IS there a way to force enable FV in Mojave

Discussion in 'Mac Pro' started by dgarratt, Oct 30, 2018.

  1. dgarratt macrumors member

    Joined:
    Jul 16, 2012
    #1
    Is there a way to force enable FileVault in Mojave with boot screen capable GPU installed?
     
  2. DearthnVader macrumors 6502a

    DearthnVader

    Joined:
    Dec 17, 2015
    Location:
    Red Springs, NC
    #2
    I haven't made the switch from HS yet, did Apple remove FV from the security control panel?

    Maybe for disk encryption we need a T2 based Mac now?
     
  3. tsialex macrumors 601

    tsialex

    Joined:
    Jun 13, 2016
    Location:
    Brazil
    #3
    Yes, Apple removed since a lot of Mac Pros 5,1 don't have Mac EFI GPUs now.

    You can still manually encrypt disks, so no T2 needed.
     
  4. DearthnVader macrumors 6502a

    DearthnVader

    Joined:
    Dec 17, 2015
    Location:
    Red Springs, NC
    #4
    That seems awful stupid of Apple.

    How do we manually encrypt a disk?
     
  5. tsialex, Oct 31, 2018
    Last edited: Oct 31, 2018

    tsialex macrumors 601

    tsialex

    Joined:
    Jun 13, 2016
    Location:
    Brazil
    #5
  6. dgarratt thread starter macrumors member

    Joined:
    Jul 16, 2012
    #6
  7. tsialex macrumors 601

    tsialex

    Joined:
    Jun 13, 2016
    Location:
    Brazil
    #7
    Nope, USB install has the same problem. You still have to install from macOS.
     
  8. bookemdano macrumors 65816

    Joined:
    Jul 29, 2011
    #8
    I don't know if W1SS ever re-tested this, but my experience was that the method he posted did not work via a createusbinstall USB drive. The installer popped up an error when trying to install to an encrypted drive. My experience was that you must use the dosdude1 Mojave patcher to make your USB. That will bypass both the GTX 680 bug and the built-in prohibition on installing Mojave to an encrypted disk in the cMP. If you search this forum for FileVault it should pick up a thread from another user who tested this exact scenario a few weeks ago.

    Also, there are some differences in usability with that method compared to "true" FileVault as we know it. Because you are encrypting the disk before install you end up creating a "Disk Password", and that what you must enter before each boot, then after macOS boots you'll have to enter the password for your user account. In comparison, when FileVault is set up the normal way, each user can unlock the disk with his or her user password (and then there is only that one password entry screen). In addition, when set up the normal way, the recovery key gets stored in iCloud (or can be if you choose that option). Those options don't appear to be available when you encrypt the disk before install.

    One other workaround (though untested, it should work) if you have another Mac and a USB enclosure would be to connect your Mojave disk to another Mac and boot from it. Then enable FileVault the normal way (which should be allowed because only cMPs are prohibited from enabling it), let it finish encrypting. Then transfer it back to your cMP. That method should result in "normal" FileVault where you can use your user accounts to unlock the disk.

    If you or anyone else ends up testing that process please post back and let us know how it went.
     
  9. DearthnVader macrumors 6502a

    DearthnVader

    Joined:
    Dec 17, 2015
    Location:
    Red Springs, NC
    #9
    Nice writeup, I just want to add one thing, people may not think of, or be aware of.

    IF YOU SAVE YOUR FILEVAULT PASSWORD TO iCloud AND THE GOVERNMENT ASKS APPLE FOR IT, APPLE WILL HAND IT OVER TO THEM.

    Maybe a small thing, and if the government has physical access to your FV drive, i.e. they come to your house and seize your computer, they will get into your data if they want to spend the time and money on it.

    I just prefer not to make it easy for them, and to have Apple tell them I didn't save it to iCloud, so they can't be compelled to turn over what they don't have.

    I just wish my FV password was not the same as my user password. I'd rather not type a long string every time I need to use sudo.
     
  10. bookemdano macrumors 65816

    Joined:
    Jul 29, 2011
    #10
    Then you would be a perfect candidate for the method that encrypts the disk prior to OS install. That does indeed get you a different FV password than your user password and you can be reasonably assured that the recovery key is not in iCloud. ;)
     
  11. DearthnVader macrumors 6502a

    DearthnVader

    Joined:
    Dec 17, 2015
    Location:
    Red Springs, NC
    #11
    Thanks, I'll look into it when I move to Mojave.
     
  12. dgarratt thread starter macrumors member

    Joined:
    Jul 16, 2012
    #12
    Thanks for the detailed explanation bookemdano.

    I have done clean installs before on an encrypted disk and because I'm the only on who uses the MacPro this method is fine for me.

    I think I'll follow your suggestion to use dosdude's patch to do a clean install given i'm affected by the GTX 680 bug anyway.

    Will let you know how I get on.
     
  13. W1SS, Nov 1, 2018
    Last edited: Nov 1, 2018

    W1SS macrumors 6502

    W1SS

    Joined:
    Aug 20, 2013
    #13
    Both USB creation methods work fine with my GTX 780, which was what my FV enabling method was based on, but not the 680 for some reason and I am guessing it is due to the reported bug.
     
  14. StellarVixen macrumors 68000

    StellarVixen

    Joined:
    Mar 1, 2018
    Location:
    Earth
    #14
    If I was in your shoes, people, I would just use VeraCrypt.
     

Share This Page

13 October 30, 2018