Home > FileVault 2, Mac administration, Mac OS X > Booting into single-user mode on a FileVault 2-encrypted Mac

Booting into single-user mode on a FileVault 2-encrypted Mac

April 26, 2013 Leave a comment Go to comments

I recently communicated with a Mac admin who was concerned about using FileVault 2 in his environment because he didn’t want to lose access to tools like single-user mode. Like a number of Mac admins, he’d found single-user mode valuable in helping to diagnose and fix issues on troublesome Macs.

Fortunately, Apple makes it reasonably easy to boot into single-user mode on a FileVault 2-encrypted system. Here’s how to boot into single-user on a FileVault 2-encrypted system:

1. Hold down Command-S after powering the system.

2. The Mac will be begin booting into single user, then the FileVault 2 pre-boot login screen will appear.

3. Authenticate at the FileVault 2 pre-boot login screen by selecting an account and providing the account’s password.

4. The Mac will then unlock and continue booting into single-user mode.

To show what this looks like, I’ve made a short video showing the process. In this instance, I booted into single-user mode and performed a disk check using fsck, then continued with the rest of the boot process.

Categories: FileVault 2, Mac administration, Mac OS X
  1. Maurits
    April 26, 2013 at 3:23 pm
    Reply

    I heard that this is possible since 10.8.2…

  2. rtrouton
    April 26, 2013 at 3:40 pm
    Reply

    Maurits,

    That may be something else, as I’ve confirmed this works in both 10.7.x and 10.8.x.

    fdesetup authrestart was introduced in 10.8.2: https://derflounder.wordpress.com/2012/09/22/fdesetup-authrestart-filevault-2s-one-time-encryption-bypass-feature/

  3. Mikael Johansson
    April 26, 2013 at 5:58 pm
    Reply

    Does anyone need single user mode now that we have recovery partitions?

  4. Dennis Wurster
    October 2, 2014 at 3:33 pm
    Reply

    Can’t get this to work on a MBP running 10.9.5. Firmware password is also set, if that matters. I got the Firmware password dialog when attempting to boot to Recovery mode (which was successful). Booting with command+s takes me to the loginwindow, but never shows the CLUI — not before nor after the loginwindow. Any thoughts?

    • RedZ06
      October 16, 2014 at 12:31 pm
      Reply

      Any luck? I am having the same issue. It shows the CLUI but only for a sec and then to the login screen.

    • danixdefcon5msn
      October 16, 2014 at 11:00 pm
      Reply

      The linked Apple Support KB article (http://support.apple.com/kb/HT1492) states that Firmware Password Protection does indeed lock you out from single-user mode. Not sure if this still applies to Intel Macs, as the KB specifically mentions Open Firmware Password Protection. But it might be worth disabling the Firmware Password, then trying again.

  1. No trackbacks yet.

Leave a comment