FileVault and Sierra guide for noobs like me

[Overkill303]

Thank you very much for your reply.

Thing is...this doesn't occur on real macs. Truth be told, I haven't tried that on a mac running a dedicated video card. But it doesn't occur on the ones running on intel GPUs. Basically the transitions between stages is smooth and there is no change in background.

But for the hack, when the background is not black (such as for the second stage boot), I've got a black background.. Could be a bug. But somehow I doubt it. Verbose more didn't do anything in my case (aside from a bunch of text scrolling on my screen before reaching the second stage boot). But once there, it was still black background, no logo, only loading bar.

Well, I'm not sure beyond noticing that we both have Nvidia GPUs. And while the Pascal drivers are totally functional for me, they are too unstable for gaming and multi monitor support is buggy for me too. If if doesn't happen with officially supported GPUs maybe its an Nvidia thing?

 

[arsradu]

Well, I'm not sure beyond noticing that we both have Nvidia GPUs. And while the Pascal drivers are totally functional for me, they are too unstable for gaming and multi monitor support is buggy for me too. If if doesn't happen with officially supported GPUs maybe its an Nvidia thing?

Well, it doesn't happen with integrated GPUs... haven't checked with dedicated GPUs...since I don't have a real Mac with a dedicated Nvidia GPU at hand. It could be an Nvidia thing...I'm not saying no. But there is no way (at least on my side) to test this theory. I was thinking maybe someone has an idea why does this happen. It could be GPU related...since this only occurs with the second stage boot, when the video driver is loaded. I wish I had more information.

 

[BaronOmasia]

Been lurking in this thread for the past few days and finally took the plunge on FileVault2 last night on 10.13.1. I can definitely second that you should make sure you have the appropriate mouse and keyboard drivers installed to your EFI partition. Also, be sure to update your version of clover to the latest before attempting this (early versions of clover do NOT have FileVault support).

On a UEFI Clover system with a wired/dongle keyboard, I would recommend using AsAmiShim.efi (aka AptioInputFix) and place it under under drivers64UEFI in CLOVER. In case you guess the wrong driver, I would recommend creating a directory to store both driver files so you can swap them in via terminal on the recovery partition if need be (AsAmiShim.efi and UsbKbDxe.efi). As referenced in the other comments, detailed breakdown of which keyboard driver to use can be found here: http://www.insanelymac.com/forum/topic/317290-filevault-2/.

As a heads up, once FileVault is enabled, encryption can take a very long time (~12-14 hours for my 120 GB partition). Speaking of partitions, I triple boot off an NVMe drive using apfs for the macOS partition, so I was worried that FileVault would somehow screw up the boot entries for my other partitions (all the examples I saw online were for separate disks with just macOS on them). I can confirm that FileVault2 works as expected and only affects just macOS partition (recovery is also still accessible without going through FileVault login).

Also, one point that I did not see documented anywhere that is worth mentioning specifically for High Sierra systems (10.13) is that you do NOT use the recovery partition to launch the FileVault2 login screen. Instead, use the aptly named FileVault Prebooter partition. The reason I mention this is because if you've curated your boot entry screen, you may have hidden the preboot drives. I had to boot into recovery and edit my config.plist in vim to remove the hide preboot configuration. Once I did that, I was able to boot successfully via FileVault prebooter and log in normally.

Sorry for the long post, just thought this information may help others with their FileVault configuration.

 

[BaronOmasia]

Just wanted to follow up here about FileVault a month in. Everything works great so far, I even was able to create custom boot entries to curate the partitions screen to only show a particular boot path for the preboot drive (see here for instructions), and have had no issues logging in, besides the occasional keyboard lag on the FV login screen.

However, with the latest 10.13.2 update, when I attempt to boot from the installer partition after following the App Store restart prompt, I receive a kernel panic. I've updated to the latest version of clover (r4334) and even removed my custom boot entries to see if they could be causing an issue. Booting from the installer preboot partition does bring me to the FileVault login screen and lets me log in, but I receive KP about halfway through booting.

I'll see if I can post diagnostic info when I get the chance, but in the meantime, just wanted to ask (i) if anyone else is experiencing this issue, and (ii) if you've figured out a way to solve this.

 

[BreBo]

@BaronOmasia, please update your profile (personal details) with your Motherboard or Make/Model, CPU and Graphics Card.

Profiles need to contain at least your primary system to assist others with helping you.

 

[sharkoon]

Thanks for the writeup! I'm definitely going to try that. One concern, though...

… Previously, booting into the recovery partition would bring me into a ui that was very similar to the unibeast installer ui. Now, magically, it brought me to a login screen showing the user accounts of my MacOS partition …

Is booting into the regular recovery UI no longer possible? Maybe a second recovery partition is needed for its usual purposes?

 

[BaronOmasia]

Thanks for the writeup! I'm definitely going to try that. One concern, though...

Is booting into the regular recovery UI no longer possible? Maybe a second recovery partition is needed for its usual purposes?

If you're on High Sierra (10.13), the partition structure is a bit different than on regular Sierra. Recovery (at least for me), is still accessible via the Recovery partition and does not require a FileVault login to access the recovery itself. However, if you are trying to read or write the macOS partition once booted into recovery, you'll need the FileVault credentials to mount the system drive.

 

[sharkoon]

High Sierra (10.13) [ … ] still accessible via the Recovery partition …

Good to know, thank you.
And also for the drivers!

 

[hulambre]

I got it working but I get this screen after typing my password in Recovery HD. It boots fine but it is quite annoying. Anybody know a way to get rid of this?

 

[narbatucker]

I decided to enable FV2 after following this tutorial too, and can report no problems except I can't work out how to make the FileVault Prebooter the default option in Clover.

Another slight issue is that my wallpapers on my multiple displays change when I log in.