Home > FileVault 2, Mac administration, Mac OS X > Decrypting FileVault 2 on Mac OS X 10.8.4 – Unlock first, then decrypt

Decrypting FileVault 2 on Mac OS X 10.8.4 – Unlock first, then decrypt

As a follow-up to my earlier post about not being able to decrypt FileVault 2 from the Recovery HD partition, it looks like Apple has changed the process for how decryption works. Previously, you could run a command to decrypt on a locked FileVault 2-encrypted boot volume and it would decrypt.

As of 10.8.4, it appears that Apple now requires that the encrypted volume be unlocked first. Once it’s unlocked, then you can decrypt. See below the jump for details.

Here’s how the new decryption procedure works for Disk Utility:

1. Boot your Mac and hold down ⌘-R (Command –R) to boot from the Mac’s Recovery HD partition.

Note: You can also boot from a 10.8.4 installer drive , boot to Target Disk Mode and connect it via Firewire or Thunderbolt to another Mac, or use some other 10.8.4-booting drive. As long as you have 10.8.4′s Disk Utility, this should work.

2. Open Disk Utility.

3. Select your locked hard drive.

4. Under the File menu, select Unlock “Drive Name”

Screen Shot 2013-06-11 at 8.38.05 AM

5. When prompted for a password, you can enter the password of any authorized account on the drive.

Screen Shot 2013-06-11 at 8.38.18 AM

6. Once you unlock the disk, hold down the Option key on your keyboard and click on the File menu.

7. Under the File menu, select Turn Off Encryption… (with the Option key held down, it’s no longer grayed-out.)

Screen Shot 2013-06-11 at 8.38.38 AM

8. When prompted for a password, you can enter the password of any authorized account on the drive.

Screen Shot 2013-06-11 at 8.38.45 AM

9. Disk Utility should briefly display a progress window labeled Starting conversion to JHFS+

Screen Shot 2013-06-11 at 8.38.52 AM

Your drive should now start decrypting.

You should also be able to unlock then decrypt your Mac from the command line, using the procedures described in this previous post.

Screen Shot 2013-06-11 at 8.43.10 AM

I tested specifically to see if the institutional recovery key using FileVaultMaster.keychain worked with the new unlock-first-then-decrypt method while booted from Recovery HD. As shown below, unlocking then decrypting using the institutional recovery key works fine.

Screen Shot 2013-06-11 at 7.28.43 AM

  1. Actinic Light
    July 12, 2013 at 8:18 pm

    Why on earth did Apple make this change? Isn’t the whole point of having an institutional recovery key is to bypass the need for keeping track of individual unlock passphrases?!

    • Touker
      September 22, 2013 at 1:08 am

      Looking at step 9., last screenshot, I see that institutional recovery key is sufficient to unlock and decrypt the volume, thus there is no need to use any individual unlock passphrase. Maybe I am missing your point, but do not understand your concern.

  2. moe
    September 20, 2013 at 3:56 am

    Step 5. is not working for me. I only have one account on my Mac

  3. October 22, 2013 at 11:14 pm

    And if I dont have the password how can i handle it? help fast

  4. February 21, 2014 at 6:10 pm

    I think what Actinic Light is referring to is the KeyChain password that you are prompted for when unlocking the drive.

    Actinic Light, This password is whatever you set it to. If you have the recovery key but not in KeyChain format, you can create a new KeyChain with whatever password you want and then add your institutional key into it.

    Isaac, if you don’t have the password to the keychain, you can’t unlock it. If your private institutional key is locked and you don’t know the password, you also can’t unlock it. If you have the key but not in a KeyChain, follow what I told Actinic Light to do above in creating a new KeyChain with a new password.

  5. Cats
    March 5, 2014 at 1:46 am

    So is decryption an invisible process? How do I know how long it’ll take or when it’s safe to reboot?

  6. March 6, 2014 at 5:09 pm

    Same question here – I don’t see any obvious way to start terminal when booted from recovery HD; therefore, it’s practically impossible to see the progress… Been waiting for 20 minutes now, I think encryption went very fast (120gb Ssd), but well… The feeling is rather annoying, wish I’d done it in normal boot mode, if possible at all:-/

  7. March 6, 2014 at 9:38 pm

    So, FYI, I did find a way to start terminal (simply from the menu, when you don’t have any other app running in rec. mode) – but decided not to use it. First waited for several hours, then noticed Mac was sleeping, and judged from that, the decryption must be finished. It doesn’t show this in Disk utility though, also when restarting DU etc. – the silly software keeps identifying disk as “encrypted”… After reboot though status is displayed correctly. This was all with Mavericks (10.9.2) by the way…

  8. Erin
    June 26, 2014 at 2:01 am

    My laptop won’t let me access the main Mac Finder. I can’t seem to figure out how to boot to a command prompt. Please help! Any recommendations?

    • June 26, 2014 at 2:16 am

      Erin, if your Mac won’t otherwise boot, I recommend trying Apple’s Internet Recovery: https://derflounder.wordpress.com/2013/01/04/using-apples-internet-recovery-to-unlock-or-decrypt-your-filevault-2-encrypted-boot-drive/

      • Erin
        June 26, 2014 at 2:28 am

        I should clarify— I can turn the mac on; it’s getting stuck at the start up and just shutting itself down. I am able to enter into the Disk Utility and all that, but there’s a software damage which is not allowing the mac to start up.
        I am wondering how I can get a command prompt going to go into this next phase of decrypting? I can’t find how to do that without being able to get the main screen of the mac up, which I cannot do. I just want to retrieve the files from the Windows side and get them on an external at this point; I don’t know how to fix the errors it is saying it has (the volumes are off and need to be reformatted)

  9. Michael
    November 24, 2014 at 2:06 am

    Hello. This is a very good site and I’ve been following your instructions here. However, my drive is not revertable and I am not able to unencrypt. I’m worried that encrypting my hard drive has wrecked my Mac. I’ve been trying to restore to factory settings but, I think because of this encryption, I’m not able to do it. is there any way around this? Please help!

  10. Ed
    February 2, 2015 at 5:52 pm

    I took a FileVaulted hard drive out of a toasted MacBook Pro, bought a USB case for it, and, since I had forgotten the password, followed your command line instructions for decrypting using the recovery key. Short story: it worked and I’m a grateful camper! Thanks for your help.

  11. John
    April 6, 2015 at 10:07 pm

    Isn’t decryption doing a lot of writing to the disk? The idea of doing anything other than rebuilding the directories when I know the disk is questionable is troublesome to me. Am I misunderstanding something about the decryption process?

  12. Marek
    March 13, 2016 at 3:13 am

    Had the same problem. Decryption stuck, so I finally decided to reboot it with recovery mode. Went to Disk utility, but the option for unlocking the drive was greyed out. Rebooted it again, without any other actions and came back to FileVault again. Suddenly I found there was a notification in right top corner to plug the power in, so the decryption could continue (59% of battery capacity then). After that it resumed, and all finished with happy end. Maybe not helping, but wanted to leave some description how it went in my case.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: