Home > FileVault 2, Mac administration, Mac OS X > Unlock or decrypt your FileVault 2-encrypted boot drive from the command line

Unlock or decrypt your FileVault 2-encrypted boot drive from the command line

In addition to using Disk Utility, you can also use the command line to unlock or decrypt a FileVault 2-encrypted drive. In order to make sure it all works, I recommend that you use the Recovery HD partition or the Recovery HD partition cloned onto an external drive. See below the jump for the procedure.



Update – June 11, 2013: As of Mac OS X 10.8.4, you will need to unlock the encrypted volume first, then you will be able to decrypt it. See this post for details.




Update – April 27, 2014: If you are working with a Fusion Drive, do not use the decryption instructions included with this post. See this post for how to unlock or decrypt a Fusion drive.




Update – August 11, 2014: Problems have been found when decrypting from Mavericks’ Recovery HD. See this post for a description of the problem and available workarounds.


To start with, you will need to identify the Logical Volume UUID of the encrypted drive using the diskutil corestorage list command:


diskutil corestorage list


diskutil_corestorage_list

Running that command will give you a listing of all Core Storage volumes. To help identify what you’re looking for, I’ve highlighted the UUID of the encrypted drive in this example:

Screen Shot 2011-06-25 at 10.54.27 AM

Once you have the UUID, you can then either unlock or unencrypt the encrypted volume using the following commands.

Using the password of an authorized account on the command line

To unlock: diskutil corestorage unlockVolume UUID -stdinpassphrase


Screen Shot 2011-06-25 at 9.16.15 AM

The -stdinpassphrase flag will cause the command to prompt you for the password/passphrase of an account that’s authorized to unlock the encryption.

If successful, the drive will unlock and mount. You should see output similar to that shown below.

Screen Shot 2011-06-25 at 9.16.25 AM

Once you’ve unlocked the disk, you can then revert it back from being an encrypted volume.

To decrypt: diskutil corestorage revert UUID -stdinpassphrase

Screen Shot 2011-06-25 at 11.17.33 AM

You’ll be prompted for the password/passphrase of an account that’s authorized to unlock the encryption. Once provided, decryption of the encrypted volume will begin.

To track its progress, you can use the diskutil corestorage list command. To help identify the decryption status, I’ve highlighted the relevant sections to check in the list.

Screen Shot 2011-06-25 at 11.19.08 AM

Once the drive has been completely decrypted, it will no longer be listed as a CoreStorage volume by diskutil corestorage list. In Disk Utility, it should appear as a normal hard drive.

Using the FileVault 2-generated individual recovery key on the command line

If you don’t have the password of any of the authorized accounts and you are not using an institutional recovery key with FileVaultMaster.keychain, you can use the FileVault 2-generated individual recovery key instead. The commands are mostly the same, but instead of using the -stdinpassphrase flag, you instead use -passphrase and enter the recovery key.

To unlock: diskutil corestorage unlockVolume UUID -passphrase recoverykey


Screen Shot 2011-06-25 at 2.03.35 PM

If successful, the drive will unlock and mount. You should see output similar to that shown below.

Screen Shot 2011-06-25 at 2.05.08 PM

Once you’ve unlocked the drive, you should also be able to unencrypt it using this command: diskutil corestorage revert UUID -passphrase recoverykey


Screen Shot 2011-06-25 at 2.11.34 PM


Using FileVaultMaster.keychain on the command line

At this time, it’s only possible to unlock or decrypt from the command line if you’re using a institutional recovery key that’s been set with FileVaultMaster.keychain. Here’s how you can unlock the encryption using an institutional recovery key with FileVaultMaster.keychain:

1. Copy your FileVaultMaster recovery keychain from the safe place your institution stored it in to a drive that you can access from Recovery HD.

2. Boot to the Recovery HD partition or the Recovery HD partition cloned onto an external drive.

3. Get the Logical Volume UUID of the encrypted drive by running diskutil corestorage list.

4. With the UUID information acquired, run the following command to unlock the FileVaultMaster.keychain:

security unlock-keychain /path/to/FileVaultMaster.keychain


Screen Shot 2011-08-06 at 10.33.55 AM

Once this command is run, you’ll need to enter your institution’s Master Password when prompted. If the password is accepted, you’ll be taken to the next prompt.

5. Run the following command to unlock the encrypted Core Storage volume on the encrypted Mac:

diskutil corestorage unlockVolume UUID -recoveryKeychain /path/to/FileVaultMaster.keychain

Screen Shot 2011-07-10 at 9.40.50 PM

6. You should then see output similar to the following:


Started CoreStorage operation
Logical Volume successfully unlocked
Logical Volume successfully attached as disk4
Logical Volume successfully mounted as /Volumes/Macintosh HD
Core Storage disk: disk4

At this point, with the disk unlocked and mounted, you should be able to recover your data using whatever tools you prefer.

Once you’ve unlocked the disk, you can also then decrypt the encrypted volume by running the following command:

diskutil corestorage revert UUID -recoveryKeychain /path/to/FileVaultMaster.keychain

Screen Shot 2011-07-10 at 9.40.50 PM

Once it’s decrypted, you should have full access to your hard disk’s data.

  1. January 17, 2012 at 11:42 pm

    Aww, the images, they be broken…

    • January 17, 2012 at 11:46 pm

      The images are loading for me. Please try reloading the page (or viewing from a different browser) and see if they’re showing up now.

  2. Karthikeyan M
    February 14, 2012 at 5:04 pm

    Hi,

    I am trying to decrypt the Filevault 2 volume. When I run “diskutil cs list”, it shows Logical Volume Group and Physical Volume UUID but it does not shows “Logical Volume UUID”…

    sh-3.2# diskutil cs list
    CoreStorage logical volume groups (1 found)
    |
    +– Logical Volume Group 237C72C9-59A0-4AA5-8FD2-D628B88B0E0F
    =========================================================
    Name: Mac OS X Lion
    Sequence: 1
    Free Space: 0 B (0 B)
    |
    +-< Physical Volume 7818D8D6-0DC0-48CC-B9B1-D7DB85DC3D99
    —————————————————-
    Index: 0
    Disk: disk0s5
    Status: Failed
    Size: 278845444096 B (278.8 GB)

    I am not able to find Logical Volume UUID… The filevault 2 enabled partition stopped booting suddenly …

    Any ideas?

    Thanks & Regards,
    Karthikeyan

    • tian
      October 19, 2014 at 9:45 pm

      In my case, I cannot find “Logical Volume UUID” too, simply because the volume is not a logical volume but a physical volume.

      Here is the solution has worked for me:
      1, Find the “Logical Volume Group UUID”, i.e., lvgUUID
      2, In terminal, diskutil coreStorage delete lvgUUID
      3, After that, the volume is reverted to normal disk, available for erasing and/or formatting.

      I don’t think data in the volume would be lost but I’m not sure. Losing data not a crucial point for me because they are backed up elsewhere.

      The solution is found here http://derflounder.wordpress.com/2011/11/23/using-the-command-line-to-unlock-or-decrypt-your-filevault-2-encrypted-boot-drive/

  3. February 14, 2012 at 5:16 pm

    Karthikeyan,

    From the diskutil output you’ve posted, it appears that your hard drive is having a problem. Is the FileVault 2 partition on its own separate hard drive, or is it on the same physical hard drive as another partition that’s working fine?

    If the FileVault 2 partition is the only one on the hard drive, the drive may be suffering a hardware failure.

    • Karthikeyan M
      February 14, 2012 at 5:24 pm

      I have three partition on a single hard drive. The remaining two partition works fine. Filevault2 partition is on the same hard drive thats working fine.

      sh-3.2# diskutil list
      /dev/disk0
      #: TYPE NAME SIZE IDENTIFIER
      0: GUID_partition_scheme *500.1 GB disk0
      1: EFI 209.7 MB disk0s1
      2: Apple_HFS Data 210.4 GB disk0s2
      3: Apple_Boot Recovery HD 650.0 MB disk0s3
      4: Apple_HFS Mac OS X Install ESD 9.2 GB disk0s4
      5: Apple_CoreStorage 278.8 GB disk0s5
      6: Apple_Boot Recovery HD 650.0 MB disk0s6
      sh-3.2#

      disk0s5 is the hard drive encrypted with Filevault2.

  4. Karthikeyan M
    February 14, 2012 at 5:32 pm

    The Scenario happened was ” I created a standard user and rebooted the mac. Then I tried logging in directly from Standard user. It showed “No Parking Symbol error” after the apple logo. Then I rebooted the mac and logged in with Filevault enabled user but again the machine shows the same error after the apple logo…

    • rima
      March 4, 2013 at 3:08 pm

      Hi Karthikeyan ,
      Were you able to solve your problem? as I am having the same problem and I really need to save my data . Thanks in advance.

  5. February 14, 2012 at 5:49 pm

    Karthikeyan,

    Unfortunately, I don’t have a good answer here. One thing that you may want to try (if you have not already) is running the following command to see if it can fix the partition:

    sudo diskutil repairVolume disk0s5

    If that doesn’t work, you’ll likely need to go to your backups.

    • Karthikeyan M
      February 14, 2012 at 6:03 pm

      I am getting many error. Is there any way to convert physical volume to logical volume in CoreStorage?

    • Martin
      August 31, 2012 at 7:52 am

      Thank you so much, rtrouton! I tried to convert an external drive to Core Storage and it seemed to be stuck at “Status: Checking”, with only a Logical Volume Group and a Physical Volume listed by diskutil cs list. So, no Logical Volume Family or Logical Volume. I already thought about erasing the disk, but

      diskutil repairVolume

      (where is a volume ID for the partition of type Apple_CoreStorage, such as disk0s5) triggered the actual conversion process. It immediately asked for the passphrase, and both the LVF and the LV are listed.

    • Martin
      August 31, 2012 at 7:55 am

      (Sorry, the first time I tried to post this I used angled brackets, which were filtered out)

      Thank you so much, rtrouton! I tried to convert an external drive to Core Storage and it seemed to be stuck at “Status: Checking”, with only a Logical Volume Group and a Physical Volume listed by diskutil cs list. So, no Logical Volume Family or Logical Volume. I already thought about erasing the disk, but

      diskutil repairVolume diskXsY

      (where diskXsY is a volume ID for the partition of type Apple_CoreStorage, such as disk0s5) triggered the actual conversion process. It immediately asked for the passphrase, and both the LVF and the LV are listed.

  6. February 14, 2012 at 6:13 pm

    Karthikeyan,

    At this point, you may want to try booting from one of your Recovery HD partitions and see if you can use Disk Utility to unlock the encrypted volume then repair it. If that doesn’t work, the encrypted partition may be unrecoverable.

  7. E.T.
    May 1, 2012 at 7:08 pm

    Thanks a lot for for posting this info. It was immensely valuable in helping me recover data from a Filevault 2 disk with a bad partition table due to bad sectors. Quick summary of what I did:

    1) clone bad disk with GNU ddrescue
    2) diskutil corestorage list
    3) diskutil corestorage unlockVolume UUID -stdinpassphrase
    4) diskutil corestorage revert disk[123]
    5) run disk warrior to rebuild directory structure and repair file permissions

    • NURV2600
      June 15, 2012 at 5:31 am

      I am having the same problem, and want to try exactly this, but where you typed in “diskutil corestorage unlockVolume UUID -stdinpassphrase”, where did you get the UUID? From your OP, and from what I’m seeing on my end, I don’t see a UUID for the logical volume, just the group and physical disk, which it won’t accept for unlocking.

      • June 15, 2012 at 9:22 am

        Can you please run the following command and then paste the output into a new comment?:

        diskutil corestorage list

        Thanks,
        Rich

    • Kevin
      February 4, 2013 at 6:02 pm

      I think your procedure can help me , i hope you have email notifications on and help me with the only step i cant do #1 Clone bad disk with gnu ddrescue

  8. Chris
    May 28, 2012 at 11:17 am

    Very useful collection of information. Thank you.

  9. AJCowell
    July 5, 2012 at 2:44 am

    NURV2600 :
    I am having the same problem, and want to try exactly this, but where you typed in “diskutil corestorage unlockVolume UUID -stdinpassphrase”, where did you get the UUID? From your OP, and from what I’m seeing on my end, I don’t see a UUID for the logical volume, just the group and physical disk, which it won’t accept for unlocking.

    I have the same problem (and the same question). Here is my diskutil cs list:

    CoreStorage logical volume groups (1 found)
    |
    +– Logical Volume Group A779418C-8E16-4ED3-842B-E91417BD863B
    =========================================================
    Name: System
    Sequence: 1
    Free Space: 0 B (0 B)
    |
    +-< Physical Volume 1EF3E032-B8FF-41B7-BD98-6E7AE3B5F9A3
    —————————————————-
    Index: 0
    Disk: disk1s2
    Status: Failed
    Size: 749295239168 B (749.3 GB)

    And my diskutil list (I have two identical drives, the one with the OS failed, so I installed lion on the other drive to try and repair the other):

    /dev/disk0
    #: TYPE NAME SIZE IDENTIFIER
    0: GUID_partition_scheme *750.2 GB disk0
    1: EFI 209.7 MB disk0s1
    2: Apple_HFS Macintosh HD 749.3 GB disk0s2
    3: Apple_Boot Recovery HD 650.0 MB disk0s3
    /dev/disk1
    #: TYPE NAME SIZE IDENTIFIER
    0: GUID_partition_scheme *750.2 GB disk1
    1: EFI 209.7 MB disk1s1
    2: Apple_CoreStorage 749.3 GB disk1s2
    3: Apple_Boot Recovery HD 650.0 MB disk1s3

  10. Richard
    July 23, 2012 at 7:35 pm

    Thanks so much for this. Bookmarked, and was very useful. :)

  11. July 27, 2012 at 5:48 am

    Thanks for this post. This saved me after a failed installation of Mountain Lion, which caused my MBPro encrypted disk to appear faulty. I tried reinstalling Lion (from USB and from Apple – using CommandR sequence) but it kept ion failing. Only after I decrypted the drive using the commands from this post – my MBPro came back to life. Thanks again

  12. Tiago
    August 2, 2012 at 1:02 am

    Another way to do it, even if you don’t have the password of the encrypted disk, is to “diskutil zeroDisk — “. That way the disk will be wiped clean and is ready for new partitioning

    • Rodger
      August 11, 2012 at 8:22 am

      Thanks :) after two hours of trying everything else I noticed your post and your suggestion worked perfectly

  13. toby
    August 5, 2012 at 6:41 pm

    Just wanted to say thanks for your article. This saved my hard drive. My backup hd was encrypted as a time machine backup. I knew the pw but each time I entered it the hd would not appear to unlock through the gui interface (the pw entry box would become unselectable indefinitely). I used this function diskutil corestorage unlockVolume UUID -stdinpassphrase to unlock the disk. It allowed me to unlock the disk and then attached it the computer as disk2 but it wouldn’t mount. Even so I was able to use this to unlock the disk and then access the files. Thanks very much.

  14. Casey
    August 16, 2012 at 9:28 pm

    In an attempt to be clever, I recently formatted a new blank drive as Encrypted using Disk Utility. I chose a password, which I know. I then cloned my old boot drive to this encrypted drive – this way I both copied all the data AND encrypted it at the same time. I don’t believe I was ever shown the long “recovery key” I only have the password. Is there any way to retrieve the recovery key? I’m a bit nervous only having the password and not the recovery key. Should I be? Thanks much!

    • August 16, 2012 at 9:38 pm

      Casey,

      When you encrypt a non-boot volume (which is the method you encrypted your disk with before cloning your OS to it) there is no recovery key, only the password. There is no way to add a recovery key after you encrypt, so your password is the only way to unlock your drive.

      I strongly recommend decrypting your drive, restarting, then re-encrypting your boot volume using the standard FileVault 2 encryption tools. When you re-encrypt, a recovery key will be generated.

      • Casey
        August 16, 2012 at 9:44 pm

        Thank you for that information!

        I know I will not forget the password I used. Is there any other reason I should decrypt and re-encrypt it as you suggest? I’d prefer not to, partly because before using the technique I did I had a problem where it finished encrypting then said there was an error and I could neither encrypt nor decrypt it! I actually had to use command line techniques like you showed here to unlock the drive so I could reformat it again.

      • August 16, 2012 at 9:54 pm

        Casey,

        The recovery key is there as a backup in case your password is not accepted to unlock the encryption.

        If you choose to go on without having that backup, it’s your right to run your Mac as you see fit. I would not make or endorse that choice for my own Macs.

  15. October 17, 2012 at 6:50 am

    excellent information here. rare gem

  16. Christian
    October 27, 2012 at 6:48 pm

    Hi, I recently encrypted my hard drive. I’m not even sure how I did it, every time i try to access it to try and remove the encryption it denies entry. I have no de-cryption software ect ect and i really need advice on how to get rid of my problem; also it doesn’t allow me to save anything therefore i cant download anything.

  17. Robert Townsend
    December 2, 2012 at 3:25 am

    This thread is a close as I could come to finding a solution. I used disc utility to encrypt a external HDD. During the encryption, the drive unmounted, I think due to the cable to the drive being bumped. It then tried to mount and would not. The passphrase would not work either. I have data on it. I ran the diskutil corestorage list and is copied in below. It still says it is converting and there is no disk activity.

    +– Logical Volume Group 7CD6AAEC-F256-48E6-B72E-73F0228BE071
    =========================================================
    Name: WD Red
    Size: 2000054960128 B (2.0 TB)
    Free Space: 16777216 B (16.8 MB)
    |
    +- Logical Volume Family 7B8E9717-5D59-4D6E-B247-6B36B43B9805
    ———————————————————-
    Encryption Status: Locked
    Encryption Type: AES-XTS
    Conversion Status: Converting
    Conversion Direction: forward
    Has Encrypted Extents: Yes
    Fully Secure: No
    Passphrase Required: Yes
    |
    +-> Logical Volume 36D7C1A4-F013-4F8E-9B5E-8B65D0C3C61D
    —————————————————
    Disk: -none-
    Status: Locked
    Size (Total): 1999719411712 B (2.0 TB)
    Size (Converted): -none-
    Revertible: Yes (unlock and decryption required)
    LV Name: WD Red
    Content Hint: Apple_HFS

    • November 10, 2013 at 11:01 am

      I’m having this same issue! Were you able to fix this?

  18. Jean-Paul d'Offay
    December 16, 2012 at 6:54 pm

    hi im having a huge issue i need resolving… i just bought a new solidstae hard disk to put in my MBP. now i bought the rack replacement for my dvdrw drive and put my 500gb in it.works like a charm.. now the issue is that i started deleting files from mt 500gb and transfering the required to the new solidstate.. finally wanted to format the 500gb and cant because of the filevault security… it will not allow me to unmount the drive… please advise as ive lost my key (i know i bad for loosing the key) and i cant unmount the 500gb for me to format… please advise

    jp

    • December 16, 2012 at 7:01 pm

      Jean-Paul,

      Is the drive mounting? I’m asking because you’re referencing being unable to unmount the drive.

      If it’s mounting, it’s getting the authentication credentials needed to mount from somewhere. Are you entering a password before it mounts, or do you have a password stored in your login keychain?

      If you have the password available, you can decrypt the drive using that password by following the instructions in the “Using the password of an authorized account on the command line” section of this post.

      • jpdoffay
        December 16, 2012 at 7:27 pm

        Hi rtrouton… thanks for the response but i got another thread from another site and its all good now… thanks a lot… have a happy holidays

        jp

  19. JanC
    January 15, 2013 at 10:55 pm

    Hi guys,
    I was wondering if you could perhaps give me a hand… My problem is very similar to some of those mentioned before. What happened is after my Mac failed to boot from the CS partition (grey Apple logo taking forever) I did boot into the internet recovery. Now what is happening with the diskutil is that:

    diskutil cs list showing only the LVG and PV (no LV)
    diskutil repairVolume failing with POSIX error

    Is there some other way I can perhaps follow?

    Thanks!

    Jan

    • January 16, 2013 at 3:00 pm

      JanC,

      If you can unlock the volume in Disk Utility, I’d recommend you try DiskWarrior 4.4. DiskWarrior 4.4 is able to work with CoreStorage volumes and may be able to fix the problem.

      If that does not work, a colleague of mine has reported success with using Data Rescue 3 to recover files from an unlocked encrypted drive.

  20. vinit
    January 18, 2013 at 7:04 am

    i had file vault on my android phone..i formatd my phone and nw i jst hav the encripted file..how to decript it..please help..

    • January 18, 2013 at 10:10 am

      Vinit,

      Unfortunately, this post has nothing to do with the FileVault software available on Android devices. This is for Apple’s FileVault 2 encryption on Macs.

  21. Kevin
    February 4, 2013 at 5:20 am

    Oh god i’ve finally found some light to my problem(for that i thank you rtrouton) , unfurtunately not my solution. Maybe you can or somebody can help or give me any idea.

    I got a 500 gb HDD with only one partition ( or so it seems because Recovery partition never showed up with my installation of lion) obviously this partition with turned on Filevault 2 and just couple of days ago when i started it up after it turns on ,show me my profile and guest one , ask for my password and show apple logo it gives me the error sign of death.

    So after some research i came with all the bad implications of have filevault turned on, one of them the difficulty to solve boot problems!

    So i came up with your blog entry and after reading all of it and the comments ive got the same problem as a few other “above” friends , and using an external
    usb flash memory with a fresh 10.7.5 installation using the terminal i got that :

    diskutil cs list showing only the Logical Volume Group and Physical Volume (no Logical Volume )

    CoreStorage logical volume groups (1 found)
    |
    +– Logical Volume Group 47994043-7CFE-4295-9034-01327C59EF65
    =========================================================
    Name: Kevin HDD
    Sequence: 1
    Free Space: 0 B (0 B)
    |
    +-< Physical Volume E78C8767-6489-454C-9D93-0FEC29160F82
    —————————————————-
    Index: 0
    Disk: disk0s2
    Status: Failed
    Size: 499248005120 B (499.2 GB)

    ———————————————————————————————————————

    /dev/disk0
    #: TYPE NAME SIZE IDENTIFIER
    0: GUID_partition_scheme *500.1 GB disk0
    1: EFI 209.7 MB disk0s1
    2: Apple_CoreStorage 499.2 GB disk0s2
    3: Apple_Boot Recovery HD 650.0 MB disk0s3

    So i cant get the logical volume UUID to perform the unlocking of my filevault image!
    Tho i cant use a recovery partition i can perfectly use the guest account in the HDD

    With an SMART status utility i now that there are some damaged sectors and errors on my HDD ( http://cl.ly/Md5s )

    I tried to clone and repair the partition on my HDD with my valuable data but im not a experiences user and i cant follow properly this user advice

    "E.T.

    Thanks a lot for for posting this info. It was immensely valuable in helping me recover data from a Filevault 2 disk with a bad partition table due to bad sectors. Quick summary of what I did:
    1) clone bad disk with GNU ddrescue
    2) diskutil corestorage list
    3) diskutil corestorage unlockVolume UUID -stdinpassphrase
    4) diskutil corestorage revert disk[123]
    5) run disk warrior to rebuild directory structure and repair file permissions"

    (I cant install GNU ddrescue and i cant get my proper UUID to unlock disk)

    Any idea or ami lost? i wish ive never turned on file vault and theres some valuable data that i cant loose.
    Thanks for reading me.

  22. Kevin
    February 4, 2013 at 6:11 am

    Correction i do have working recovery partition on my HDD but still cant get to retrieve logical volume UUDID

  23. SK
    February 14, 2013 at 3:28 pm

    What I can’t understand is how to get to the command prompt when the hard drive does not boot? So I can do all these procedures?

    • Erin
      June 26, 2014 at 2:02 am

      I’m having this issue currently. How did you solve this??

      • June 26, 2014 at 4:25 am

        You boot from a mac os CD. Then under utilities you’ll find “command prompt” :)

  24. SK
    March 8, 2013 at 3:19 pm

    rima :
    Hi Karthikeyan ,
    Were you able to solve your problem? as I am having the same problem and I really need to save my data . Thanks in advance.

    I too am having the same problem. The encrypted macHD comes as “failed” in the core storage list. I cannot find its UUID to decrypt or unlock it! Wasted money on disk warrior only to find that it cannot recover encrypted drives! Will it help connecting to another mac with FireWire in target mode? Or is it the END of this failed encrypted drive and its data? Can I erase it and then will the disk warrior work? Perhaps not!

  25. Bobbie
    June 5, 2013 at 3:22 pm

    I know this post is old, but I thought I’d let you know about an issue not addressed here.

    “Once you’ve unlocked the disk, you can also then decrypt the encrypted volume by running the following command:

    diskutil corestorage revert UUID -recoveryKeychain /path/to/FileVaultMaster.keychain

    Once it’s decrypted, you should have full access to your hard disk’s data.”

    I have the newest iMac, the late 2012 model, and I’m sorry that I don’t recall the message exactly, but when I enter that command, the terminal says that it can’t decrypt because there is more than one volume. – That’s because I bought the build with a Fusion drive.
    I thought would be very helpful but instead has been a nightmare when combined with HFS+ and FileVault 2.

    Luckily I’ve been able to get a lot of data off copied to a hard drive with just the instructions you gave up to that point. Unluckily the iMac now crashes exactly at the point it says it has been unlocked and mounted. – All in recovery mode of course

    Thank you for the help with such a great post. I was really looking forward to finding out about your recent speaking engagement, so now I’m off to read your presentation.

    Oh, also about the Fusion drive, I’m not even sure how to make an image of the hard drive since it’s spread across both drives. I’m still trying to figure that one out. Would you post something about that soon if you could?

    • Bobbie
      June 5, 2013 at 3:59 pm

      Sorry, I meant to copy the line with the revert command, not the recoveryKeychain

      I only meant to post that you can’t “revert” a Fusion drive. Or maybe you can, but I certainly can’t.

  26. Caddberry
    June 8, 2013 at 2:06 am

    You are awesome! Thanks SO MUCH for this!

