Enabling APFS (Encrypted) requires password every time I boot?

Discussion in 'macOS High Sierra (10.13)' started by SRLMJ23, Sep 17, 2017.

  1. SRLMJ23 Contributor

    SRLMJ23

    Joined:
    Jul 11, 2008
    Location:
    In between Syracuse, NY and Albany, NY
    #1
    So does enabling APFS (Encrypted) require me to enter my disk password every time I shutdown and power on, and every time I restart? I just want to make sure before I install High Sierra GM on my secondary MacBook Air to check it out.

    I do not want to have to enter my disk password every time I turn on my computer/restart. Thank you in advance for any help!

    :apple:
     
  2. mikecwest macrumors 6502a

    mikecwest

    Joined:
    Jul 7, 2013
    #2
    yes, you have to enter the password......that is kind of the point of the encryption.
     
  3. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #3
    Have to do the same thing with FileVault enabled.
     
  4. SRLMJ23 thread starter Contributor

    SRLMJ23

    Joined:
    Jul 11, 2008
    Location:
    In between Syracuse, NY and Albany, NY
    #4
    I am talking about as soon as the computer turns on, not at the actual login screen where you pick your user profile(s).

    I have FileVault turned on in macOS Sierra on my 2015 MacBook Pro and do not have to enter a disk password as soon as I turn on the Mac.

    So does anyone know if this is the case or not? The reason I ask, is because I was installing High Sierra (clean install) on my MacBook Air, and I chose APFS (Encrypted) and continued on with the install, and after it rebooted it asked for my "Disk Password" the same one I had to setup when I chose APFS (Encrypted) and once I typed it in, installation continued. However, I got a little freaked out because I do not want to have to do that every time I turn on my computer/restart, so I started a clean install over except this time I chose just normal APFS and never was asked for a password again except my normal login password.

    Thanks in advance, again!

    :apple:
     
  5. mikecwest macrumors 6502a

    mikecwest

    Joined:
    Jul 7, 2013
    #5
    I have apfs encrypted with FileVault turned on. I Need to enter the password if I reboot or cold start. I also enter a password at login.

    If you have encryption with no password, it kind of defeats the purpose of the encryption.
     
  6. SRLMJ23, Sep 17, 2017
    Last edited: Sep 17, 2017

    SRLMJ23 thread starter Contributor

    SRLMJ23

    Joined:
    Jul 11, 2008
    Location:
    In between Syracuse, NY and Albany, NY
    #6
    On my MacBook Pro, I do have to put in a password when I login and I have FileVault enabled on my MBP but it does not ask me for a password as soon as I turn on my computer, on reboot or cold start. It was not a setting I ever changed either.

    So I take it, it was the APFS (Encrypted) asking for the "Disk Password" as soon as my MacBook Air restarted since I never got that far into that install. That is all I want to know.

    Edit: My MacBook Pro is my main computer so I am still running macOS Sierra. The MacBook Air is my backup computer and is now running the GM of High Sierra, running just APFS.

    Thanks again.

    :apple:
     
  7. chrfr macrumors 604

    Joined:
    Jul 11, 2009
    #7
    On my Macs with Filevault enabled, the computer will not boot until I enter a password. This is the default operation; the computer cannot boot from a disk that hasn't been unlocked.
     
  8. Erdbeertorte Suspended

    Joined:
    May 20, 2015
    #8
    If a disk is already formatted as encrypted before installation you have to enter the disk password and the login password already with JHFS+ encrypted. But you can assign it somehow to your account and only have to enter it in the login window.

    Just enable FileVault after/while installation and you don't have to enter two passwords.
     
  9. coreyk macrumors member

    coreyk

    Joined:
    Oct 20, 2011
    Location:
    SF Bay Area
    #9
    Something similar happened to me when I was restoring from a Carbon Copy Cloner backup, where I would be prompted for a ‘disk’ password when I’d reboot instead of the normal FileVault password. This is not normal behavior under High Sierra, it should work just like you’re seeing with Sierra on your MBP.

    To fix it on your MacBook Air, if you can, turn off FileVault, let the drive decrypt, then re-enable FileVault, and the passwords will be synced up again.
     
