Booting into single-user mode on a FileVault 2-encrypted Mac
I recently communicated with a Mac admin who was concerned about using FileVault 2 in his environment because he didn’t want to lose access to tools like single-user mode. Like a number of Mac admins, he’d found single-user mode valuable in helping to diagnose and fix issues on troublesome Macs.
Fortunately, Apple makes it reasonably easy to boot into single-user mode on a FileVault 2-encrypted system. Here’s how to boot into single-user on a FileVault 2-encrypted system:
1. Hold down Command-S after powering the system.
2. The Mac will be begin booting into single user, then the FileVault 2 pre-boot login screen will appear.
3. Authenticate at the FileVault 2 pre-boot login screen by selecting an account and providing the account’s password.
4. The Mac will then unlock and continue booting into single-user mode.
To show what this looks like, I’ve made a short video showing the process. In this instance, I booted into single-user mode and performed a disk check using fsck, then continued with the rest of the boot process.
I heard that this is possible since 10.8.2…
Maurits,
That may be something else, as I’ve confirmed this works in both 10.7.x and 10.8.x.
fdesetup authrestart was introduced in 10.8.2: https://derflounder.wordpress.com/2012/09/22/fdesetup-authrestart-filevault-2s-one-time-encryption-bypass-feature/
Does anyone need single user mode now that we have recovery partitions?
Can’t get this to work on a MBP running 10.9.5. Firmware password is also set, if that matters. I got the Firmware password dialog when attempting to boot to Recovery mode (which was successful). Booting with command+s takes me to the loginwindow, but never shows the CLUI — not before nor after the loginwindow. Any thoughts?
Any luck? I am having the same issue. It shows the CLUI but only for a sec and then to the login screen.
The linked Apple Support KB article (http://support.apple.com/kb/HT1492) states that Firmware Password Protection does indeed lock you out from single-user mode. Not sure if this still applies to Intel Macs, as the KB specifically mentions Open Firmware Password Protection. But it might be worth disabling the Firmware Password, then trying again.