disk.

DS
[automerge]1592603985[/automerge]
Dang, I forgot I was still in the Mojave thread. I suspect the concepts are the same but no separate data volume.

DS
 
I am curious about Disk Password (DEK). I though this was applicable only to Lion and Mountain Lion.

By using DEK, the drive is encrypted at erase and acts like a FileVault encrypted volume, but there is no “recovery” key created. The volume will not mount without the Disk Password.

Going to try this later.

I would like to have Snow Leopard as a 2nd partition. In order to use DEK, I assume I would have to do a Mountain Lion install as DEK (FileVault 2) and add Snow Leopard (FileVault 1) to the 2nd partition. My concerns are whether Snow Leopard will run under a DEK partition and if DEK will cause problems with backups (TimeMachine and Carbon Copy Cloner)?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.