  10. SRLMJ23, Sep 17, 2017
    Last edited: Sep 17, 2017

    SRLMJ23 thread starter Contributor

    SRLMJ23

    Joined:
    Jul 11, 2008
    Location:
    In between Syracuse, NY and Albany, NY
    #10
    Hmm, this is quite odd. I have FileVault enabled, and I can restart or cold boot without my Mac asking me for a password UNTIL I get to the login screen.

    In Settings--->Security & Privacy--->FileVault, it is confirmed as enabled and under settings it says... "WARNING: Your login password is required to decrypt your data. Your iCloud account can be used to unlock your disk and reset your login password if you forget it."

    I do not know why my computer boots to the login screen without asking me for a password as soon as the Mac is turned on? Very odd, any suggestions?

    :apple:
    --- Post Merged, Sep 17, 2017 ---
    Well, that will not work because I stopped that installation because I got a little freaked out when I saw it ask me for a "Disk Password" after restart. So I booted from my High Sierra GM USB stick and did the clean install over again, except this time I just went with straight up APFS. I have not yet enabled FileVault on my MacBook Air because it is indexing and because of the possibility I might have to do another clean install if this GM Candidate is not the final.

    I am glad you realized what I was talking about with my MacBook Pro. I knew FileVault was enabled! So thank you for confirming that I was not going crazy here.

    :apple:
     
  11. adrianlondon, Sep 18, 2017
    Last edited: Sep 18, 2017

    adrianlondon macrumors 65816

    adrianlondon

    Joined:
    Nov 28, 2013
    Location:
    Switzerland
    #11
    Seems to be some confusion here with people using "at boot" differently.

    I had Filevault enabled and now use APFS encrypted (which is still Filevault). When I turn my Macbook on, it shows me the logjn screen. Then I log in, and this also unlocks the drive. In other words, I log in with my password and that's all I need to do. The password does two things: (1) it unlocks the drive and (2) it logs me in.

    If you're being asked for multiple passwords then it could be that you didn't enable the user in Filevault. Is it a non-admin user? if so, log in as an admin user and enable Filevault for your non-admin user in System Preferences / Security & Privacy.

    if you're getting a password prompt as soon as you turn the laptop on and before any login screen appears, then it's a Firmware password. I don't use this, but I believe it can be enabled/disabled/changed f you boot into the recovery partition. Of course, you need your firmware password to do this.

    if you're getting a "Disk Password" on boot whilst in the middle of a High Sierra upgrade (I had this!) then I ended up doing a time machine restore. disabling Filevault and then running the upgrade before enabling Filevault again. This seems to be a bug.
     
  12. chrfr macrumors 604

    Joined:
    Jul 11, 2009
    #12
    The prompt for the firmware password only appears if a user tries to do something like hold the option key to boot from another disk. The firmware password prompt does not have a username associated, and looks like what's in this document:
    https://support.apple.com/HT204455
     
  13. adrianlondon macrumors 65816

    adrianlondon

    Joined:
    Nov 28, 2013
    Location:
    Switzerland
    #13
    Yeah, I know. I just didn't explain it very well :) I meant to type ... "if you're getting a *password* prompt as soon as you turn the laptop on" rather than login prompt. Edited.
     
  14. SRLMJ23, Sep 18, 2017
    Last edited: Sep 18, 2017

    SRLMJ23 thread starter Contributor

    SRLMJ23

    Joined:
    Jul 11, 2008
    Location:
    In between Syracuse, NY and Albany, NY
    #14
    It was an admin account, and yes I was getting a "Disk Password" prompt on boot. So I must have been getting the bug that asks for your disk password, because I was in the middle of the High Sierra clean install.

    Now, on my MacBook Pro that is on macOS Sierra with FileFault enabled, I have the same exact setup that you explained in your first paragraph:

    When I turn my MacBook Pro on, it shows me the login screen. Then I log in, and this also unlocks the drive. In other words, I log in with my password and that's all I need to do. The password does two things: (1) it unlocks the drive and (2) it logs me in.

    Thank you for your post. I knew I was not going crazy here, haha!

    Thank you everyone for your input and help!

    :apple:
     

Share This Page

13 September 17, 2017