You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

MacBook Pro 2016, TouchID and FileVault

Has anyone managed to get TouchID and FileVault to work on a MacBook Pro 2016?


I commissioned a new MacBook Pro 2016 to replace my MacBook Pro 2014.


My old machine did not have FileVault enabled and it had automatic login enabled. When I used Migration Assistant to transfer my files to my new machine, I took the opportunity to enable FileVault on the new machine.


I found that on my new machine, I wasn't able to use TouchID because it claimed Automatic Login was enabled. However, when I went to System Settings / Users & Groups / Login Options, Automatic Login was clearly shown as off, and indeed locked off (because FileVault was on).


I eventually realised that I needed to switch FileVault off, to re-enable the Automatic Login switch, then toggle the switch to off. I did that and it worked. I enrolled three fingers into TouchID and all was well.


Until I switched FileVault on again.


Then, I discovered that TouchID had no fingerprints registered for me. Fair enough, I would enrol some new ones. Unfortunately, when I tried to enrol new fingerprints I got the message "Fingerprint limit reached.".


I thought perhaps there were some ghost fingerprints hidden by FileVault that I could exorcise. So I disabled FileVault, re-enrolled my fingerprints and deleted them all, hoping to somehow clear the registry of fingerprints. I then switched FileVault on again.


Still no luck. With FileVault enabled, TouchID reported "Fingerprint limit reached", although no fingerprints were shown registered. So, off with FileVault again.


At present, I have my new Mac (which, in spite of the problem above, I'm enjoying immensely), but I have not found a way of using FileVault and TouchID at the same time.


p.s. This has been a painful process. I have c. 1 TB of data so switching FileVault on or off takes a few hours each way. Moreover, I can't quite believe that sweeping all those files several times won't have left them untouched. I'm currently having to rebuild my mail database and re-index spotlight, having found the index was missing files and mail was missing messages. I hope these last symptoms aren't related.


p.p.s. I have no particular need to encrypt my files with FileVault, I'm only concerned that if I don't enable FileVault, someone else might, and so lock me out of my data.

MacBook Pro with Retina display, macOS Sierra (10.12.1)

Posted on Nov 24, 2016 4:54 PM

Reply
Question marked as Top-ranking reply

Posted on Nov 24, 2016 6:13 PM

I'm using FileVault and Touch ID on my 2016 MacBook Pro with no problems. I didn't use Migration Assistant and I turned FileVault on before manually moving files from an external hard drive. I use FileVault in case the MacBook is ever stolen; it doesn't have anything extremely sensitive but does have things like income tax returns with social security numbers, etc.

Sorry that I don't have any suggestions or help to offer other than the fact that it does work with Touch ID.

11 replies
Question marked as Top-ranking reply

Nov 24, 2016 6:13 PM in response to Tim Jervis

I'm using FileVault and Touch ID on my 2016 MacBook Pro with no problems. I didn't use Migration Assistant and I turned FileVault on before manually moving files from an external hard drive. I use FileVault in case the MacBook is ever stolen; it doesn't have anything extremely sensitive but does have things like income tax returns with social security numbers, etc.

Sorry that I don't have any suggestions or help to offer other than the fact that it does work with Touch ID.

Nov 25, 2016 9:57 PM in response to FoxFifth

Many thanks for taking the time to reply.


I think there might be a problem with my particular path of:


  1. Machine 1: setup with Automatic Login + no FileVault
  2. Machine 2: new, uninitialised
  3. Machine 2: startup, Migration Assistant from Machine 1, switching on FileVault
  4. Machine 2: Touch ID not available (perhaps due to ghost setting for Automatic Login)
  5. Machine 2: switch off FileVault
  6. Machine 2: TouchID available. Enrol fingerprints
  7. Machine 2: switch on FileVault
  8. Machine 2: Touch ID not available, no fingerprints enrolled, not able to enrol new fingerprints
  9. Machine 2: switch off FileVault. Touch ID available. Enrol fingerprints.


Perhaps if Automatic Login had been disabled on Machine 1 above, as a new step 1.5, then TouchID would have worked in step 4.

Dec 1, 2016 9:16 PM in response to pupkinpie2

Hi there - thanks for the news but unfortunately I tried this already and it failed at step 4.


The only thing different from your procedure in my case was that there were no fingerprints registered when I tried to follow step 1, "Disable and delete all Touch ID fingerprints", with FileVault on. In effect, it was already deleted and disabled.


I presume your procedure worked in your case, but can you please confirm? Was there anything else you think might have been relevant in your 3 hour session?

Dec 3, 2016 10:06 AM in response to Tim Jervis

I'm waiting to hear good results on this question before buying a 2016 MBP. I've also read about graphics issues when using FileVault.


I've used FileVault for many years, first at work and now on my older MBP. @pupkinpie2 suggested waiting until FV had finished encrypting. On my 2011 MBP, it can take more than a few hours for this process to finish. The best way to make sure it's finished is to use the Terminal and run the following command:


>diskutil cs list (or diskutil coreStorage list)


You'll get something similar to this:


+-- Logical Volume Group 70B9016C-B8CD-4078-945F-334216F898C8

=========================================================

Name: MacHD

Status: Online

Size: 499999997952 B (500.0 GB)

Free Space: 18907136 B (18.9 MB)

|

+-< Physical Volume 8E98EFA7-A062-4137-A557-457B4FEE090C

| ----------------------------------------------------

| Index: 0

| Disk: disk0s2

| Status: Online

| Size: 499999997952 B (500.0 GB)

|

+-> Logical Volume Family 8BBFC4B9-77A5-4363-91F0-A5BA44E9C6B4

----------------------------------------------------------

Encryption Type: AES-XTS

Encryption Status: Unlocked

Conversion Status: Complete

High Level Queries: Fully Secure

| Passphrase Required

| Accepts New Users

| Has Visible Users

| Has Volume Key

|

+-> Logical Volume 136EAE1D-3CF0-44BD-A341-D50DDD5A3DB8

---------------------------------------------------

Disk: disk2

Status: Online

Size (Total): 499628769280 B (499.6 GB)

Revertible: Yes (unlock and decryption required)

Revert Status: Reboot required

LV Name: MacHD

Volume Name: MacHD

Content Hint: Apple_HFS

Dec 3, 2016 3:14 PM in response to Tim Jervis

So far it seems to be working. Touch ID is working and File Vault is still enabled. I had to speak with a second tier tech though Apple Support (chat). Im assuming that since it went to this level their is some issue with data migration.


Personally it should be like your iPhone. Before you sync anything you set up Touch ID and File Vault, then data migrate. Apple makes data migration the first step.


It could also be that my old Macbook pro was from 2009.

Dec 28, 2016 7:05 AM in response to Surge74

Have you tried using TouchID during the first disk un-lock sequence? Right after powering your MBP on. Once on, TouchID shouldn't have an issue waking from sleep, I'm hoping it also works as the first logon. I would hope the Secure Enclave hardware is smart enough to be used at this point, otherwise FileVault might still not be secure even after Apple patched the latest issues.


I'd document your process and submit a bug report. Apple does read these. bugreport.apple.com Of course you need an ADC account, which I no longer have.

MacBook Pro 2016, TouchID and FileVault

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.