Password on boot Disk Encryption no more on Mojave need help

[PLBossman]

Hello everybody

I had installed High Sierra with ColdStorage Encryption Disk, I had different password for decrypting hard drive and different password for User. It was done with intention, i need extra level of security as my user password is not so strong as decryption password. That was my logic and i liked it.

When i upgraded to Mojave i have lost possibility to login to system, i had to research on forums, go into recovery system, decrypt coldstorage partition with properly working (old password), restart recovery and MacOS finally let me in. Then i have enabled FileVault2 again in hope i can setup new password so i could stay with same logic like on High Sierra - but i was wrong.

Now my user password decrypt filevault password and let system login without asking for encryption password.

Can anyone tell me is it possible to split filevault and user password so MacOs would ask for two different passwords on boot time ?, i would not want to reinstall MacOS again to change that, i have terminal skills so no problem to write couple commands.

Do you think it is possible ?

 

[donawalt]

@PLBossman read this thread, I kind of stumbled on a way that might work. It appears that if you wipe/format the disk fresh, encrypt it first with a password, THEN install MacOS on it, you will have two passwords. When you do that first encrypt before MacOS is on it, it will ask for a Disk Password. Then, once you set up MacOS and add a user, it will ask for a user password. As you can see from my referenced thread, I did not want what you would like to have - I had a Disk password screen come up, THEN the login screen.

See if this helps!

 

[PLBossman]

donawalt Thanks for answering me...

Yes that is the idea, i have done that in the first place. Now i remember i have formatted drive to encrypted partition then i installed Macos, but formating drive as encrypted drive, setting password was a part of MacOS installation, then later in installation i had a question - "Do i want user XXX" to unlock drive. If i would click that, Installation process would allow this user to unlock drive and i would need to provide only one password when login in, like i have now. I am interested how to revert process so Macos will ask for Disk pasword and then user would have to login with his own password, all that without formatting drive i wonder if that is possible maybe via recovery and terminal ?

Wondering.....

 

[donawalt]

It seems to me it links users to unlocking the encrypted drive, if you read that thread I linked. By encrypting before MacOS is setup there are no users to link - hence it has to create a separate disk password. In my case, my user account was specifically not linked to the drive, hence why I got a Disk password and a Login every time I rebooted. There may be other ways...if you research the utility mentioned in that thread, sudo fdesetup does allow you to remove a user from the list - whether it allows you to remove the last user I do not know. You could try that. But make sure you have a good backup first in case you lock out of your disk.

 

[PLBossman]

Thanks