Archive

Archive for June 19, 2013

Enabling FileVault 2 pre-boot login screen functions from the command line

June 19, 2013 17 comments

There’s a couple of functions that you can enable on your Mac that will show up at the FileVault 2 pre-boot login screen. The two functions that I’m familiar with are the keyboard input menu and a text-only login banner.

On an FileVault 2-encrypted Mac, you can go into System Preferences and enable these functions. At the next restart, they should show up at the FileVault 2 pre-boot login screen. However, if these functions were enabled using the defaults command, they may show up at the regular login window, but not FileVault 2’s login screen.

Screen Shot 2013-06-18 at 1.01.01 PM

Screen Shot 2013-06-18 at 12.57.48 PM

The answer seems to be that, in addition to running the defaults commands, you also need to remove certain cache filenames ending in .efires from /System/Library/Caches/com.apple.corestorage/EFILoginLocalizations. Clearing the filename.efires cache files forces the system to update the FileVault 2 pre-boot login screen. Whether this update happens right away or when the system reboots is not yet clear; if you know, please let me know in the comments.

For example, running the following commands with root privileges updates the FileVault 2 pre-boot login screen with both the keyboard input menu and a login banner:


defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "My Login Window Text Goes Here"
defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool TRUE
rm /System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/*.efires

On restart, the FileVault 2 pre-boot login screen should look like this, with keyboard input and login text (highlighted in red) now showing.

Screen Shot 2013-06-18 at 1.03.40 PM

To remove these, you would need to boot back into the OS and run the following commands:


defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText
defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool FALSE
rm /System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/*.efires

On restart, the FileVault 2 pre-boot login screen should no longer have either a keyboard input menu or a login banner.

Screen Shot 2013-06-18 at 12.57.48 PM

Hat tip to Josh Schripsema for figuring out that the .efires cache files need to be removed to force the refresh.

%d bloggers like this: