Fully working Filevault, Boot Screens, Mojave, Firmware and 2010 Mac Pro

seek3r

macrumors 6502a
Original poster
Aug 16, 2010
522
201
EDIT: Update later in the thread about EFI partition and NVMe boot drive

Figured I'd post my experience of caveats, trials, and tribulations in getting an upgraded 2010 Mac Pro from blank drive to Mojave for anyone else who this might help. The machine had been running El Capitan for a while, and I hadnt been using it much.

I had updated the CPU a long time ago (I needed virtualization extensions for Docker, also got an extra 2 cores out of the upgrade :) ) and added RAM, neither of which had any impact on this so I'm going to leave those off.

I started with a newer, larger SSD than I had before (250GB Samsung 850 I had lying around) and a PCI-E --> SATA 3 (6gbs) card to mount it on instead of in one of the bays.

I picked up an NVIDIA GTX 680 (EVGA ref model I found on ebay), flashed properly (there's about 50 threads on that process here so I'm not going to delve into it). The GTX 680, when flashed, unlike a lot of the metal capable cards that you can use with Mojave has boot screens, which I'll come back to in a sec.

I tried installing High Sierra directly first, found out that the machine needed a firmware update and for some reason the shutdown button to do it remained grayed out. I installed El Capitan first on the (it turns out correct) assumption that using the installer inside a booted OS instead of booting into the installer might help. I suspect Sierra would be fine too, but I had an El Capitan installer handy but not a Sierra one. Because of the firmware req using an install from another machine or target disk mode wasnt an option.

Installing El Capitan went fine, but when attempting to install High Sierra ran into the snag that the card the SSD was sitting on shows as an "external" drive to the OS and HS claims it cant install without an EFI partition. If you go to a faster pcie SATA option as I did you may run into this or not depending on the card. Temporarily moved the SSD into a drive bay, ran the installer, firmware updated, HS installed.

Repeated the process with Mojave, another firmware update and the full install later and mojave was running.

Now I tried to enable Filevault (because hey, I have boot screens) and discovered that Apple has a check that stops you from enabling it on a 5,1 in Mojave, even if you have a card that has boot screens.

Rather than directly work around that check I shut the machine down, booted it in target disk mode, booted my laptop off that, enabled filevault, rebooted the mac pro. Viola, filevault!

Moved the SSD back to its 6gbs card, enabled trim via trimforce: fully working Mojave install, faster SSD, filevault and all, on a 5,1.

Dont know if this will help anyone else, but I hope so.
 
Last edited:

bsbeamer

macrumors 68040
Sep 19, 2012
3,675
1,949
If basically working around to enable FileVault, be sure to frequently backup your data. Also keep an eye on updates and firmware in the future. You may have trouble installing them without first disabling FileVault.
 
  • Like
Reactions: seek3r

seek3r

macrumors 6502a
Original poster
Aug 16, 2010
522
201
If basically working around to enable FileVault, be sure to frequently backup your data. Also keep an eye on updates and firmware in the future. You may have trouble installing them without first disabling FileVault.
Absolutely, though you should always back up your data this workaround or not :)
 

seek3r

macrumors 6502a
Original poster
Aug 16, 2010
522
201
Agreed. I suspected this was possible but hadn't seen anyone confirm it until seek3r's post. Great work!
It seems like they erred on the side of caution because it allowed them to have a larger list of supported graphics cards for mojave and didnt want people to accidentally lock themselves out of their machines - so they tossed in a check on *enabling* filevault, but didnt go deeper than that (I guess either on the assumption that if you work around their check it's on you if you cant boot into your install or because they simply dont care to put in a lot of work into supporting 9 year old workstations, just the min to let people clinging to them work until the real replacement is ready :) )
 

bookemdano

macrumors 65816
Jul 29, 2011
1,318
744
It seems like they erred on the side of caution because it allowed them to have a larger list of supported graphics cards for mojave and didnt want people to accidentally lock themselves out of their machines - so they tossed in a check on *enabling* filevault, but didnt go deeper than that (I guess either on the assumption that if you work around their check it's on you if you cant boot into your install or because they simply dont care to put in a lot of work into supporting 9 year old workstations, just the min to let people clinging to them work until the real replacement is ready :) )
Yeah, they had a dilemma after deciding to put the cMP on the Mojave compatibility list. None of the OEM GPUs supported Metal, and neither of the "Mac Edition" Metal GPUs (Sapphire ATI 7950 and EVGA Nvidia GTX 680) were still in production. And well, there weren't enough resources (read: $$) to completely re-write the cMP's firmware to display boot screens on modern UEFI GPUs. So their solution was a kludge: recommend two off-the-shelf cards that already had driver support in the OS but no ability to show boot screens, and then put checks in the OS to gimp the macOS features that require them. In addition to FileVault, Bootcamp Assistant is another app they blocked from running on the cMP under Mojave.

But as you've found out, there are still ways around it. Windows can just be installed manually, and FileVault can still be enabled via the method you used, or by using DosDude1's Mojave Patcher to remove the platform checks from the Mojave installer. That allows you to set up FileVault (well, more accurately APFS Encryption) on your macOS partition prior to installing Mojave.

That method results in a different experience than true FileVault though--namely that at boot you have to enter a disk password (that you chose at the time you formatted the volume). Then once macOS boots you have to log in with your user account. The method you used is superior IMHO because it gets you the intended FV experience, where at boot time you enter your account password and then after boot it auto-logs you in.

Both methods end up with an encrypted disk though, so in that regard they are equivalent.
 

seek3r

macrumors 6502a
Original poster
Aug 16, 2010
522
201
So just a quick update to this: after seeing how nicely everything worked and seeing that the firmware updates allowed for NVMe boot I bought and tossed in an NVMe SSD and PCIe adapter to replace the SATA drive and its adapter and discovered that while the problem with the missing "firmware partition" may be due to the drives being seen as "external" so installs dont see the EFI partition properly, it's pretty easily fixable by cloning an EFI partition from a working boot drive (I literally just cloned it using dd, but I'm sure that you could do it in a less extreme manner, or just bless the partition maybe, I didnt bother trying -I took the sledgehammer approach)

Everything otherwise worked just the same with the NVMe drive and the 140 firmware (havent tried to update to 141 yet), and the NVMe drive is visible from target disk mode so the filevault trick still works without having the pull the drive into an adapter or anything
 
Last edited:

bob.vicktor

macrumors newbie
Feb 25, 2015
4
0
Cool. I hadn't bothered trying to turn FileVault on after upgrading to Mojave (not too worried about someone waltzing off with my 45+ pound computer where I live...), but I might just do it now that I know someone else has done so successfully.

I haven't tried this myself, but I believe I may have stumbled on something a couple days ago that might help with the unlock on mount situation. If you type `diskutil apfs` in the terminal it gives a list of commands. One of them is:

`listUsers (List cryptographic users/keys of an APFS Volume)`

I can't remember what all I found out, but if I'm not mistaken that command lists the users that can unlock the volume, so there should also be a way to add to that list from the command line as well (a quick browse through the man page for diskutil does make it sound possible, but only before encrypting if I understood correctly). There is also this command:

`encryptVolume (Enable FileVault security in background or instantly)`

which means we (Mac Pro users) should be able to use to encrypt the drive directly installed in the Mac Pro without needing to move it or boot in target disk mode first. (Side note, apparently Catalina removed FireWire boot support, so no booting from Firewire drives on Catalina Macs. RIP FireWire. 😢)

I have been happy with Mojave on my Mac Pro. I can't let it sleep, but that's not too big a deal. I have it constantly folding and occasionally run some VM servers on it, so I don't want it sleeping too often anyway. 😜

I was blessed to find a Mac Pro that came with a Mac Edition EVGA GTX 680 (what the name!) on eBay a few years ago. I can't remember if Metal had come out for the Mac yet, but I was excited to have the powerful card at least. Then when Mojave made a metal supported GPU a requirement boy was I glad to see the GTX 680 on the list! 😄 So at least that much I haven't had to worry about.

EDIT:

I forgot to throw this in here as well:

Maybe this will help with the user login disk unlock situation as well?...

 
Last edited:

Coyote2006

macrumors 6502a
Apr 16, 2006
503
230
FileVault is a nightmare. I almost lost all of my (backup)data. Unless you're travelling around (using a MacBookPro) or sharing a Network with others, I don't see a reason to activate it (on a MacPro 5,1). Activate the Firewall and use Avast Security.
 

seek3r

macrumors 6502a
Original poster
Aug 16, 2010
522
201
FileVault is a nightmare. I almost lost all of my (backup)data. Unless you're travelling around (using a MacBookPro) or sharing a Network with others, I don't see a reason to activate it (on a MacPro 5,1). Activate the Firewall and use Avast Security.
FV solves a very very different set of problems than anti-virus software or firewalls do...

That's like saying "I got into a car accident, don't buy cars anymore, buy pineapples!"
 
  • Haha
Reactions: thisisnotmyname

Ludacrisvp

macrumors 6502a
May 14, 2008
710
311
or do this for FV2 if you have no other mac...
 

seek3r

macrumors 6502a
Original poster
Aug 16, 2010
522
201
For Catalina, for anyone wondering, I ended up just attaching the nvme drive to my supported MBA wiht a USB adapter, installing Catalina, enabling FV, and dropping the drive back in the MP. Disabled the compat check on boot and everything works just fine except for the displayport port on my GTX 680, had to switch to using the HDMI port.

FV works perfectly, just as before.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.