Jump to content

Simple Script For Enabling Legacy FileVault

459below

By 459below,
in OSx86 10.9 (Mavericks)

 Share
1 post in this topic

Recommended Posts

459below
459below
Posted
Posted

Hello,

 

I just wanted to share this little script based on Mac the Knife's post here: http://www.insanelymac.com/forum/topic/270419-how-to-enable-legacy-filevault-on-mac-osx-107-lion/

#!/bin/bash
if [ $UID != 0 ]; then
	echo "Run me as with sudo"
	exit 0
fi
echo "enter a master recovery password:"
read MASTER_PASSWORD
echo "enter username"
read USER_NAME
echo "enter size of sparsebundle (eg. 500g)"
read SIZE

SBUID=$(id -u $USER_NAME)
SBGID=$(id -g $USER_NAME)

security create-filevaultmaster-keychain -p $MASTER_PASSWORD /Library/Keychains/FileVaultMaster.keychain
#"security export" is broken! we need to do this manually
security unlock-keychain -p $MASTER_PASSWORD /Library/Keychains/FileVaultMaster.keychain
while [ ! -f /Library/Keychains/FileVaultMaster.cer ]
do
	read -p "Add /Library/Keychains/FileVaultMaster.keychain in KeyChainAccess.app and export the certificate to /Library/Keychains/FileVaultMaster.cer You will need to export to a user owned folder first. Press ENTER to continue."
done
chown 0:0 /Library/Keychains/FileVaultMaster.cer
chmod 600 /Library/Keychains/FileVaultMaster.cer
chmod 644 /Library/Keychains/FileVaultMaster.keychain

cd /Users/$USER_NAME
echo "Enter your user password."
hdiutil create -size $SIZE -encryption -agentpass -certificate /Library/Keychains/FileVaultMaster.cer -uid $SBUID -gid $SBGID -mode 0700 -fs "HFS+J" -type SPARSEBUNDLE -layout SPUD -volname "$USER_NAME" $USER_NAME.sparsebundle
chown -R $SBUID:$SBGID /Users/$USER_NAME/$USER_NAME.sparsebundle
du -h -d 1 /Users/$USER_NAME
df -h
read -p "Check that you have the size of the homefolder free on the disk. Press enter to continue."
mkdir sbdest
hdiutil attach -owners on -mountpoint sbdest $USER_NAME.sparsebundle
rsync -avxHEP ./ sbdest/ -exclude="$USER_NAME".sparsebundle/ -exclude="sbdest/"
hdiutil detach sbdest
rmdir sbdest
cd /private/var/db/dslocal/nodes/Default/users/
cp -i $USER_NAME.plist $USER_NAME.plist.bak
eval "defaults write /private/var/db/dslocal/nodes/Default/users/$USER_NAME.plist home_loc -array '\"<home_dir><url>file://localhost/Users/$USER_NAME/$USER_NAME.sparsebundle</url></home_dir>\"'"
echo "Remember to delete/move everything in /home/$USER_NAME except /home/$USER_NAME/$USER_NAME.sparsebundle or you will waste space besides keeping a clear text copy of your data on your HD"

I will not explain how to use it or what each command does. Just google it. And of course: Use it at your own risk.

 

Regards,

below

 

Edit:

 

The system claims incorrectly that the FileVault-password and user-password differ after a software update. This message pops up right after boot, but before login. Hitting cancel and logging in afterwards, should fix it.

 Share
Go to topic listing
×
×
  • Create New...