IS there a way to force enable FV in Mojave

dgarratt

macrumors member
Original poster
Jul 16, 2012
42
8
Is there a way to force enable FileVault in Mojave with boot screen capable GPU installed?
 

dgarratt

macrumors member
Original poster
Jul 16, 2012
42
8

tsialex

macrumors 604
Jun 13, 2016
7,859
8,483
Brazil
Thanks share sharing these links tsialex. It's great to hear there is a work around!

Do you know if the bug that was preventing clean install with the GTX 680 has been resolved in 10.14.1?
Nope, USB install has the same problem. You still have to install from macOS.
 

bookemdano

macrumors 65816
Jul 29, 2011
1,318
744
I don't know if W1SS ever re-tested this, but my experience was that the method he posted did not work via a createusbinstall USB drive. The installer popped up an error when trying to install to an encrypted drive. My experience was that you must use the dosdude1 Mojave patcher to make your USB. That will bypass both the GTX 680 bug and the built-in prohibition on installing Mojave to an encrypted disk in the cMP. If you search this forum for FileVault it should pick up a thread from another user who tested this exact scenario a few weeks ago.

Also, there are some differences in usability with that method compared to "true" FileVault as we know it. Because you are encrypting the disk before install you end up creating a "Disk Password", and that what you must enter before each boot, then after macOS boots you'll have to enter the password for your user account. In comparison, when FileVault is set up the normal way, each user can unlock the disk with his or her user password (and then there is only that one password entry screen). In addition, when set up the normal way, the recovery key gets stored in iCloud (or can be if you choose that option). Those options don't appear to be available when you encrypt the disk before install.

One other workaround (though untested, it should work) if you have another Mac and a USB enclosure would be to connect your Mojave disk to another Mac and boot from it. Then enable FileVault the normal way (which should be allowed because only cMPs are prohibited from enabling it), let it finish encrypting. Then transfer it back to your cMP. That method should result in "normal" FileVault where you can use your user accounts to unlock the disk.

If you or anyone else ends up testing that process please post back and let us know how it went.
 

DearthnVader

macrumors 65816
Dec 17, 2015
1,146
5,735
Red Springs, NC
I don't know if W1SS ever re-tested this, but my experience was that the method he posted did not work via a createusbinstall USB drive. The installer popped up an error when trying to install to an encrypted drive. My experience was that you must use the dosdude1 Mojave patcher to make your USB. That will bypass both the GTX 680 bug and the built-in prohibition on installing Mojave to an encrypted disk in the cMP. If you search this forum for FileVault it should pick up a thread from another user who tested this exact scenario a few weeks ago.

Also, there are some differences in usability with that method compared to "true" FileVault as we know it. Because you are encrypting the disk before install you end up creating a "Disk Password", and that what you must enter before each boot, then after macOS boots you'll have to enter the password for your user account. In comparison, when FileVault is set up the normal way, each user can unlock the disk with his or her user password (and then there is only that one password entry screen). In addition, when set up the normal way, the recovery key gets stored in iCloud (or can be if you choose that option). Those options don't appear to be available when you encrypt the disk before install.

One other workaround (though untested, it should work) if you have another Mac and a USB enclosure would be to connect your Mojave disk to another Mac and boot from it. Then enable FileVault the normal way (which should be allowed because only cMPs are prohibited from enabling it), let it finish encrypting. Then transfer it back to your cMP. That method should result in "normal" FileVault where you can use your user accounts to unlock the disk.

If you or anyone else ends up testing that process please post back and let us know how it went.
Nice writeup, I just want to add one thing, people may not think of, or be aware of.

IF YOU SAVE YOUR FILEVAULT PASSWORD TO iCloud AND THE GOVERNMENT ASKS APPLE FOR IT, APPLE WILL HAND IT OVER TO THEM.

Maybe a small thing, and if the government has physical access to your FV drive, i.e. they come to your house and seize your computer, they will get into your data if they want to spend the time and money on it.

I just prefer not to make it easy for them, and to have Apple tell them I didn't save it to iCloud, so they can't be compelled to turn over what they don't have.

I just wish my FV password was not the same as my user password. I'd rather not type a long string every time I need to use sudo.
 
  • Like
Reactions: orph

bookemdano

macrumors 65816
Jul 29, 2011
1,318
744
Nice writeup, I just want to add one thing, people may not think of, or be aware of.

IF YOU SAVE YOUR FILEVAULT PASSWORD TO iCloud AND THE GOVERNMENT ASKS APPLE FOR IT, APPLE WILL HAND IT OVER TO THEM.

Maybe a small thing, and if the government has physical access to your FV drive, i.e. they come to your house and seize your computer, they will get into your data if they want to spend the time and money on it.

I just prefer not to make it easy for them, and to have Apple tell them I didn't save it to iCloud, so they can't be compelled to turn over what they don't have.

I just wish my FV password was not the same as my user password. I'd rather not type a long string every time I need to use sudo.
Then you would be a perfect candidate for the method that encrypts the disk prior to OS install. That does indeed get you a different FV password than your user password and you can be reasonably assured that the recovery key is not in iCloud. ;)
 

DearthnVader

macrumors 65816
Dec 17, 2015
1,146
5,735
Red Springs, NC
Then you would be a perfect candidate for the method that encrypts the disk prior to OS install. That does indeed get you a different FV password than your user password and you can be reasonably assured that the recovery key is not in iCloud. ;)
Thanks, I'll look into it when I move to Mojave.
 

dgarratt

macrumors member
Original poster
Jul 16, 2012
42
8
I don't know if W1SS ever re-tested this, but my experience was that the method he posted did not work via a createusbinstall USB drive. The installer popped up an error when trying to install to an encrypted drive. My experience was that you must use the dosdude1 Mojave patcher to make your USB. That will bypass both the GTX 680 bug and the built-in prohibition on installing Mojave to an encrypted disk in the cMP. If you search this forum for FileVault it should pick up a thread from another user who tested this exact scenario a few weeks ago.

Also, there are some differences in usability with that method compared to "true" FileVault as we know it. Because you are encrypting the disk before install you end up creating a "Disk Password", and that what you must enter before each boot, then after macOS boots you'll have to enter the password for your user account. In comparison, when FileVault is set up the normal way, each user can unlock the disk with his or her user password (and then there is only that one password entry screen). In addition, when set up the normal way, the recovery key gets stored in iCloud (or can be if you choose that option). Those options don't appear to be available when you encrypt the disk before install.

One other workaround (though untested, it should work) if you have another Mac and a USB enclosure would be to connect your Mojave disk to another Mac and boot from it. Then enable FileVault the normal way (which should be allowed because only cMPs are prohibited from enabling it), let it finish encrypting. Then transfer it back to your cMP. That method should result in "normal" FileVault where you can use your user accounts to unlock the disk.

If you or anyone else ends up testing that process please post back and let us know how it went.
Thanks for the detailed explanation bookemdano.

I have done clean installs before on an encrypted disk and because I'm the only on who uses the MacPro this method is fine for me.

I think I'll follow your suggestion to use dosdude's patch to do a clean install given i'm affected by the GTX 680 bug anyway.

Will let you know how I get on.
 

w1z

Contributor
Aug 20, 2013
588
402
Both USB creation methods work fine with my GTX 780, which was what my FV enabling method was based on, but not the 680 for some reason and I am guessing it is due to the reported bug.
 
Last edited:

HappyInAustralia

macrumors newbie
Aug 22, 2019
9
1
Australia
Then you would be a perfect candidate for the method that encrypts the disk prior to OS install. That does indeed get you a different FV password than your user password and you can be reasonably assured that the recovery key is not in iCloud. ;)
I think it's a ridiculous choice by Apple to have the two passwords the same by default, unless you've had the mind to encrypt first. I have a 30+ character FDE password, but I don't want to be typing it in twenty times a day to install software.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.