Jump to content

FileVault 2

FileVault FileVault 2

  • Please log in to reply
258 replies to this topic

#1
vit9696

vit9696

    InsanelyMac Geek

  • Developers
  • 249 posts
  • Gender:Male

Alright, after a couple of weeks of hard work performed by: ath, Download-Fritz, slice and myself FileVault 2 should work everywhere now. Additionally thanks to iNDi for help and initial discovery of certain FV aspects.

 

This means that everybody gets some pros for this but mainly Clover.

Everything works in test mode for the time being, so you better wreck your disk drives and tell us how much fun it was :)

Clover:
In brief you are required to install a set of drivers present at least in r3876. There are two driver categories, and each one will be addressed separately.

  • UI drawing. The following is mandatory:
    • FirmwareVolume.efi — or you will get a cursor creation error;
    • AppleImageCodec-64.efi — or you will get image decoding failures;
    • AppleEvent.efi — or you will get AppleEvent installation failures (r3877+ Clover built-in).
    Then you are recommended (read as blame yourself if not) to install:
    • AppleUITheme-64.efi — fixes grey login screen background on 10.10+;
    • HashServiceFix-64.efi — will fix HDPI cursor in newer OS;
    • SMCHelper.efi — silences most of the SMC errors;
    • AppleGraphicsConfig-64.efi, OSInfo-64.efi — respond to a few requested protocols (r3877+ Clover built-in).
  • Password input. To do that you need a keyboard driver, which knows about Apple key aggregation protocol, and the protocol itself.

    For key aggregation you may use Clover's AppleKeyAggregator.efi, it works more or less. If you have issues it might be better to use the original AppleKeyMapAggregator from Apple firmware.

    There are two input drivers for the time being:
    • Modified UsbKbDxe, a slightly altered version is present in Clover.
      Pros:
      — works with any USB keyboard in any BIOS;
      — offers completely functional Apple boot keys (CMD+V, 3+2, CMD+R, etc.);
      Cons:
      — might require a physical keyboard reconnect after driver load with AMI UEFI BIOS;
      — might lead to a complete freeze of the system with AMI UEFI BIOS.

      Recommendations:
      It is recommended to use this driver from BIOS or via legacy clover boot. In this case you will have no issues with keyboard connection. To solve freezing issues you will need to rebuild UsbKbDxe with a forced controller disconnect at EXIT BS.
      In case of Clover use:
      ./ebuild.sh -D EXIT_USBKB=1
      In case of the original driver see these PCDs. Both should be set to TRUE.
      In case of Clover FixOwnership might help you, but I would not recommend this.
    • AptioInputFix — my driver specific to AMI UEFI BIOS. Still in process of a rewrite and release. Download the testing binary version (updated Feb, 2nd).
      Pros:
      — works without keyboard reconnect or driver flash with USB and PS/2 keyboards in AMI UEFI BIOS;
      — fixes not working mouse input on Z87 and possibly newer;
      Cons:
      — some multisymbol hotkeys will not work (e.g. 3+2, 6+4);
      — key autorepeat might cause issues on some systems;
      — mouse might work a bit slowly on some systems (better than nothing).

      Recommendations:
      A lightweight solution that will mostly work well for some people. If it works for you and you have no desire to flash your BIOS, perhaps it is a good idea.
    Troubleshooting:
    • Hibernation is a no go for those having no hardware nvram and no StrictHibernate in clover config
      No solutions for the time being and no solutions planned.
    • Every reboot requests a password input
      No solutions for the time being and no solutions planned. Without a hardware SMC module it is extremely dangerous.
    • Shutdown button on login screen may cause a restart
      No solutions for the time being.
    • Password change/reset during the volume encryption might cause issues when logging in
      Apple issue. Please refrain from changing or resetting the password before the encryption completes. In cases this is required use your generated recovery key to login into the system.
    • Most of PS/2 keyboard users will not be able to enter the passwords
      No general solutions (aside AptioInputFix).
    Ozmosis:
    For Ozmosis users only 4 drivers might be of some interest:
    — AppleUITheme should fix the grey login screen background;
    — AptioInputFix could be useful if you load Ozmosis from HDD/USB Flash;
    — HashServiceFix and FirmwareVolume could help to fix the HDPI cursor.


#2
D-an-W

D-an-W

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 677 posts

:thumbsup_anim:  Great work everyone, many thanks I am excited to try it  :thumbsup_anim:

 

Can I please ask at what point of reboot is the password requested as I generally skip the Clover GUI (Login = 0 in Config.plist), would this be a problem?

 

I also use the Apple bluetooth Keyboard, Mouse and Trackpad which work fine both in the BIOS and Clover GUI as they connect with the Apple Broadcom Bluetooth would they be compatible?



#3
vit9696

vit9696

    InsanelyMac Geek

  • Developers
  • 249 posts
  • Gender:Male
The pw is requested by boot.efi, clover ui has nothing to do with it. You should choose the right boot entry at least once though.
(Boot macOS from Recovery HD)

As for your input devices that needs testing. I would say that they should work almost certainly though.

#4
D-an-W

D-an-W

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 677 posts

Thanks vit9696, it has been a while since FileVault was first tested with Clover (Back on ProjectOSX and it didn't work) so I will have to familiarise myself with the process again at the weekend when I get home.



#5
Slice

Slice

    InsanelyMac V.I.P.

  • Local Moderators
  • 6,457 posts
  • Gender:Male
  • Location:Moscow

Thanks vit9696, it has been a while since FileVault was first tested with Clover (Back on ProjectOSX and it didn't work) so I will have to familiarise myself with the process again at the weekend when I get home.

Yes, it never worked before.



#6
smolderas

smolderas

    InsanelyMac Sage

  • Members
  • PipPipPipPipPip
  • 358 posts
  • Gender:Male

Great work, will be testing after backing things up...



#7
dgsga

dgsga

    All these moments will be lost like tears in rain.

  • Members
  • PipPipPipPip
  • 218 posts
  • Gender:Male

Just wanted to say thanks to everyone involved here for reaching this milestone. Fantastic work! FV2 up and running here

Cheers!



#8
D-an-W

D-an-W

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 677 posts

If anyone can spare the time would you be able to document the process of enabling it please (Nothing too fancy obviously) for example which of the options did you choose etc?



#9
smolderas

smolderas

    InsanelyMac Sage

  • Members
  • PipPipPipPipPip
  • 358 posts
  • Gender:Male

I just tested it. It works as described.

You should choose recovery HD on that drive to be able to boot, which make sense if you think how file vault works.

One minor issue is, I had to replug my usb keyboard to be able to type my password, even though I've booted via legacy clover, as described in recommendation. I'll try the AppleKeyAggregator from Apple Firmware, just for test (I mean who would use closed source programs and want to encrypt the drive with it or better decrypt with that?!).

 

Everything else is perfect. Thanks again to all who contributed...

 

Edit: I've tried the original AppleKeyMapAggregator from Apple firmware, even the AptioInputFix. Nothing changed though, I still have to replug my keyboard :(

 

Edit2: Just had the idea, locking from find my mac should theoretically work, right?



#10
Download-Fritz

Download-Fritz

    ygolohcysp desreveR

  • Developers
  • 777 posts
  • Gender:Not Telling

with legacy Clover, remove the EDK2 UsbKbDxe driver and use mine... also best to use Apple's AppleKeyMapAggregator.

Do not use AmiShim.



#11
smolderas

smolderas

    InsanelyMac Sage

  • Members
  • PipPipPipPipPip
  • 358 posts
  • Gender:Male

with legacy Clover, remove the EDK2 UsbKbDxe driver and use mine... also best to use Apple's AppleKeyMapAggregator.

Do not use AmiShim.

Is there a guide to build your UsbKbDxe?



#12
reyder

reyder

    InsanelyMac Protégé

  • Members
  • Pip
  • 17 posts
  • Gender:Male

I'm using Intel+AMD (black screen during boot) solution for a working sleep. When I enable FV2 Will I have black screen while typing password ?



#13
oswaldini

oswaldini

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 164 posts
  • Gender:Male
  • Location:Cracow, Poland

AptioInputFix work for me. Is there any AptioInputFix without debug mode before Clover menu ?



#14
Download-Fritz

Download-Fritz

    ygolohcysp desreveR

  • Developers
  • 777 posts
  • Gender:Not Telling

Is there a guide to build your UsbKbDxe?

 

afaik it is automatically built with Clover.



#15
Slice

Slice

    InsanelyMac V.I.P.

  • Local Moderators
  • 6,457 posts
  • Gender:Male
  • Location:Moscow

I'm using Intel+AMD (black screen during boot) solution for a working sleep. When I enable FV2 Will I have black screen while typing password ?

Yes, you will have black screen while typing password.

Moreover, there can be one caveat. I initially have two users on the screen and I have to choose one of them by mouse and only then type password.

But you can't use mouse on black screen.

I also using Intel+AMD for working sleep. And I have a monitor with two entry. First entry for Intel, second for AMD with a simple switch between two screens.



#16
D-an-W

D-an-W

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 677 posts

Does Clover now install all the files required in Drivers64UEFI meaning I just have to enable FileVault via System Preferences > Security and Privacy and reboot letting Clover do it's thing?

 

Files currently in Drivers64UEFI:

Attached File  Screen Shot 2016-10-30 at 05.19.07.png   30.47KB   43 downloads



#17
Slice

Slice

    InsanelyMac V.I.P.

  • Local Moderators
  • 6,457 posts
  • Gender:Male
  • Location:Moscow

Does Clover now install all the files required in Drivers64UEFI meaning I just have to enable FileVault via System Preferences > Security and Privacy and reboot letting Clover do it's thing?

 

Files currently in Drivers64UEFI:

attachicon.gifScreen Shot 2016-10-30 at 05.19.07.png

No, UsbKbDxe or other special keyboard driver needed.

FV2 uses own keyboard interface and can't use UEFI BIOS keyboard driver.



#18
D-an-W

D-an-W

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 677 posts

Good morning Slice and thanks, I added this one...

 

Attached File  Screen Shot 2016-10-30 at 05.35.56.png   33.02KB   52 downloads

 

 

If I have a password enabled when logging into Sierra, will I get two password prompts when FileVault is enabled?



#19
Slice

Slice

    InsanelyMac V.I.P.

  • Local Moderators
  • 6,457 posts
  • Gender:Male
  • Location:Moscow

Good morning Slice and thanks, I added this one...

 

attachicon.gifScreen Shot 2016-10-30 at 05.35.56.png

 

 

If I have a password enabled when logging into Sierra, will I get two password prompts when FileVault is enabled?

I think once.



#20
D-an-W

D-an-W

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPip
  • 677 posts
Ok, that didn't go so well. I can't get past the Recovery screen now having let FileVault reboot the computer.

How do I access the Clover GUI if timeout is set to 0 please?





Also tagged with one or more of these keywords: FileVault, FileVault 2

  Topic Stats Last Post Info

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2017 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy