User profile for user: lmiao
lmiao Author
User level: Level 1
9 points

Prohibit symble after Mojave minor update, and cannot type password to unlock disk during reinstall (unlock iCloud Recovery User)

timeline

  1. at the end of 2014: purchased this macbook pro 15" , created user A and started using.
  2. around 2015~2016, enabled FileVault after a major update (Sierra?).
  3. july 2019, updated to mojave and then created user B (also admin). till now, everything was ok.
  4. septermber 2019, the system pushed a minor update (a version of 10.14.6?), and I clicked "update now" under user B. it popped up a prompt saying that another user (user A) has logged in, but I clicked ignore and proceeded with the upgrade.
  5. after a reboot, the screen shows a prohibit symbol and stopped at booting.


solutions tried and failed

Tried the following after all sets of PRAM reset, SMC reset, etc..

1) tried to start a reinstall follow the official HT204904(press command-R or option-command-R at boot), but when it comes to unlock the disk cannot input password, same problem discribed as in this thread. the keyboard, mouse and touchpad worked fine, but i just cannot click or focus on or input anything in the input password box. video can be seen here https://www.youtube.com/watch?v=9BDf566nUA0

2) press command-v at boot to check detailed log. it shows error info:

BiuldUser(): error building a user of type 0x20010008
ERROR: no panel or special users!
No CSFDE users processed
...
ERROR!!! Load prelinked kernel with status 0x800000000000000e
Error loading kernel cache (0xe)


3) tried diskutil referred by online solutions (1, 2, 3). the problem here is there is not any things like personal recovery user. there are two Cryptographic users found:

+-- ID1
|   Type: iCloud Recovery User
|   Note: Unlock with iCloud account data + iCloud Recovery External Key data
|
+-- ID2
    Type: iCloud Recovery External Key
    Note: Stores partial credentials for the iCloud Recovery User



I tried all passwords I know (diskutil apfs decryptVolume -user), but none went through.


It seems that the updating program failed to handle encryption data. It is kind of ridiculous that a small update can crash the whole system (that cannot be recovered).

Too bad I do not have a recent backup for this computer, so I don't want to erase the disk. How can I restore/reinstall without erasing the disk? How can I unlock with iCloud account data + iCloud Recovery External Key data?


MacBook Pro 15", macOS 10.14

Posted on Nov 16, 2019 10:39 AM

Reply

Similar questions

3 replies
User profile for user: lmiao
lmiao Author
User level: Level 1
9 points

Jan 5, 2020 12:33 AM in response to avarabei

Thank you avarabe! Resetting password saved my data! Although it does not solve the whole problem.


I did the "resetpassword" and it did unlocked the disk and was able to reinstall the OS before restarting. However, when it came to a restart after finishing reinstall, the forbid symbol shows again. Then I did the resetpassword again, and get the drive unlocked. Then I was able to cd into /Volume/Users and copy my personal data into a external drive.


I think the volume should be decrypted before. I tried diskutil apfs decryptVolume, and it asked for 'passphrase for existing "Disk" user', I put the renewed password and it says 'The crypto user was not found on the APFS volume (-69594)'. I tried diskutil apfs decryptVolume -user but none of the passwords worked.


From this reddit post, I think the mechanism is like this:

  • My mac has a setup with two admins, and the first one got created with a secure token authentication setup, while the second one did not. So I was able to do the upgrade under the second admin, but after the restart, the system failed to boot because it cannot unlock the disk.
  • When I did the resetpassword in terminal, it logged in with a "Disk" user and unlocked the disk with the new password. However, only the original user(s?) can decrypt the volume, not the Disk user.

So, if I want to restore the system without wiping the disk, I need to decrypt the APFS volume before the reinstall.


Reply
User profile for user: avarabei
avarabei
User level: Level 1
4 points

Dec 24, 2019 3:15 PM in response to avarabei

After several nights of search and investigation, finally, I found the solution https://derflounder.wordpress.com/2019/01/15/unlock-or-decrypt-your-filevault-encrypted-boot-drive-from-the-command-line-on-macos-mojave/


The key part was from MedTekni he suggested the following:


1. Enter recovery mode (CMD + R)

2. Open terminal

3. Enter “resetpassword”

4. Wait for the reset password dialogue to open.

5. Chose “I forgot my password” and go through the dialogue. When you are at the end, DO NOT restart the computer. Go in the left corner and click Disk Utility.

6. The disk is now open. You CMD + Q the DIsk Utility window and reinstall the OS if desired.


Also I removed bad kext files according to this https://apple.stackexchange.com/questions/317149/osx-prohibited-symbol-on-boot-high-sierra-update-caused


This helped me to mount the device and re-run installation process again.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Prohibit symble after Mojave minor update, and cannot type password to unlock disk during reinstall (unlock iCloud Recovery User)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up