  27. June 20, 2013 at 10:38 pm

    You totally just kept me from having to document this. Is love to strong a word? LoL

  28. Mike
    August 28, 2013 at 11:25 pm

    So I’m logged in as Root, I do this and it outputs this error. How can I fix this? it is indeed an external hard drive. Thanks

    Started CoreStorage operation
    Logical Volume successfully unlocked
    Logical Volume successfully attached as disk3
    Error: -69810: Disk object invalid or unable to serialize

  29. Billy Solestis
    September 7, 2013 at 10:15 am

    You, sir, are a hero. It’s possible that I may never forget the time you saved my Mac when I was on a trip out of the country and decided to turn on encryption “just in case”. After turning on FileVault 2 I got a normal login screen but after logging in got nothing but the circle-slash. The machine had Boot Camp, which may or may not have been a factor, but luckily it enabled me to bring it to life (in Windows) so that I found this page. The “…list” command showed that the volume was “revertable” and that no encryption had actually been done, The diskutil revert command above gave me my fully functional Mac side back. I can’t tell you how much this has saved my day in getting me access to my cloud data (Mac Contacts, iCal). THANK YOU, THANK YOU.

  30. Phil Cebu
    November 14, 2013 at 12:22 pm

    I have been reading this and it is really informative.

    I have a question, can we mount the encrypted volume as a target disk drive on another running system (not on recovery mode) with institutional master key for easy backup and file manipulation? – in case the we do not have the password of the user

    I have been trying a lot but I keep getting the error below and been not succesfull mounting it.

    Error: -69749: Unable to unlock the Core Storage volume

    • November 14, 2013 at 12:45 pm

      Phil,

      Unlocking or decrypting with the institutional key can only be performed from a recovery partition or from Internet Recovery. If you’re not booted from a recovery drive, you’ll see the error you’ve described.

  31. December 25, 2013 at 4:44 pm

    You just made my day.

  32. Glenn
    December 29, 2013 at 8:35 pm

    I could kiss you. Thanks so much for writing this!

  33. December 31, 2013 at 11:28 pm

    Thank you su much, your article help me unlock my 3TB hard drive!
    Happy new year!

  34. Jamie
    January 18, 2014 at 3:35 pm

    I followed the second method – Using the FileVault 2-generated individual recovery key on the command line

    diskutil corestorage unlockVolume UUID -passphrase recoverykey
    Started CoreStorage operation
    Logical Volume successfully unlocked
    Error: -69774: Couldn’t bring the new Core Storage Logical Volume online

    Are there any solution to that?

  35. eveeb
    January 31, 2014 at 12:24 am

    Similar to Jamie, I get the same error message.

    Have managed to finish converting but struggling to unlock and mount. Stuck at:

    Logical Volume Family 88899AC3….

    Encryption Status: Locked
    Encryption Type: None
    Conversion Status: Complete
    Conversion Direction: -none-
    Has Encrypted Extents: Yes
    Fully Secure: No
    Passphrase Required: No

    Logical Volume 887AC606…

    Disk: -none-
    Status: Locked
    Size (Total): 248.9 GB
    Conversion Progress: -none-
    Revertible: Yes (No decryption required)
    LV Name: Macintosh HD
    Content Hint: Apple_HFS

    I’ve purchased DiskWarrior 4.4 but it’s not seeing my HD and I’m super confused now.

    Please help….

  36. Richard Lee
    February 1, 2014 at 4:43 am

    Hi… I’ve gotten my drive into a funny state. I did not use ‘revert’, instead I used decryptVolume. It merrily went on its way and seems to have decrypted everything, *but* it did not remove the lock from the volume. Now, I am unable to unlock it, revert it, or re-encrypt it. How do I get back to some sane state?

    Here’s the original status:

    -bash-3.2# diskutil coreStorage list
    CoreStorage logical volume groups (1 found)
    |
    +– Logical Volume Group C7D31432-02C3-4230-8171-764EF8542CCE
    =========================================================
    Name: Macintosh HD
    Sequence: 1
    Free Space: 16777216 B (16.8 MB)
    |
    +- Logical Volume Family 1033C50C-9567-4C4F-B5C2-05CC556A846B
    ———————————————————-
    Sequence: 9
    Encryption Status: Unlocked
    Encryption Type: AES-XTS
    Encryption Context: Present
    Conversion Status: Complete
    Has Encrypted Extents: Yes
    Conversion Direction: -none-
    |
    +-> Logical Volume E89007ED-C375-4EDB-A869-8FE5BC4F3EE4
    —————————————————
    Disk: disk13
    Status: Online
    Sequence: 4
    Size (Total): 498912555008 B (498.9 GB)
    Size (Converted): -none-
    Revertible: Yes (unlock and decryption required)
    LV Name: Macintosh HD
    Volume Name: Macintosh HD
    Content Hint: Apple_HFS

    then I ran:

    diskutil coreStorage decryptVolume E89007ED-C375-4EDB-A869-8FE5BC4F3EE4

    which took a really long time, and I monitored via “diskutil cs list” until it appeared to complete at 100% converted

    but now:

