Legacy FileVault on OSX 10.7 Lion

[Mac the Knife]

I have recently installed Lion on a Dell Optiplex 745. After some hacking, everything works including access to the AppStore. Our office actually operates completely off half a dozen Dell Optiplex gx620s running Snow Leopard. This Optiplex 745 is our first foray into Lion.

 

In our world, data encryption is a religious requirement. This means that all our home directories are locked up with FileVault on Snow Leopard, and we use Truecrypt for external drives, thumb drives, etc.

 

We all know that FileVault has undergone a MASSIVE change in Lion. It's moved from being a home directory encryption system, to be a full all Whole Disk Encryption (WDE) system. Of course WDE is pretty much the holly grail of physical data security, and we're very happy that Apple has gone in this direction Sadly however this move has caused us the the Hackintosh Community some issue. While FileVault's new WDE is superior to home directory encryption, the new system is complete incompatible with current technology Hackintoshes.

 

Lion does however support "Legacy FileVault" which operates exactly the same way as it did in Snow Leopard. The one exception being that in Lion you cannot create new "Legacy FileVault" home directory encrypted sparsebundels via the Security and Privacy System Preference. I'm guess that Apple allows these "Legacy FileVault" sparsebundels because Lion was intended to be installed as an "in-place" upgrade to Snow Leopard and there had to be some mechanism in Lion to account for user upgrading who had FileVault turned on.

 

For Hackintosh however, because we almost universally do "clean" installs for the OS rather than upgrading, there is no method to activate "Legacy FileVault" via the GUI after an install.

 

Well...... I spent the better part of a day creating a method by which Lion Hackintosh Users can create NEW users with "Legacy FileVault" sparsebundels. The methodology is sound, and I am very eager to publish my guide. There is however a small and bizarre, issue and I'm looking for some help from the community.

 

The operation of creating New "Legacy FileVault" Users in Lion hinges on having the System's FileVault Certificate and Keychain. These are created when FileVault is activated and stored as two files (FileVaultMaster.cer and FileVaultMaster.keychain) in /Library/Keychains. For Hackintosh Lion this presents a Chicken and Egg Problem, to get the system to generate these files, a user must run the FileVault WDE process, which damages the system. As a work around, I copied these two files from a working Snow Leopard system running FileVault. Using these files I was able to create and use "Legacy FileVault". (once I have this bug worked out I'll publish the step by step on how to do it.)

 

The small and bizarre "bug" is that when I log into my newly created "Legacy FileVault" user, some (not all) of my Applications stop working. I've tracked the issue down to what I feel is a 32bit vs 64bit problem. So far the the applications we identified that are effected are Truecrypt 7.1 and SecureCRT (terminal emulator). Truecrypt crashes on launch unable to load a library, while SecureCRT gives the slashed/circle icon indicating that it cannot run.

 

I want to stress that BOTH of these programs work perfectly on non-"Legacy FileVault" accounts, and they are being run from the same location (the Application folder). So the problem is obviously linked to "Legacy FileVault".

 

I'm thinking that maybe because I used FileVaultMaster.cer from a 32bit Snow Leopard system in signing the sparsebundel to create the Legacy FileVault user that perhaps it's having some adverse effect on the 64 bit lion. But that doesn't really make sense.

 

I am hoping that some kind person that has access to a REAL Mac running FileVault WDE would be willing to send me a copy of his or her FileVaultMaster.cer and FileVaultMaster.keychain files so that I can test if it is the Cet that's causing the problem.

 

There is also the possibility that this is a genuine Apple bug related to "Legacy FileVault", and has nothing to do with my Hackintoshery. Of course the only way to test that would be to have someone with a Real Mac and "Legacy FileVault" running install and test TrueCrypt 7.1.

 

If anyone has any input on this topic, I would be most interested.

[Mac the Knife]

Well I figured this out. It has NOTHING to do with FileVault.

 

We had thought FileVault was the curperate due to these programs working on a new install install of Lion, but stopped working after we implemented our "Legacy File Vault" option.

 

It is most likely a library permission issue, related to users who are NOT the first user on the system.

 

In creating our Legacy File Vaults, we create it on a second user just in case the procedure fails. These second users have the problems I describe above even if FileVault is not active. I'm not sure "why" this is happening just yet.