Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

IS there a way to force enable FV in Mojave

D

dgarratt

macrumors member
Original poster
Jul 16, 2012
42
8
Is there a way to force enable FileVault in Mojave with boot screen capable GPU installed?
 
dgarratt said:
Thanks share sharing these links tsialex. It's great to hear there is a work around!

Do you know if the bug that was preventing clean install with the GTX 680 has been resolved in 10.14.1?
Click to expand...
Nope, USB install has the same problem. You still have to install from macOS.
 
I don't know if W1SS ever re-tested this, but my experience was that the method he posted did not work via a createusbinstall USB drive. The installer popped up an error when trying to install to an encrypted drive. My experience was that you must use the dosdude1 Mojave patcher to make your USB. That will bypass both the GTX 680 bug and the built-in prohibition on installing Mojave to an encrypted disk in the cMP. If you search this forum for FileVault it should pick up a thread from another user who tested this exact scenario a few weeks ago.

Also, there are some differences in usability with that method compared to "true" FileVault as we know it. Because you are encrypting the disk before install you end up creating a "Disk Password", and that what you must enter before each boot, then after macOS boots you'll have to enter the password for your user account. In comparison, when FileVault is set up the normal way, each user can unlock the disk with his or her user password (and then there is only that one password entry screen). In addition, when set up the normal way, the recovery key gets stored in iCloud (or can be if you choose that option). Those options don't appear to be available when you encrypt the disk before install.

One other workaround (though untested, it should work) if you have another Mac and a USB enclosure would be to connect your Mojave disk to another Mac and boot from it. Then enable FileVault the normal way (which should be allowed because only cMPs are prohibited from enabling it), let it finish encrypting. Then transfer it back to your cMP. That method should result in "normal" FileVault where you can use your user accounts to unlock the disk.

If you or anyone else ends up testing that process please post back and let us know how it went.
 
bookemdano said:
I don't know if W1SS ever re-tested this, but my experience was that the method he posted did not work via a createusbinstall USB drive. The installer popped up an error when trying to install to an encrypted drive. My experience was that you must use the dosdude1 Mojave patcher to make your USB. That will bypass both the GTX 680 bug and the built-in prohibition on installing Mojave to an encrypted disk in the cMP. If you search this forum for FileVault it should pick up a thread from another user who tested this exact scenario a few weeks ago.

Also, there are some differences in usability with that method compared to "true" FileVault as we know it. Because you are encrypting the disk before install you end up creating a "Disk Password", and that what you must enter before each boot, then after macOS boots you'll have to enter the password for your user account. In comparison, when FileVault is set up the normal way, each user can unlock the disk with his or her user password (and then there is only that one password entry screen). In addition, when set up the normal way, the recovery key gets stored in iCloud (or can be if you choose that option). Those options don't appear to be available when you encrypt the disk before install.

One other workaround (though untested, it should work) if you have another Mac and a USB enclosure would be to connect your Mojave disk to another Mac and boot from it. Then enable FileVault the normal way (which should be allowed because only cMPs are prohibited from enabling it), let it finish encrypting. Then transfer it back to your cMP. That method should result in "normal" FileVault where you can use your user accounts to unlock the disk.

If you or anyone else ends up testing that process please post back and let us know how it went.
Click to expand...

Nice writeup, I just want to add one thing, people may not think of, or be aware of.

IF YOU SAVE YOUR FILEVAULT PASSWORD TO iCloud AND THE GOVERNMENT ASKS APPLE FOR IT, APPLE WILL HAND IT OVER TO THEM.

Maybe a small thing, and if the government has physical access to your FV drive, i.e. they come to your house and seize your computer, they will get into your data if they want to spend the time and money on it.

I just prefer not to make it easy for them, and to have Apple tell them I didn't save it to iCloud, so they can't be compelled to turn over what they don't have.

I just wish my FV password was not the same as my user password. I'd rather not type a long string every time I need to use sudo.
 
  • Like
Reactions: orph
DearthnVader said:
Nice writeup, I just want to add one thing, people may not think of, or be aware of.

IF YOU SAVE YOUR FILEVAULT PASSWORD TO iCloud AND THE GOVERNMENT ASKS APPLE FOR IT, APPLE WILL HAND IT OVER TO THEM.

Maybe a small thing, and if the government has physical access to your FV drive, i.e. they come to your house and seize your computer, they will get into your data if they want to spend the time and money on it.

I just prefer not to make it easy for them, and to have Apple tell them I didn't save it to iCloud, so they can't be compelled to turn over what they don't have.

I just wish my FV password was not the same as my user password. I'd rather not type a long string every time I need to use sudo.
Click to expand...

Then you would be a perfect candidate for the method that encrypts the disk prior to OS install. That does indeed get you a different FV password than your user password and you can be reasonably assured that the recovery key is not in iCloud. ;)
 
  • Like
Reactions: HappyInAustralia and DearthnVader
bookemdano said:
Then you would be a perfect candidate for the method that encrypts the disk prior to OS install. That does indeed get you a different FV password than your user password and you can be reasonably assured that the recovery key is not in iCloud. ;)
Click to expand...

Thanks, I'll look into it when I move to Mojave.
 
bookemdano said:
I don't know if W1SS ever re-tested this, but my experience was that the method he posted did not work via a createusbinstall USB drive. The installer popped up an error when trying to install to an encrypted drive. My experience was that you must use the dosdude1 Mojave patcher to make your USB. That will bypass both the GTX 680 bug and the built-in prohibition on installing Mojave to an encrypted disk in the cMP. If you search this forum for FileVault it should pick up a thread from another user who tested this exact scenario a few weeks ago.

Also, there are some differences in usability with that method compared to "true" FileVault as we know it. Because you are encrypting the disk before install you end up creating a "Disk Password", and that what you must enter before each boot, then after macOS boots you'll have to enter the password for your user account. In comparison, when FileVault is set up the normal way, each user can unlock the disk with his or her user password (and then there is only that one password entry screen). In addition, when set up the normal way, the recovery key gets stored in iCloud (or can be if you choose that option). Those options don't appear to be available when you encrypt the disk before install.

One other workaround (though untested, it should work) if you have another Mac and a USB enclosure would be to connect your Mojave disk to another Mac and boot from it. Then enable FileVault the normal way (which should be allowed because only cMPs are prohibited from enabling it), let it finish encrypting. Then transfer it back to your cMP. That method should result in "normal" FileVault where you can use your user accounts to unlock the disk.

If you or anyone else ends up testing that process please post back and let us know how it went.
Click to expand...

Thanks for the detailed explanation bookemdano.

I have done clean installs before on an encrypted disk and because I'm the only on who uses the MacPro this method is fine for me.

I think I'll follow your suggestion to use dosdude's patch to do a clean install given i'm affected by the GTX 680 bug anyway.

Will let you know how I get on.
 
Both USB creation methods work fine with my GTX 780, which was what my FV enabling method was based on, but not the 680 for some reason and I am guessing it is due to the reported bug.
 
Last edited:
bookemdano said:
Then you would be a perfect candidate for the method that encrypts the disk prior to OS install. That does indeed get you a different FV password than your user password and you can be reasonably assured that the recovery key is not in iCloud. ;)
Click to expand...
I think it's a ridiculous choice by Apple to have the two passwords the same by default, unless you've had the mind to encrypt first. I have a 30+ character FDE password, but I don't want to be typing it in twenty times a day to install software.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back