You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

In recovery mode, I cannot unlock Filevault2-encrypted Macintosh HD

Hello!


I boot with cmd-R to access recovery tools


If I try to reinstall Lion or do a "checkdisk", I have to unlock Macintosh HD first.


So the small popup appears and I enter my password


My password is refused. No way to unlock the encrypted Macintosh HD.


I know I type the right password because it is only 4 lowercase letters and the password is accepted when I boot in "normal" mode


Apple, please correct this bug as soon as possible!!


Anyone got this problem?

Mac OS X (10.7.1)

Posted on Sep 26, 2011 5:53 PM

Reply
15 replies

May 28, 2017 7:50 AM in response to yrbd007

Type the password using a "qwerty" equivalent keyboard.


So if you password is, say, "mac" on an azerty keyboard, then you should type "éqc" which is the equivalent of the "mac" keys on a "qwerty" or "qwertz" board.


If you use numbers, then on the azerty keyboard you should simply press the number keys without "shift", as on a qwerty/z keyboard there is no shift to access numbers.

Sep 26, 2011 6:56 PM in response to pieuvregentille

The object of Filevault is so that no access is possible via any other means except the secure path laid out with a fully running OS X to ensure your data is secure. This is a very secure and limited access state intentional to supply the security provided.


The Lion Recovery Partition is just a tiny program on a partition, the window asking for your password shouldn't have appeared at all.


If the Lion Recovery Partition allowed a unlocking of a Filevault drive, means that that code could be easily cloned, altered and used to crack any Mac with Filevault with a simple USB key. The government snoops would be screaming if they knew this was possible.


Filevault is a complete waste of time and effort for most users, it hogs CPU cycles, slows down one's machine and disables recovery options if OS X fails to boot as one can't decrypt the image and simply recover files using a alternative means (like Firewire Target Disk Mode for instance)


It's better for most users to leave Filevault alone and either use a Iron Key or individual file/folder encryption software on just the items they need.


This way if something goes wrong, the files are either off the machine or the drive can be accessed and the encrypted files/folders transferred to another Mac, decryption software installed and the correct password used to decrypt the files.


Military and Government parnoid level total drive encryption is overkill for most regular users needs as they don't access super secure networks that require it. And since most all of those super secure networks are not on the internet, makes it inaccessible to most users anyway.


Most users just need a folder or two encrypted, with the ability to move them to another comptuer, not their entire drives encrypted in a unmovable state.



Also the advatage of having something like a Iron Key is that one has the files off their computer and can easily and quickly dispose of the Iron Key in a rapid manner smashing it with a hard large rock for instance and spreading the pieces around at random, or burying it in the ground for another, try doing that with a computer. 😝


As if you don't already know, Apple is vulnerable to government influence, they certainly have complete access to Filevault no matter what Apple says.


A four character password?, heck I could crack that on my Mac in about 5 minutes.


So if your not super serious about protecting your data, just want to keep snoops at pay, do the file/folder encryption or Iron Key method instead of Filevault, don't be sorry later like your sorry now that you can't repair your drive permissions or access your drive if OS X fails to boot.

Sep 27, 2011 12:55 PM in response to ds store

ds store, if I can piggy-back on this thread...


I hear you regarding regular users probably shouldn't use FileVault for the reasons you articulate. However, since I'm new to Lion and want to understand FV and encryption, I've been experimenting and have some questions, if you would be so kind to respond.


I started with an external drive with clean SnoLo sys 10.6.8, formatted Extended (Journaled), paid my $29.99, downloaded Lion and installed, then cloned (super duper) to internal drive WDC 750GB (not Apple original). Booted no problems.


As a test I tried to encrypt but couldn't. Error message said wrong format, so reformatted Extended (Journaled, Encrypted), entered disk password, copied security key, re-cloned, rebooted the internal and logged in. No problems.


Tried to turn off encryption and got this error message: "Filevault failed. The target disk isn't eligible for reversion because it wasn't created by conversion or it is not part of a simple setup of exactly one logical volume and one physical volume".


As a test I tried unsuccessfully to boot into Recovery partition (cmd-R) but never could get recovery volume listed as a volume option. Note - Disk Utility confirmed encrypted volume, also I understand encryption not possible if no recovery volume present.


Any ideas what I'm doing wrong, thoughts?


TIA

Nov 12, 2011 8:11 AM in response to pieuvregentille

Hi, I guess the two previous comments weren't really helful for solving your issue.


I was also affected by this problem, the reason is that I use an azerty keyboard and the password prompt dialog has a bug that makes it ignore your keyboard layout, so if your password has characters like a,z,q,w or digits you'll have to substitute letters to match a qwerty layout (a - q, z - w, typing numbers without holding the shift key)


Cheers,


F.

Feb 12, 2012 12:14 AM in response to pieuvregentille

ok the workaround to this filevault password BUG is to unlock the disk manually using the Terminal.


So while in Recovery Mode, open Terminal , locate the logical UUID (example: 111111-2222-3333-444444444444 ) of the disk to unlock.


"diskutil coreStorage list" will give you the UUID. After that you can unlock the drive with:


"diskutil coreStorage unlockVolume <YOUR_UUID>"


You will be asked for the Filevault password and yes, this prompt will accept your passwd if you type it right, at least you can test and see what you type in terminal while not in the password prompt.


Your drive will now be unlocked. You can now proceed with menus to reinstall Lion, reinstall from Time Machine, or use the Disk Utility......


Apple: Please fix the BUG!!!!

May 17, 2014 5:09 AM in response to pieuvregentille

This bug is still there in Mavericks 10.9.2! Unbelievable. I start disk utility in recovery mode, select unlock disk, enter the *correct* passphrase (yes, I know the keyboard layout issue, it always switches back to US, another still (!!) unfixed bug), not accepted. Workaround in the terminal as suggested.


@ds store: The code to unlock the disk could just as well be open source, encryption/security is not based on open or closed source/algorithms/techniques, but on the math behid it and the passphrase, that determines the security. Also, there is a very good use case for full disk encryption for most users. With full disk encryption you don't have to worry about what to encrypt and what not to encrypt, don't have to worry about /tmp etc., simply everything all is encrypted. And the moment you have a mobile device like a MacBook, you do want encryption.


So Apple better makes sure all things also work fine with full disk encryption enabled. "People should not use it" is no excuse for anything.

In recovery mode, I cannot unlock Filevault2-encrypted Macintosh HD

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.