    -bash-3.2# diskutil cs list
    CoreStorage logical volume groups (1 found)
    |
    +– Logical Volume Group C7D31432-02C3-4230-8171-764EF8542CCE
    =========================================================
    Name: Macintosh HD
    Status: Online
    Size: 499248103424 B (499.2 GB)
    Free Space: 16777216 B (16.8 MB)
    |
    +- Logical Volume Family 1033C50C-9567-4C4F-B5C2-05CC556A846B
    ———————————————————-
    Encryption Status: Locked
    Encryption Type: None
    Conversion Status: Converting
    Conversion Direction: backward
    Has Encrypted Extents: Yes
    Fully Secure: No
    Passphrase Required: No
    |
    +-> Logical Volume E89007ED-C375-4EDB-A869-8FE5BC4F3EE4
    —————————————————
    Disk: -none-
    Status: Locked
    Size (Total): 498912555008 B (498.9 GB)
    Conversion Progress: -none-
    Revertible: Yes (no decryption required)
    LV Name: Macintosh HD
    Content Hint: Apple_HFS

    Note that it appears the LV is fully decrypted, but the LVF still thinks its encrypted. Plus, the LV is locked, and cannot be mounted anymore after it is unlocked without encountering a weird error:

    -bash-3.2# diskutil cs unlockVolume E89007ED-C375-4EDB-A869-8FE5BC4F3EE4
    Passphrase:
    Started CoreStorage operation
    Logical Volume successfully unlocked
    Error: -69774: Couldn’t bring the new Core Storage Logical Volume online
    -bash-3.2#

    Any ideas?

    • John
      February 8, 2014 at 10:47 pm

      Richard, I hit exactly the same error. Did you ever find a solution?

  37. February 20, 2014 at 12:15 am

    Can I restart into the system as soon as the converting process starts? Or wait until the it’s completely done?

  38. Peter
    May 20, 2014 at 4:14 pm

    I have been able to follow the instructions up until the point where it asks for a passphrase, but I am unable to type anything after that. I literally can’t enter anything or copy and paste my password in. Any ideas?

  39. Corbin
    August 7, 2014 at 4:52 pm

    Hoping I could get some help with decryption. I have unlocked my encrypted hard drive using an institutional recovery key and have decrypted it using the “revert” command, but it appears to be stuck. I left it to decrypt over night and the decryption progess now shows 100% however, the conversion status still shows “Converting” and the conversion direction still shows “backward.”

    If the conversion progress shows 100%, shouldn’t the other status indicators be showing “complete”? Should I have used the “decryptVolume” command instead of the “revert” command? Any ideas?

  40. Corbin
    August 11, 2014 at 6:53 pm

    For others experienced the same problem, I worked out a solution for the disk not being completed decrypted through terminal like I mentioned in the comment above.

    After decrypting from the terminal and letting the progress reach 100%, I then quit terminal and opened Disk Utility and selected to turn off encryption on the encrypted volume which worked (all while being booted in recovery mode cmd+r). I then restarted and was able to login and confirm that FileVault has been turned off in System Preferences. I don’t know what extra thing turning off encryption through Disk Utility does after decryption reaches 100% in terminal, but it seems to fully remove encryption attributes from the disk/volume.

    I also tested another way by again, booting into recovery mode (cmd+r), going through terminal to unlock the disk with my institutional recovery key but NOT decrypting the drive through terminal. Instead, after unlocking the disk with the recovery key, I then quit terminal and open Disk Utility and select to turn off encryption on the volume. I get prompted for the password for my institutional recovery key and after entering it, I’m prompted that decryption has started and that I can track the progress in Sys Pref>FV. I then proceed to restart and I can login and confirm in Sys Pref>FV that the disk is being decrypted.

  41. Mandeep Singh
    October 19, 2014 at 9:05 am

    Is there a way to completely remove the core storage disk from the list of partitions?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 167 other followers

%d bloggers like this: