Home > FileVault 2, Mac administration, Mac OS X > Mac OS X 10.8.4’s Recovery HD removes ability to decrypt FileVault 2-encrypted Mac

Mac OS X 10.8.4’s Recovery HD removes ability to decrypt FileVault 2-encrypted Mac

To follow on to my earlier post about needing admin rights to decrypt FileVault 2 on Mac OS X 10.8.4, it appears that Mac OS X 10.8.4’s Recovery HD partition no longer can decrypt FileVault 2-encrypted Macs. If you boot from a 10.8.4 Recovery HD partition, you can unlock a FileVault 2-encrypted boot drive but you can’t decrypt it either from Disk Utility or the command line.



Update – June 11, 2013: It looks like you will need to unlock the encrypted volume first, then you will be able to decrypt it. See this post for details.


In Disk Utility’s File menu, Turn Off Encryption… is now grayed out. Unlock “Drive Name” is still an available option.

Screen Shot 2013-06-07 at 10.37.40 PM

In Terminal, attempting to decrypt with diskutil with the following commands now results a The given UUID is not a CoreStorage Logical Volume UUID error.

diskutil cs revert UUID_here -stdinpassphrase

diskutil cs revert UUID_here -passphrase

diskutil corestorage revert UUID_here -recoveryKeychain /path/to/FileVaultMaster.keychain


Screen Shot 2013-06-07 at 10.38.32 PM

Unlocking from the command line continues to work.

Screen Shot 2013-06-07 at 10.39.17 PM

The fact that decrypting using the institutional keychain does not work is particularly worrying. To the best of my knowledge, the only way you can decrypt using the institutional keychain is by using Recovery HD or Internet Recovery. I’ve verified that booting from an alternate 10.8.4 boot drive gives the same behavior with regards to Disk Utility and the diskutil tool.

Screen Shot 2013-06-08 at 12.21.18 AM

I’ve filed bugreports at bugreport.apple.com for these issues. For those who who want to submit duplicate bugs, they are bug IDs 14099380 and 14099359.

I’ve also posted the bug reports at Open Radar:

rdar://14099380 – Unable to decrypt using diskutil while booted from Recovery HD

rdar://14099359 – Unable to decrypt using Disk Utility while booted from Recovery HD

  1. June 9, 2013 at 2:56 pm

    Not cool. Have you tested TDM or booting from external media?

    • June 9, 2013 at 2:58 pm

      I have not tested TDM, but I did test booting from an external drive running 10.8.4. I saw similar results when booted from the external drive.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: